ALAS-2014-412


Amazon Linux AMI Security Advisory: ALAS-2014-412
Advisory Release Date: 2014-09-19 12:09 Pacific
Severity: Important

Issue Overview:

It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596 )


Affected Packages:

axis


Issue Correction:
Run yum update axis to update your system.

New Packages:
noarch:
    axis-1.2.1-7.5.14.amzn1.noarch
    axis-javadoc-1.2.1-7.5.14.amzn1.noarch
    axis-manual-1.2.1-7.5.14.amzn1.noarch

src:
    axis-1.2.1-7.5.14.amzn1.src