-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-1194 2013-01-23 00:29:59 --------------------------------------------------------------------------------
Name : axis Product : Fedora 17 Version : 1.4 Release : 19.fc17 URL : http://ws.apache.org/axis/ Summary : SOAP implementation in Java Description : Apache AXIS is an implementation of the SOAP ("Simple Object Access Protocol") submission to W3C. From the draft W3C specification: SOAP is a lightweight protocol for exchange of information in a decentralized, distributed environment. It is an XML based protocol that consists of three parts: an envelope that defines a framework for describing what is in a message and how to process it, a set of encoding rules for expressing instances of application-defined datatypes, and a convention for representing remote procedure calls and responses. This project is a follow-on to the Apache SOAP project. -------------------------------------------------------------------------------- Update Information: This update fixes a security vulnerability that caused axis not to verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via andaarbitrary valid certificate (CVE-2012-5784). -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 21 2013 Mikolaj Izdebski <[email protected]> - 0:1.4-19 - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5784 * Tue Jul 31 2012 Andy Grimm <[email protected]> - 0:1.4-18 - replace POMs with newer upstream versions using org.apache.axis gid * Wed Jul 18 2012 Fedora Release Engineering <[email protected]> - 0:1.4-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Tue Jun 26 2012 Gerard Ryan <[email protected]> 0:1.4-16 - Remove problematic comma from axis.jar manifest * Sat Jun 23 2012 Gerard Ryan <[email protected]> 0:1.4-15 - Fix existing OSGI manifests and add manifest to axis-ant. * Fri May 11 2012 Marek Goldmann <[email protected]> 0:1.4-14 - Changed dependency from axis-wsdl4j to wsdl4j * Mon Apr 30 2012 Alexander Kurtakov <[email protected]> 0:1.4-13 - Revert RHEL conditionals - we are not getting complete build with them. * Mon Apr 30 2012 Alexander Kurtakov <[email protected]> 0:1.4-12 - Conditionalize xmlbeans/xml-security for RHEL. -------------------------------------------------------------------------------- References: [ 1 ] Bug #873252 - CVE-2012-5784 axis: Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate https://bugzilla.redhat.com/show_bug.cgi?id=873252 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update axis' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
