RedHat has issued an advisory on September 15:
Mageia 3 and Mageia 4 are also affected.
Steps to Reproduce:
Dropped from cauldron.
MGA4TOO, MGA3TOO =>
Probably on its way back to Cauldron, but I added the upstream patch in Mageia 4 and Cauldron SVN (replacing the CVE-2012-5784 patch that it supercedes). Fedora has yet to address this.
Patched package uploaded for Mageia 4.
Verifying that the updated packages install cleanly is sufficient for testing this update.
Updated axis packages fixes security vulnerability:
It was discovered that Axis incorrectly extracted the host name from an
X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate (CVE-2014-3596).
Updated package in core/updates_testing:
Testing on Mageia4x32 real hardware.
First installed current packages :
Then updated testing packages :
No problem detected through installation.
MGA4-64 on HP Probook 6555b
No installation problems.
Validating. Advisory uploaded.
Please push to updates
MGA4-32-OK MGA4-64-OK =>
advisory MGA4-32-OK MGA4-64-OKCC:
An update for this issue has been pushed to Mageia Updates repository.