Advisories » MGASA-2014-0549

Updated axis packages fix CVE-2014-3596

Publication date: 26 Dec 2014
Modification date: 26 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-3596

Description

Updated axis packages fixes security vulnerability:

It was discovered that Axis incorrectly extracted the host name from an
X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate (CVE-2014-3596).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14103
• https://rhn.redhat.com/errata/RHSA-2014-1193.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3596

SRPMS

4/core

• axis-1.4-24.1.mga4