RedHat has issued an advisory on September 15: https://rhn.redhat.com/errata/RHSA-2014-1193.html Mageia 3 and Mageia 4 are also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
Dropped from cauldron.
Whiteboard: MGA4TOO, MGA3TOO => (none)Version: Cauldron => 4CC: (none) => mageia
Probably on its way back to Cauldron, but I added the upstream patch in Mageia 4 and Cauldron SVN (replacing the CVE-2012-5784 patch that it supercedes). Fedora has yet to address this.
Patched package uploaded for Mageia 4. Verifying that the updated packages install cleanly is sufficient for testing this update. Advisory: ======================== Updated axis packages fixes security vulnerability: It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate (CVE-2014-3596). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3596 https://rhn.redhat.com/errata/RHSA-2014-1193.html ======================== Updated package in core/updates_testing: ======================== axis-1.4-24.1.mga4 axis-javadoc-1.4-24.1.mga4 axis-manual-1.4-24.1.mga4 from axis-1.4-24.1.mga4.src.rpm
Assignee: dmorganec => qa-bugs
Testing on Mageia4x32 real hardware. First installed current packages : axis-1.4-24.mga4 axis-javadoc-1.4-24.mga4 axis-manual-1.4-24.mga4 Then updated testing packages : axis-1.4-24.1.mga4 axis-javadoc-1.4-24.1.mga4 axis-manual-1.4-24.1.mga4 No problem detected through installation.
CC: (none) => olchalWhiteboard: (none) => MGA4-32-OK
MGA4-64 on HP Probook 6555b No installation problems.
CC: (none) => herman.viaeneWhiteboard: MGA4-32-OK => MGA4-32-OK MGA4-64-OK
Validating. Advisory uploaded. Please push to updates Thanks
Whiteboard: MGA4-32-OK MGA4-64-OK => advisory MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0549.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED