Update for 2ping, 2ping.17068, 389-ds, 389-ds.13... security important

Security update for apache-commons-httpclient

This update for apache-commons-httpclient fixes the following issues:

- http/conn/ssl/SSLConnectionSocketFactory.java ignores the
http.socket.timeout configuration setting during an SSL handshake,
which allows remote attackers to cause a denial of service (HTTPS
call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262]
- org.apache.http.conn.ssl.AbstractVerifier does not properly
verify that the server hostname matches a domain name in the
subject's Common Name (CN) or subjectAltName field of the X.509
certificate, which allows MITM attackers to spoof SSL servers
via a "CN=" string in a field in the distinguished name (DN)
of a certificate. [bsc#1178171, CVE-2014-3577]

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Fixed bugs
bnc#1178171
VUL-0: CVE-2014-3577: apache-commons-httpclient:MITM security vulnerability
bnc#945190
VUL-0: CVE-2015-5262: apache-commons-httpclient, httpcomponents-core: missing HTTPS connection timeout
Selected Binaries
openSUSE Build Service is sponsored by