Synopsis:          Important: axis security update
Advisory ID:       SLSA-2014:1193-1
Issue Date:        2014-09-15
CVE Numbers:       CVE-2014-3596
--

It was discovered that Axis incorrectly extracted the host name from an
X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3596)

Applications using Apache Axis must be restarted for this update to take
effect.
--

SL5
  x86_64
    axis-1.2.1-2jpp.8.el5_10.x86_64.rpm
    axis-debuginfo-1.2.1-2jpp.8.el5_10.x86_64.rpm
    axis-javadoc-1.2.1-2jpp.8.el5_10.x86_64.rpm
    axis-manual-1.2.1-2jpp.8.el5_10.x86_64.rpm
  i386
    axis-1.2.1-2jpp.8.el5_10.i386.rpm
    axis-debuginfo-1.2.1-2jpp.8.el5_10.i386.rpm
    axis-javadoc-1.2.1-2jpp.8.el5_10.i386.rpm
    axis-manual-1.2.1-2jpp.8.el5_10.i386.rpm
SL6
  noarch
    axis-1.2.1-7.5.el6_5.noarch.rpm
    axis-javadoc-1.2.1-7.5.el6_5.noarch.rpm
    axis-manual-1.2.1-7.5.el6_5.noarch.rpm

- Scientific Linux Development Team