Bug 1129074 – CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1129074 - (CVE-2014-3577) CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

Summary:	CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verific...

Status:	NEW

Aliases:	CVE-2014-3577

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=important,public=20140818,repo...
Keywords:	Security

Depends On:	1138482 1129117 1129118 1129119 1129120 1129121 1129122 1129123 1129124 1129125 1129126 1129127 1129128 1129129 1129130 1129131 1129132 1129133 1129134 1129135 1129136 1129137 1129138 1129139 1129140 1129141 1129142 1129143 1129144 1129145 1129146 1129147 1129148 1129149 1129150 1129151 1129152 1129154 1129155 1129156 1129157 1129158 1129159 1129160 1129161 1129162 1129163 1129164 1129165 1129166 1129167 1129168 1129169 1129170 1129172 1129173 1129174 1129175 1129176 1129177 1129178 1129179 1129180 1129182 1129183 1129185 1129186 1129187 1129188 1129209 1129626 1130941 1130942 1131288 1134720 1134722 1143782 1143783 1143784 1143833 1155308 1155309 1155310 1155311 1155312 1155313 1155314 1155315 1155316 1155317 1155318 1155319 1155320 1155321 1155322 1155323 1155324 1155325 1155326 1156068 1156076 1156077 1156078 1156079 1156080 1160700 1160701 1161455 1168613 1537778
Blocks:	1128968 1129378 1129383 1130924 1130962 1131741 1134386 1139455 1151585 1155883 1155884 1159092 1181883 1182400 1182419 1183452 1187398 1200191 1210482 1232965 1244362 1244363 1320308
	Show dependency tree / graph

Reported:	2014-08-12 04:21 EDT by Arun Babu Neelicattu
Modified:	2018-08-18 07:28 EDT (History)
CC List:	110 users (show)

See Also:	CVE-2012-6153
Fixed In Version:	httpcomponents-client 4.3.5
Doc Type:	Bug Fix
Doc Text:	It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	1165533	None	None	None	Never
Red Hat Product Errata	RHSA-2014:1082	normal	SHIPPED_LIVE	Important: thermostat1-httpcomponents-client security update	2014-08-25 16:43:28 EDT
Red Hat Product Errata	RHSA-2014:1146	normal	SHIPPED_LIVE	Important: httpcomponents-client security update	2014-09-03 18:15:04 EDT
Red Hat Product Errata	RHSA-2014:1162	normal	SHIPPED_LIVE	Important: Red Hat JBoss Enterprise Application Platform 6.3.0 security update	2014-09-04 16:26:13 EDT
Red Hat Product Errata	RHSA-2014:1163	normal	SHIPPED_LIVE	Important: Red Hat JBoss Enterprise Application Platform 6.3.0 security update	2014-09-04 17:16:45 EDT
Red Hat Product Errata	RHSA-2014:1166	normal	SHIPPED_LIVE	Important: jakarta-commons-httpclient security update	2014-09-08 19:37:54 EDT
Red Hat Product Errata	RHSA-2014:1320	normal	SHIPPED_LIVE	Important: Red Hat JBoss Enterprise Web Platform 5.2.0 security update	2014-09-29 20:11:40 EDT
Red Hat Product Errata	RHSA-2014:1321	normal	SHIPPED_LIVE	Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update	2014-09-29 20:22:16 EDT
Red Hat Product Errata	RHSA-2014:1322	normal	SHIPPED_LIVE	Important: Red Hat JBoss Enterprise Web Platform 5.2.0 security update	2014-09-29 20:11:35 EDT
Red Hat Product Errata	RHSA-2014:1323	normal	SHIPPED_LIVE	Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update	2014-09-29 20:22:10 EDT
Red Hat Product Errata	RHSA-2014:1833	normal	SHIPPED_LIVE	Important: Red Hat JBoss Enterprise Web Platform 5.2.0 security update	2014-11-10 19:26:12 EST
Red Hat Product Errata	RHSA-2014:1834	normal	SHIPPED_LIVE	Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update	2014-11-10 19:25:56 EST
Red Hat Product Errata	RHSA-2014:1835	normal	SHIPPED_LIVE	Important: Red Hat JBoss Enterprise Web Platform 5.2.0 security update	2014-11-10 19:25:52 EST
Red Hat Product Errata	RHSA-2014:1836	normal	SHIPPED_LIVE	Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update	2014-11-10 19:25:46 EST
Red Hat Product Errata	RHSA-2014:1891	normal	SHIPPED_LIVE	Important: Red Hat JBoss BRMS 6.0.3 security update	2014-11-24 20:46:15 EST
Red Hat Product Errata	RHSA-2014:1892	normal	SHIPPED_LIVE	Important: Red Hat JBoss BPM Suite 6.0.3 update	2014-11-24 20:46:11 EST
Red Hat Product Errata	RHSA-2014:1904	normal	SHIPPED_LIVE	Important: Red Hat JBoss Operations Network 3.3.0 update	2014-11-25 16:48:32 EST
Red Hat Product Errata	RHSA-2014:2019	normal	SHIPPED_LIVE	Important: Red Hat JBoss Enterprise Application Platform 6.3.2 security update	2014-12-18 17:58:44 EST
Red Hat Product Errata	RHSA-2014:2020	normal	SHIPPED_LIVE	Important: Red Hat JBoss Enterprise Application Platform 6.3.2 security update	2014-12-18 17:48:10 EST
Red Hat Product Errata	RHSA-2015:0125	normal	SHIPPED_LIVE	Important: Red Hat JBoss Web Framework Kit 2.7.0 update	2015-02-04 17:41:57 EST
Red Hat Product Errata	RHSA-2015:0158	normal	SHIPPED_LIVE	Important: Red Hat Enterprise Virtualization Manager 3.5.0	2015-02-11 17:38:50 EST
Red Hat Product Errata	RHSA-2015:0234	normal	SHIPPED_LIVE	Important: Red Hat JBoss BPM Suite 6.0.3 security update	2015-02-17 22:27:47 EST
Red Hat Product Errata	RHSA-2015:0235	normal	SHIPPED_LIVE	Important: Red Hat JBoss BRMS 6.0.3 security update	2015-02-17 22:27:36 EST
Red Hat Product Errata	RHSA-2015:0675	normal	SHIPPED_LIVE	Important: Red Hat JBoss Data Virtualization 6.1.0 update	2015-03-11 16:51:21 EDT
Red Hat Product Errata	RHSA-2015:0720	normal	SHIPPED_LIVE	Important: Red Hat JBoss Fuse Service Works 6.0.0 security update	2015-03-24 21:05:53 EDT
Red Hat Product Errata	RHSA-2015:0765	normal	SHIPPED_LIVE	Important: Red Hat JBoss Data Virtualization 6.0.0 security update	2015-03-31 17:00:43 EDT
Red Hat Product Errata	RHSA-2015:0850	normal	SHIPPED_LIVE	Important: Red Hat JBoss BRMS 6.1.0 update	2015-04-16 16:02:45 EDT
Red Hat Product Errata	RHSA-2015:0851	normal	SHIPPED_LIVE	Important: Red Hat JBoss BPM Suite 6.1.0 update	2015-04-16 16:02:37 EDT
Red Hat Product Errata	RHSA-2015:1009	normal	SHIPPED_LIVE	Important: Red Hat JBoss Portal 6.2.0 update	2015-05-14 15:14:47 EDT
Red Hat Product Errata	RHSA-2015:1176	normal	SHIPPED_LIVE	Important: Red Hat JBoss Fuse 6.2.0 update	2015-06-23 16:52:52 EDT
Red Hat Product Errata	RHSA-2015:1177	normal	SHIPPED_LIVE	Important: Red Hat JBoss A-MQ 6.2.0 update	2015-06-23 16:52:10 EDT
Red Hat Product Errata	RHSA-2015:1888	normal	SHIPPED_LIVE	Important: Red Hat JBoss SOA Platform 5.3.1 security update	2015-10-12 15:27:33 EDT
Red Hat Product Errata	RHSA-2016:1773	normal	SHIPPED_LIVE	Important: Red Hat OpenShift Enterprise 2.2.10 security, bug fix, and enhancement update	2016-08-24 19:41:18 EDT
Red Hat Product Errata	RHSA-2016:1931	normal	SHIPPED_LIVE	Important: Red Hat JBoss Fuse/A-MQ 6.2.1 security and bug fix update	2016-09-23 20:34:44 EDT

Groups: None (edit)

Description Arun Babu Neelicattu 2014-08-12 04:21:09 EDT

It was found that the fix for CVE-2012-6153 was incomplete. The code added to check that the server hostname matches  the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can spoof a valid certificate using a specially crafted subject.

Comment 1 Arun Babu Neelicattu 2014-08-12 05:16:20 EDT

Statement:

Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/solutions/1165533

This issue affects the versions of HttpComponents Client as shipped with Red Hat JBoss Data Grid 6 and Red Hat JBoss Data Virtualization 6; and ModeShape Client as shipped with Red Hat JBoss Data Virtualization 6. However, this flaw is not known to be exploitable under any supported scenario in Red Hat JBoss Data Grid 6 and JBoss Data Virtualization 6. A future update may address this issue.

Red Hat JBoss Enterprise Application Platform 4,  Red Hat JBoss SOA Platform 4, and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/

Fuse ESB 4, Fuse Message Broker 5.2, 5.3, 5.4 and Fuse Services Framework 2.3, 2.4 are now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/

Comment 4 Arun Babu Neelicattu 2014-08-12 06:18:49 EDT

Upstream Commits:

HttpClient/trunk
http://svn.apache.org/viewvc?view=revision&revision=1614065
http://svn.apache.org/viewvc?view=revision&revision=1614270

HttpClient/4.3.x Branch
http://svn.apache.org/viewvc?view=revision&revision=1614064
http://svn.apache.org/viewvc?view=revision&revision=1614271

HttpAsyncClient/4.0.x Branch
http://svn.apache.org/viewvc?view=revision&revision=1615302

Comment 12 Arun Babu Neelicattu 2014-08-14 03:31:12 EDT

Note that upstream identifies HttpAsyncClient as being vulnerable to this issue. However, do note that the HttpAsyncClient artifacts themselves are only affected via a transient dependency on a vulnerable version of HttpClient (older than 4.3.5).

Comment 13 Arun Babu Neelicattu 2014-08-14 03:49:35 EDT

This issue was introduced upstream via [1]. However, note that all versions prior to 4.2.3 is vulnerable to CVE-2012-6153.

[1] http://svn.apache.org/viewvc?view=revision&revision=1411705

Comment 14 Arun Babu Neelicattu 2014-08-14 03:50:05 EDT

Affects:

org.apache.httpcomponents:httpclient >= 4.2.3, <= 4.3.4

Comment 15 Arun Babu Neelicattu 2014-08-18 05:05:12 EDT

Upstream Advisory:

http://mail-archives.apache.org/mod_mbox/www-announce/201408.mbox/CVE-2014-3577

Comment 16 Arun Babu Neelicattu 2014-08-18 05:08:18 EDT

Created httpcomponents-client tracking bugs for this issue:

Affects: fedora-all [bug 1130942]

Comment 17 Arun Babu Neelicattu 2014-08-18 05:08:29 EDT

Created jakarta-commons-httpclient tracking bugs for this issue:

Affects: fedora-all [bug 1130941]

Comment 21 Martin Prpič 2014-08-20 04:14:18 EDT

IssueDescription:

It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

Comment 22 errata-xmlrpc 2014-08-20 06:41:41 EDT

This issue has been addressed in following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS

Via RHSA-2014:1082 https://rhn.redhat.com/errata/RHSA-2014-1082.html

Comment 23 Tomas Hoger 2014-08-25 11:13:29 EDT

The original issue CVE-2012-6153 is tracked via bug 1129916.  It also is an incomplete fix CVE for CVE-2012-5783 (bug 873317).

