Advisories ยป MGASA-2014-0549

Updated axis packages fix CVE-2014-3596

Publication date: 26 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-3596

Description

Updated axis packages fixes security vulnerability:

It was discovered that Axis incorrectly extracted the host name from an
X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate (CVE-2014-3596).
                

References

SRPMS

4/core