Advisories » MGASA-2013-0200

Updated axis package fixes security vulnerability

Publication date: 06 Jul 2013
Modification date: 06 Jul 2013
Type: security
Affected Mageia releases : 2
CVE: CVE-2012-5784

Description

Apache Axis did not verify that the server hostname matched the domain name
in the subject's Common Name (CN) or subjectAltName field in X.509
certificates. This could allow a man-in-the-middle attacker to spoof an SSL
server if they had a certificate that was valid for any domain name
(CVE-2012-5784).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=8936
• https://rhn.redhat.com/errata/RHSA-2013-0269.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784

SRPMS

2/core

• axis-1.4-6.1.mga2