You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa jakarta-commons-httpclient

Sigurnosni nedostaci programskog paketa jakarta-commons-httpclient

——————————————————————————–
Fedora Update Notification
FEDORA-2014-9539
2014-08-19 05:21:17
——————————————————————————–

Name : jakarta-commons-httpclient
Product : Fedora 19
Version : 3.1
Release : 15.fc19
URL : http://jakarta.apache.org/commons/httpclient/
Summary : Jakarta Commons HTTPClient implements the client side of HTTP standards
Description :
The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant
protocol used on the Internet today. Web services, network-enabled
appliances and the growth of network computing continue to expand the
role of the HTTP protocol beyond user-driven web browsers, and increase
the number of applications that may require HTTP support.
Although the java.net package provides basic support for accessing
resources via HTTP, it doesn’t provide the full flexibility or
functionality needed by many applications. The Jakarta Commons HTTP
Client component seeks to fill this void by providing an efficient,
up-to-date, and feature-rich package implementing the client side of the
most recent HTTP standards and recommendations.
Designed for extension while providing robust support for the base HTTP
protocol, the HTTP Client component may be of interest to anyone
building HTTP-aware client applications such as web browsers, web
service clients, or systems that leverage or extend the HTTP protocol
for distributed communication.

——————————————————————————–
Update Information:

Security fix for CVE-2014-3577, CVE-2012-6153
——————————————————————————–
ChangeLog:

* Mon Aug 18 2014 Michal Srb <msrb@redhat.com> – 1:3.1-15
– Fix MITM security vulnerability
– Resolves: CVE-2014-3577
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1:3.1-14
– Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
——————————————————————————–
References:

[ 1 ] Bug #1129074 – CVE-2014-3577 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
https://bugzilla.redhat.com/show_bug.cgi?id=1129074
[ 2 ] Bug #1129916 – CVE-2012-6153 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-5783 fix
https://bugzilla.redhat.com/show_bug.cgi?id=1129916
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update jakarta-commons-httpclient’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-9581
2014-08-19 05:23:07
——————————————————————————–

Name : jakarta-commons-httpclient
Product : Fedora 20
Version : 3.1
Release : 15.fc20
URL : http://jakarta.apache.org/commons/httpclient/
Summary : Jakarta Commons HTTPClient implements the client side of HTTP standards
Description :
The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant
protocol used on the Internet today. Web services, network-enabled
appliances and the growth of network computing continue to expand the
role of the HTTP protocol beyond user-driven web browsers, and increase
the number of applications that may require HTTP support.
Although the java.net package provides basic support for accessing
resources via HTTP, it doesn’t provide the full flexibility or
functionality needed by many applications. The Jakarta Commons HTTP
Client component seeks to fill this void by providing an efficient,
up-to-date, and feature-rich package implementing the client side of the
most recent HTTP standards and recommendations.
Designed for extension while providing robust support for the base HTTP
protocol, the HTTP Client component may be of interest to anyone
building HTTP-aware client applications such as web browsers, web
service clients, or systems that leverage or extend the HTTP protocol
for distributed communication.

——————————————————————————–
Update Information:

Security fix for CVE-2014-3577, CVE-2012-6153
——————————————————————————–
ChangeLog:

* Mon Aug 18 2014 Michal Srb <msrb@redhat.com> – 1:3.1-15
– Fix MITM security vulnerability
– Resolves: CVE-2014-3577
——————————————————————————–
References:

[ 1 ] Bug #1129074 – CVE-2014-3577 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
https://bugzilla.redhat.com/show_bug.cgi?id=1129074
[ 2 ] Bug #1129916 – CVE-2012-6153 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-5783 fix
https://bugzilla.redhat.com/show_bug.cgi?id=1129916
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update jakarta-commons-httpclient’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa mediawiki

Otkriveni su sigurnosni nedostaci u programskom paketu mediawiki za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje CSRF napada,...

Close