Bug 3552 - [UPDATE REQUEST] [UPSTREAM UPDATE] axis
: [UPDATE REQUEST] [UPSTREAM UPDATE] axis
Status: RESOLVED INVALID
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-10 13:32 MSK by Andrew Lukoshko
Modified: 2014-01-21 19:04 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
alexander.petryakov: qa_verified-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2014-01-10 13:32:59 MSK
Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5784)

https://rhn.redhat.com/errata/RHSA-2013-0269.html

https://abf.rosalinux.ru/build_lists/1513270
https://abf.rosalinux.ru/build_lists/1513271
Comment 1 Alexander Petryakov 2014-01-11 19:13:55 MSK
The Base repository is contain axis-1.2.1-7.3.res6.noarch.rpm,
please, rebuild the package with new build number.