Advisories » MGASA-2015-0392

Updated jakarta-commons-httpclient and httpcomponents-client packages fixes security vulnerability

Publication date: 09 Oct 2015
Modification date: 09 Oct 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5262

Description

The Apache httpclient library had a bug where the socket timeout was
ignored during the SSL handshake, causing threads in an application to
hang (CVE-2015-5262).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16870
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5262
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5262

SRPMS

5/core

• jakarta-commons-httpclient-3.1-15.1.mga5
• httpcomponents-client-4.3.6-1.mga5