In addition to the problem corrected in the fixed that got CVE-2012-6153 assigned (see bug 1129916 comment 20), the additional problem was found with the code that was used to extract Common Name (CN) from an X.509 certificate subject.  Use of comma used as part of the subject attribute value could confuse tokenizer to split subject and attempt to match "CN=" string in the middle of some other attribute value.  Upstream advisory (linked in comment 15 above) uses the following example:

  O="foo,CN=www.apache.org"

www.apache.org was incorrectly extracted as valid CN from such subject.

Comment 25 Fedora Update System 2014-08-26 21:28:51 EDT

jakarta-commons-httpclient-3.1-15.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 26 Fedora Update System 2014-08-26 21:31:37 EDT

jakarta-commons-httpclient-3.1-15.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 28 Fedora Update System 2014-08-29 23:57:33 EDT

httpcomponents-client-4.2.5-4.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 29 Fedora Update System 2014-08-29 23:58:29 EDT

httpcomponents-client-4.2.5-4.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 30 errata-xmlrpc 2014-09-03 14:15:15 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:1146 https://rhn.redhat.com/errata/RHSA-2014-1146.html

Comment 31 errata-xmlrpc 2014-09-04 12:26:24 EDT

This issue has been addressed in following products:

  JBEAP 6.3.z for RHEL 5
  JBEAP 6.3.z for RHEL 6
  JBEAP 6.3.z for RHEL 7

Via RHSA-2014:1162 https://rhn.redhat.com/errata/RHSA-2014-1162.html

Comment 32 errata-xmlrpc 2014-09-04 13:16:51 EDT

This issue has been addressed in following products:

  JBoss Enterprise Application Platform 6.3.0

Via RHSA-2014:1163 https://rhn.redhat.com/errata/RHSA-2014-1163.html

Comment 34 errata-xmlrpc 2014-09-08 15:38:12 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 5

Via RHSA-2014:1166 https://rhn.redhat.com/errata/RHSA-2014-1166.html

Comment 36 errata-xmlrpc 2014-09-29 16:12:07 EDT

This issue has been addressed in the following products:

  JBoss Enterprise Web Platform 5.2.0

Via RHSA-2014:1322 https://rhn.redhat.com/errata/RHSA-2014-1322.html

Comment 37 errata-xmlrpc 2014-09-29 16:13:01 EDT

This issue has been addressed in the following products:

  JBEWP 5 for RHEL 5
  JBEWP 5 for RHEL 6
  JBEWP 5 for RHEL 4

Via RHSA-2014:1320 https://rhn.redhat.com/errata/RHSA-2014-1320.html

Comment 38 errata-xmlrpc 2014-09-29 16:22:30 EDT

This issue has been addressed in the following products:

  JBoss Enterprise Application Platform 5.2.0

Via RHSA-2014:1323 https://rhn.redhat.com/errata/RHSA-2014-1323.html

Comment 39 errata-xmlrpc 2014-09-29 16:22:49 EDT

This issue has been addressed in the following products:

  JBEAP 5 for RHEL 5
  JBEAP 5 for RHEL 4
  JBEAP 5 for RHEL 6

Via RHSA-2014:1321 https://rhn.redhat.com/errata/RHSA-2014-1321.html

Comment 42 Pavel Polischouk 2014-10-24 10:52:32 EDT

CXF upstream commits:

master: https://github.com/apache/cxf/commit/68cd67b1187edfca957f15a00eab9a14cd140672
3.0.x: https://github.com/apache/cxf/commit/35f28c58db0247f841afa74b86a94a84923f3328
2.7.x: https://github.com/apache/cxf/commit/e227a1a9ee536a33c550683405a766bf5e906873

Comment 44 errata-xmlrpc 2014-11-10 14:26:20 EST

This issue has been addressed in the following products:

  JBoss Enterprise Application Platform 5.2.0

Via RHSA-2014:1836 https://rhn.redhat.com/errata/RHSA-2014-1836.html

Comment 45 errata-xmlrpc 2014-11-10 14:26:58 EST

This issue has been addressed in the following products:

