Skip to navigation

Security Advisory Moderate: axis security update

Advisory: RHSA-2013:0683-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-03-25
Last updated on: 2013-03-25
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.9.z server)
Red Hat Enterprise Linux Long Life (v. 5.9 server)
CVEs (cve.mitre.org): CVE-2012-5784

Details

Updated axis packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Apache Axis is an implementation of SOAP (Simple Object Access Protocol).
It can be used to build both web service clients and servers.

Apache Axis did not verify that the server hostname matched the domain name
in the subject's Common Name (CN) or subjectAltName field in X.509
certificates. This could allow a man-in-the-middle attacker to spoof an SSL
server if they had a certificate that was valid for any domain name.
(CVE-2012-5784)

All users of axis are advised to upgrade to these updated packages, which
correct this issue. Applications using Apache Axis must be restarted for
this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
axis-1.2.1-2jpp.7.el5_9.src.rpm     MD5: 5c0c25146d4b16a2db0105def4a358c7
SHA-256: 6278d6fbb72f9bbb32a1fb2f8d7891160c0c102734c65a1416c0f1031380be50
 
IA-32:
axis-debuginfo-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: a030a95aeddab00530a4a83357075995
SHA-256: f94f323726f5178df3da1cefe1946616d8039352eea854f0e9fcb7c44577b50b
axis-javadoc-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: 6ca9599d4bbdd75fd058c798cc988dca
SHA-256: 26287d4463b900d2717ace8a0f2807b59a3bb0feeb37de79ce8a5bfc8074566b
axis-manual-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: 6918111b26b91a28307e758ffc1951fb
SHA-256: 034e7cdd936b08474a29d4f3d86afbeb5fa28fa2f24780663d9d764f64d682bd
 
x86_64:
axis-debuginfo-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 506b14458d8755f55576f63b30f604ff
SHA-256: e662ec997d857800eb4d542fdef11ede14acf506d3a66e6ca4c9bc45d6f626e3
axis-javadoc-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 88e65874e0ff8f4b0be5402a40450fbf
SHA-256: 54f8cc33988accf7a78d8a404fbe8c87139cb5f29147916db4de4bfd06fd134e
axis-manual-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 49f76be8229ad91dabd3e6f547c95607
SHA-256: 58abd320ab6c86ced1ecb591c649481bb0ca56150514535f396f9068f3c6d3b2
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
axis-1.2.1-2jpp.7.el5_9.src.rpm     MD5: 5c0c25146d4b16a2db0105def4a358c7
SHA-256: 6278d6fbb72f9bbb32a1fb2f8d7891160c0c102734c65a1416c0f1031380be50
 
IA-32:
axis-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: 5705b25f1fbbda2b4109cd7287858da8
SHA-256: ba766f39c238ef4b36fe64296ecb1ac2a30b145b1d4af8ea2a79f9fe026a3f31
axis-debuginfo-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: a030a95aeddab00530a4a83357075995
SHA-256: f94f323726f5178df3da1cefe1946616d8039352eea854f0e9fcb7c44577b50b
axis-javadoc-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: 6ca9599d4bbdd75fd058c798cc988dca
SHA-256: 26287d4463b900d2717ace8a0f2807b59a3bb0feeb37de79ce8a5bfc8074566b
axis-manual-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: 6918111b26b91a28307e758ffc1951fb
SHA-256: 034e7cdd936b08474a29d4f3d86afbeb5fa28fa2f24780663d9d764f64d682bd
 
IA-64:
axis-1.2.1-2jpp.7.el5_9.ia64.rpm     MD5: 1b0970ed746d827e1ed3311b499fbdc0
SHA-256: b292dde593c08cf5f88b492b9554e4f9fa62e57ad882aaf3ea0064989928164e
axis-debuginfo-1.2.1-2jpp.7.el5_9.ia64.rpm     MD5: c39024af6c8c72719727089fca9a1acd
SHA-256: ecbb182780fd4011d5ae11480f812f93ef2b5637721dea0cf3584deaa08058af
axis-javadoc-1.2.1-2jpp.7.el5_9.ia64.rpm     MD5: fbd51829d4c8574365412cdc9ca7b684
SHA-256: 7535ab55857da0d8af9f4c27d43d083dd7cc5a9433e074d63a6d350eb558cf39
axis-manual-1.2.1-2jpp.7.el5_9.ia64.rpm     MD5: 57f4a34b71169189b56dd8911d316917
SHA-256: 68853648cf48dafa8643b9ffa07c36e5e28b91ea95384f03f137e0c5e5cc5a6a
 
