You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa async-http-client

Sigurnosni nedostaci programskog paketa async-http-client

——————————————————————————–
Fedora Update Notification
FEDORA-2015-6891
2015-04-26 07:32:17
——————————————————————————–

Name : async-http-client
Product : Fedora 20
Version : 1.7.22
Release : 2.fc20
URL : https://github.com/AsyncHttpClient/async-http-client
Summary : Asynchronous Http Client for Java
Description :
Async Http Client library purpose is to allow Java applications to
easily execute HTTP requests and asynchronously process the HTTP
responses. The Async HTTP Client library is simple to use.

——————————————————————————–
Update Information:

Security fix for CVE-2013-7398, CVE-2013-7397
——————————————————————————–
ChangeLog:

* Fri Apr 24 2015 Michal Srb <msrb@redhat.com> – 1.7.22-2
– Resolves: CVE-2013-7397
– Resolves: CVE-2013-7398
* Wed Dec 4 2013 Mikolaj Izdebski <mizdebsk@redhat.com> – 1.7.22-1
– Update to upstream version 1.7.22
* Fri Oct 18 2013 Michal Srb <msrb@redhat.com> – 1.7.21-1
– Update to upstream version 1.7.21
——————————————————————————–
References:

[ 1 ] Bug #1133773 – CVE-2013-7398 async-http-client: missing hostname verification for SSL certificates
https://bugzilla.redhat.com/show_bug.cgi?id=1133773
[ 2 ] Bug #1133769 – CVE-2013-7397 async-http-client: SSL/TLS certificate verification is disabled under certain conditions
https://bugzilla.redhat.com/show_bug.cgi?id=1133769
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update async-http-client’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa DirectFB

Otkriveni su sigurnosni nedostaci u programskom paketu DirectFB za operacijski sustav Suse. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja...

Close