You are here
Home > Preporuke > Ranjivost programskog paketa opensaml-java

Ranjivost programskog paketa opensaml-java

  • Detalji os-a: FED
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2015-10175
2015-06-20 13:33:40
——————————————————————————–

Name : opensaml-java
Product : Fedora 21
Version : 2.5.3
Release : 9.fc21
URL : http://www.opensaml.org/
Summary : Java OpenSAML library
Description :
OpenSAML is a set of open source C++ & Java libraries meant to support
developers working with the Security Assertion Markup Language (SAML).
OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0.

——————————————————————————–
Update Information:

* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
——————————————————————————–
ChangeLog:

* Tue Jun 16 2015 Marek Goldmann <mgoldman@redhat.com> – 2.5.3-9
– Use mvn name for tomcat BR
* Fri May 8 2015 Marek Goldmann <mgoldman@redhat.com> – 2.5.3-8
– RHBZ#1132022, HTTPS Connections Via HTTP Resources Do Not Perform Hostname
Verification
——————————————————————————–
References:

[ 1 ] Bug #1131823 – CVE-2014-3603 OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
https://bugzilla.redhat.com/show_bug.cgi?id=1131823
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update opensaml-java’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-10175
2015-06-20 13:33:40
——————————————————————————–

Name : opensaml-java-openws
Product : Fedora 21
Version : 1.5.5
Release : 2.fc21
URL : http://www.opensaml.org/
Summary : Java OpenWS library
Description :
The OpenWS library provides a growing set of tools to work with web services at
a low level. These tools include classes for creating and reading SOAP
messages, transport-independent clients for connecting to web services,
and various transports for use with those clients.

——————————————————————————–
Update Information:

* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
——————————————————————————–
ChangeLog:

* Tue Jun 16 2015 Marek Goldmann <mgoldman@redhat.com> – 1.5.5-2
– Use mvn BR for tomcat API
* Fri May 8 2015 Marek Goldmann <mgoldman@redhat.com> – 1.5.5-1
– Upstream release 1.5.5
——————————————————————————–
References:

[ 1 ] Bug #1131823 – CVE-2014-3603 OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
https://bugzilla.redhat.com/show_bug.cgi?id=1131823
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update opensaml-java-openws’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-10235
2015-06-20 13:37:02
——————————————————————————–

Name : opensaml-java-openws
Product : Fedora 22
Version : 1.5.5
Release : 2.fc22
URL : http://www.opensaml.org/
Summary : Java OpenWS library
Description :
The OpenWS library provides a growing set of tools to work with web services at
a low level. These tools include classes for creating and reading SOAP
messages, transport-independent clients for connecting to web services,
and various transports for use with those clients.

——————————————————————————–
Update Information:

* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
——————————————————————————–
ChangeLog:

* Tue Jun 16 2015 Marek Goldmann <mgoldman@redhat.com> – 1.5.5-2
– Use mvn BR for tomcat API
* Fri May 8 2015 Marek Goldmann <mgoldman@redhat.com> – 1.5.5-1
– Upstream release 1.5.5
——————————————————————————–
References:

[ 1 ] Bug #1131823 – CVE-2014-3603 OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
https://bugzilla.redhat.com/show_bug.cgi?id=1131823
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update opensaml-java-openws’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-10235
2015-06-20 13:37:02
——————————————————————————–

Name : opensaml-java
Product : Fedora 22
Version : 2.5.3
Release : 9.fc22
URL : http://www.opensaml.org/
Summary : Java OpenSAML library
Description :
OpenSAML is a set of open source C++ & Java libraries meant to support
developers working with the Security Assertion Markup Language (SAML).
OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0.

——————————————————————————–
Update Information:

* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
——————————————————————————–
ChangeLog:

* Tue Jun 16 2015 Marek Goldmann <mgoldman@redhat.com> – 2.5.3-9
– Use mvn name for tomcat BR
* Fri May 8 2015 Marek Goldmann <mgoldman@redhat.com> – 2.5.3-8
– RHBZ#1132022, HTTPS Connections Via HTTP Resources Do Not Perform Hostname
Verification
——————————————————————————–
References:

[ 1 ] Bug #1131823 – CVE-2014-3603 OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
https://bugzilla.redhat.com/show_bug.cgi?id=1131823
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update opensaml-java’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorTomislav Protega
Cert idNCERT-REF-2015-08-0008-ADV
CveCVE-2014-3603
ID izvornikaFEDORA-2015-10175 FEDORA-2015-10235
Proizvodopensaml-java
Izvorhttp://www.redhat.com
Top
More in Preporuke
Kritična ranjivost programskog paketa firefox

Otkrivena je kritična ranjivost u web pregledniku Firefox za RHEL 5, 6 i 7. Ranjivost se nalazila unutar ugrađenog PDF...

Close