Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot
Java Virtual Machine (JVM) with support for monitoring multiple
JVM instances.
The httpcomponents-client package provides an HTTP agent implementation
that is used by Thermostat to visualize collected data in an HTTP-aware
client application.
It was found that the fix for CVE-2012-6153 was incomplete: the code added
to check that the server hostname matches the domain name in a subject’s
Common Name (CN) field in X.509 certificates was flawed.
A man-in-the-middle attacker could use this flaw to spoof an SSL server
using a specially crafted X.509 certificate. (CVE-2014-3577)
For additional information on this flaw, refer to the Knowledgebase
article in the References section.
All thermostat1-httpcomponents-client users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | thermostat1-httpcomponents-client-javadoc | < 4.2.5-3.4.el6.1 | thermostat1-httpcomponents-client-javadoc-4.2.5-3.4.el6.1.noarch.rpm |
RedHat | 6 | noarch | thermostat1-httpcomponents-client | < 4.2.5-3.4.el6.1 | thermostat1-httpcomponents-client-4.2.5-3.4.el6.1.noarch.rpm |
RedHat | 6 | src | thermostat1-httpcomponents-client | < 4.2.5-3.4.el6.1 | thermostat1-httpcomponents-client-4.2.5-3.4.el6.1.src.rpm |