PPC:
axis-1.2.1-2jpp.7.el5_9.ppc.rpm     MD5: 628bf22503fbaaed9002ee0ba3c2c059
SHA-256: 1a6732f1bf5b6fef1aa41c9b57b7bc6904f5e2581a28f7ba82965952ed7b015f
axis-debuginfo-1.2.1-2jpp.7.el5_9.ppc.rpm     MD5: a4ce8e9610a67dfd88eb445a15929166
SHA-256: 11260b79b9c96d5cb2f4b8394772d23fb07773d20e3a6593fb6a436a143b4c19
axis-javadoc-1.2.1-2jpp.7.el5_9.ppc.rpm     MD5: c53ae68690322204745792b95535d49a
SHA-256: da6e15868eb221edd92214da06c57100bf55e9a8eea7f0f9169c3c772817c34b
axis-manual-1.2.1-2jpp.7.el5_9.ppc.rpm     MD5: df8258bb58efc4c4ae8401f045111737
SHA-256: c8168d2697ab9bf60e6a57c23b9b6cf43db5d59162509deed6bef5619ea9efef
 
s390x:
axis-1.2.1-2jpp.7.el5_9.s390x.rpm     MD5: 91ac45cc38f24efeaeb2f760c8168305
SHA-256: f1fb5fe636dfdae2778c68b67f731a1d3406368503eba29218c484eb29a358ac
axis-debuginfo-1.2.1-2jpp.7.el5_9.s390x.rpm     MD5: 5ce5950ef608f39dac160753223877c9
SHA-256: 47e8d875d46f276e39e58627d26a13f31d2529e7e86ccc0eab18e4e1aeaf0e15
axis-javadoc-1.2.1-2jpp.7.el5_9.s390x.rpm     MD5: 79c1ea345342f090884f7acb7209961c
SHA-256: 275566e8983651a0e72a1d2e570daa42ac1212957fa12c10205a2e388aa4e3df
axis-manual-1.2.1-2jpp.7.el5_9.s390x.rpm     MD5: 6dc8cba42ed7f2614a729b79da828695
SHA-256: 8fbe3fb000a7694892201d65499736599a74b91c26dd58aa13d946a13fbcee39
 
x86_64:
axis-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: c09f8319326ec7a8edf9e688419efb9b
SHA-256: e436edbabaff041bd7154d710c36d7471f91c5a1834394768a835137f8691208
axis-debuginfo-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 506b14458d8755f55576f63b30f604ff
SHA-256: e662ec997d857800eb4d542fdef11ede14acf506d3a66e6ca4c9bc45d6f626e3
axis-javadoc-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 88e65874e0ff8f4b0be5402a40450fbf
SHA-256: 54f8cc33988accf7a78d8a404fbe8c87139cb5f29147916db4de4bfd06fd134e
axis-manual-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 49f76be8229ad91dabd3e6f547c95607
SHA-256: 58abd320ab6c86ced1ecb591c649481bb0ca56150514535f396f9068f3c6d3b2
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
axis-1.2.1-2jpp.7.el5_9.src.rpm     MD5: 5c0c25146d4b16a2db0105def4a358c7
SHA-256: 6278d6fbb72f9bbb32a1fb2f8d7891160c0c102734c65a1416c0f1031380be50
 
IA-32:
axis-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: 5705b25f1fbbda2b4109cd7287858da8
SHA-256: ba766f39c238ef4b36fe64296ecb1ac2a30b145b1d4af8ea2a79f9fe026a3f31
axis-debuginfo-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: a030a95aeddab00530a4a83357075995
SHA-256: f94f323726f5178df3da1cefe1946616d8039352eea854f0e9fcb7c44577b50b
 
x86_64:
axis-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: c09f8319326ec7a8edf9e688419efb9b
SHA-256: e436edbabaff041bd7154d710c36d7471f91c5a1834394768a835137f8691208
axis-debuginfo-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 506b14458d8755f55576f63b30f604ff
SHA-256: e662ec997d857800eb4d542fdef11ede14acf506d3a66e6ca4c9bc45d6f626e3
 