  JBoss Enterprise Web Platform 5.2.0

Via RHSA-2014:1835 https://rhn.redhat.com/errata/RHSA-2014-1835.html

Comment 46 errata-xmlrpc 2014-11-10 14:27:43 EST

This issue has been addressed in the following products:

  JBEAP 5 for RHEL 6
  JBEAP 5 for RHEL 5
  JBEAP 5 for RHEL 4

Via RHSA-2014:1834 https://rhn.redhat.com/errata/RHSA-2014-1834.html

Comment 47 errata-xmlrpc 2014-11-10 14:28:00 EST

This issue has been addressed in the following products:

  JBEWP 5 for RHEL 6
  JBEWP 5 for RHEL 5
  JBEWP 5 for RHEL 4

Via RHSA-2014:1833 https://rhn.redhat.com/errata/RHSA-2014-1833.html

Comment 50 errata-xmlrpc 2014-11-24 15:46:21 EST

This issue has been addressed in the following products:

  JBoss BPM Suite 6.0.3

Via RHSA-2014:1892 https://rhn.redhat.com/errata/RHSA-2014-1892.html

Comment 51 errata-xmlrpc 2014-11-24 15:47:29 EST

This issue has been addressed in the following products:

  JBoss BRMS 6.0.3

Via RHSA-2014:1891 https://rhn.redhat.com/errata/RHSA-2014-1891.html

Comment 52 errata-xmlrpc 2014-11-25 11:49:16 EST

This issue has been addressed in the following products:

  JBoss Operations Network 3.3.0

Via RHSA-2014:1904 https://rhn.redhat.com/errata/RHSA-2014-1904.html

Comment 53 errata-xmlrpc 2014-12-18 12:48:18 EST

This issue has been addressed in the following products:

  JBoss Enterprise Application Platform 6.3.2

Via RHSA-2014:2020 https://rhn.redhat.com/errata/RHSA-2014-2020.html

Comment 54 errata-xmlrpc 2014-12-18 12:59:34 EST

This issue has been addressed in the following products:

  JBEAP 6.3.z for RHEL 6
  JBEAP 6.3.z for RHEL 5
  JBEAP 6.3.z for RHEL 7

Via RHSA-2014:2019 https://rhn.redhat.com/errata/RHSA-2014-2019.html

Comment 55 errata-xmlrpc 2015-02-04 12:42:36 EST

This issue has been addressed in the following products:

  JBoss Web Framework Kit 2.7.0

Via RHSA-2015:0125 https://rhn.redhat.com/errata/RHSA-2015-0125.html

Comment 56 errata-xmlrpc 2015-02-11 13:07:21 EST

This issue has been addressed in the following products:

  RHEV Manager version 3.5

Via RHSA-2015:0158 https://rhn.redhat.com/errata/RHSA-2015-0158.html

Comment 58 errata-xmlrpc 2015-02-17 17:30:01 EST

This issue has been addressed in the following products:

  Red Hat JBoss BRMS 6.0.3

Via RHSA-2015:0235 https://rhn.redhat.com/errata/RHSA-2015-0235.html

Comment 59 errata-xmlrpc 2015-02-17 17:34:25 EST

This issue has been addressed in the following products:

  Red Hat JBoss BPM Suite 6.0.3

Via RHSA-2015:0234 https://rhn.redhat.com/errata/RHSA-2015-0234.html

Comment 61 errata-xmlrpc 2015-03-11 12:54:18 EDT

This issue has been addressed in the following products:

JBoss Data Virtualization 6.1.0

Via RHSA-2015:0675 https://rhn.redhat.com/errata/RHSA-2015-0675.html

Comment 62 errata-xmlrpc 2015-03-24 17:07:28 EDT

This issue has been addressed in the following products:

  Red Hat JBoss Fuse Service Works 6.0.0

Via RHSA-2015:0720 https://rhn.redhat.com/errata/RHSA-2015-0720.html

Comment 63 errata-xmlrpc 2015-03-31 13:02:09 EDT

This issue has been addressed in the following products:

  Red Hat JBoss Data Virtualization 6.0.0

Via RHSA-2015:0765 https://rhn.redhat.com/errata/RHSA-2015-0765.html

Comment 67 errata-xmlrpc 2015-04-16 12:05:40 EDT

This issue has been addressed in the following products:

  JBoss BPM Suite 6.1.0

Via RHSA-2015:0851 https://rhn.redhat.com/errata/RHSA-2015-0851.html

Comment 68 errata-xmlrpc 2015-04-16 12:09:48 EDT

This issue has been addressed in the following products:

  JBoss BRMS 6.1.0

Via RHSA-2015:0850 https://rhn.redhat.com/errata/RHSA-2015-0850.html

Comment 69 errata-xmlrpc 2015-05-14 11:22:22 EDT

This issue has been addressed in the following products:

  JBoss Portal 6.2.0

Via RHSA-2015:1009 https://rhn.redhat.com/errata/RHSA-2015-1009.html

Comment 70 errata-xmlrpc 2015-06-23 12:52:16 EDT

This issue has been addressed in the following products:

  Red Hat JBoss A-MQ 6.2.0

Via RHSA-2015:1177 https://rhn.redhat.com/errata/RHSA-2015-1177.html

Comment 71 errata-xmlrpc 2015-06-23 12:53:13 EDT

This issue has been addressed in the following products:

  Red Hat JBoss Fuse 6.2.0

Via RHSA-2015:1176 https://rhn.redhat.com/errata/RHSA-2015-1176.html

Comment 73 errata-xmlrpc 2015-10-12 11:28:51 EDT

This issue has been addressed in the following products:

Red Hat JBoss SOA Platform 5.3.1

Via RHSA-2015:1888 https://rhn.redhat.com/errata/RHSA-2015-1888.html

Comment 75 errata-xmlrpc 2016-08-24 15:41:47 EDT

This issue has been addressed in the following products:

  Red Hat OpenShift Enterprise 2.2

Via RHSA-2016:1773 https://rhn.redhat.com/errata/RHSA-2016-1773.html

Comment 77 errata-xmlrpc 2016-09-23 16:35:55 EDT

This issue has been addressed in the following products:

  Red Hat JBoss Fuse and A-MQ 6.2.1 Rollup Patch 4,

Via RHSA-2016:1931 https://rhn.redhat.com/errata/RHSA-2016-1931.html

Note You need to log in before you can comment on or make changes to this bug.

acathrow
aileenc
alazarot
aneelica
asantos
asoldano
bbaranow
bdawidow
bgollahe
bkearney
bleanhar
bmcclain
brms-jira
ccoleman
cdewolf
chazlett
chrisw
cpelland
cperry
dandread
darran.lofthouse
david
dblechte
djorm
dmcphers
drieden
epp-bugs
etirelli
fnasser
gklein
grocha
gvarsami
huwang
idith
jason.greene
java-maint
java-sig-commits
jawilson
jbpapp-maint
jclere
jcoleman
jdg-bugs
jdoyle
jerboaa
jialiu
jkeck
jokerman
jolee
jorton
jpallich
jrusnack
kanderso
katello-bugs
kconner
kejohnso
krzysztof.daniel
ldimaggi
lgao
lkocman
lmeyer
lpetrovi
lsurette
mbaluch
michal.skrivanek
mizdebsk
mjc
mmaslano
mmccomas
mmccune
msrb
mweiler
mwinkler
myarboro
nlevinki
nwallace
ohudlick
pcheung
pgier
pslavice
qe-baseos-apps
rfortier
Rhev-m-bugs
rhq-maint
rhs-bugs
rrajasek
rsvoboda
rwagner
rzhang
security-response-team
sgehwolf
sisharma
smohan
soa-p-jira
spinder
sradco
srevivo
ssaha
tcunning
thauser
theute
tjay
tkirby
ttarrant
vbellur
vhalbert
vtunka
weli
wmealing
ykaul
ylavi