jakarta-commons-httpclient (SL5, SL6, SL7)

By Scientific Linux Team on September 8, 2014

Synopsis: Important: jakarta-commons-httpclient security update
Advisory ID: SLSA-2014:1166-1
Issue Date: 2014-09-08
CVE Numbers: CVE-2014-3577

It was discovered that the HTTPClient incorrectly extracted host name from
an X.509 certificate subject’s Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3577)

SL5
x86_64
jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.x86_64.rpm
jakarta-commons-httpclient-demo-3.0-7jpp.4.el5_10.x86_64.rpm
jakarta-commons-httpclient-javadoc-3.0-7jpp.4.el5_10.x86_64.rpm
jakarta-commons-httpclient-manual-3.0-7jpp.4.el5_10.x86_64.rpm
i386
jakarta-commons-httpclient-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-demo-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-javadoc-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-manual-3.0-7jpp.4.el5_10.i386.rpm
SL6
x86_64
jakarta-commons-httpclient-3.1-0.9.el6_5.x86_64.rpm
jakarta-commons-httpclient-debuginfo-3.1-0.9.el6_5.x86_64.rpm
jakarta-commons-httpclient-demo-3.1-0.9.el6_5.x86_64.rpm
jakarta-commons-httpclient-javadoc-3.1-0.9.el6_5.x86_64.rpm
jakarta-commons-httpclient-manual-3.1-0.9.el6_5.x86_64.rpm
i386
jakarta-commons-httpclient-3.1-0.9.el6_5.i686.rpm
jakarta-commons-httpclient-debuginfo-3.1-0.9.el6_5.i686.rpm
jakarta-commons-httpclient-demo-3.1-0.9.el6_5.i686.rpm
jakarta-commons-httpclient-javadoc-3.1-0.9.el6_5.i686.rpm
jakarta-commons-httpclient-manual-3.1-0.9.el6_5.i686.rpm

– Scientific Linux Development Team