Red Hat Enterprise Linux EUS (v. 5.9.z server)

SRPMS:
axis-1.2.1-2jpp.7.el5_9.src.rpm     MD5: 5c0c25146d4b16a2db0105def4a358c7
SHA-256: 6278d6fbb72f9bbb32a1fb2f8d7891160c0c102734c65a1416c0f1031380be50
 
IA-32:
axis-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: 5705b25f1fbbda2b4109cd7287858da8
SHA-256: ba766f39c238ef4b36fe64296ecb1ac2a30b145b1d4af8ea2a79f9fe026a3f31
axis-debuginfo-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: a030a95aeddab00530a4a83357075995
SHA-256: f94f323726f5178df3da1cefe1946616d8039352eea854f0e9fcb7c44577b50b
axis-javadoc-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: 6ca9599d4bbdd75fd058c798cc988dca
SHA-256: 26287d4463b900d2717ace8a0f2807b59a3bb0feeb37de79ce8a5bfc8074566b
axis-manual-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: 6918111b26b91a28307e758ffc1951fb
SHA-256: 034e7cdd936b08474a29d4f3d86afbeb5fa28fa2f24780663d9d764f64d682bd
 
IA-64:
axis-1.2.1-2jpp.7.el5_9.ia64.rpm     MD5: 1b0970ed746d827e1ed3311b499fbdc0
SHA-256: b292dde593c08cf5f88b492b9554e4f9fa62e57ad882aaf3ea0064989928164e
axis-debuginfo-1.2.1-2jpp.7.el5_9.ia64.rpm     MD5: c39024af6c8c72719727089fca9a1acd
SHA-256: ecbb182780fd4011d5ae11480f812f93ef2b5637721dea0cf3584deaa08058af
axis-javadoc-1.2.1-2jpp.7.el5_9.ia64.rpm     MD5: fbd51829d4c8574365412cdc9ca7b684
SHA-256: 7535ab55857da0d8af9f4c27d43d083dd7cc5a9433e074d63a6d350eb558cf39
axis-manual-1.2.1-2jpp.7.el5_9.ia64.rpm     MD5: 57f4a34b71169189b56dd8911d316917
SHA-256: 68853648cf48dafa8643b9ffa07c36e5e28b91ea95384f03f137e0c5e5cc5a6a
 
PPC:
axis-1.2.1-2jpp.7.el5_9.ppc.rpm     MD5: 628bf22503fbaaed9002ee0ba3c2c059
SHA-256: 1a6732f1bf5b6fef1aa41c9b57b7bc6904f5e2581a28f7ba82965952ed7b015f
axis-debuginfo-1.2.1-2jpp.7.el5_9.ppc.rpm     MD5: a4ce8e9610a67dfd88eb445a15929166
SHA-256: 11260b79b9c96d5cb2f4b8394772d23fb07773d20e3a6593fb6a436a143b4c19
axis-javadoc-1.2.1-2jpp.7.el5_9.ppc.rpm     MD5: c53ae68690322204745792b95535d49a
SHA-256: da6e15868eb221edd92214da06c57100bf55e9a8eea7f0f9169c3c772817c34b
axis-manual-1.2.1-2jpp.7.el5_9.ppc.rpm     MD5: df8258bb58efc4c4ae8401f045111737
SHA-256: c8168d2697ab9bf60e6a57c23b9b6cf43db5d59162509deed6bef5619ea9efef
 
s390x:
axis-1.2.1-2jpp.7.el5_9.s390x.rpm     MD5: 91ac45cc38f24efeaeb2f760c8168305
SHA-256: f1fb5fe636dfdae2778c68b67f731a1d3406368503eba29218c484eb29a358ac
axis-debuginfo-1.2.1-2jpp.7.el5_9.s390x.rpm     MD5: 5ce5950ef608f39dac160753223877c9
SHA-256: 47e8d875d46f276e39e58627d26a13f31d2529e7e86ccc0eab18e4e1aeaf0e15
axis-javadoc-1.2.1-2jpp.7.el5_9.s390x.rpm     MD5: 79c1ea345342f090884f7acb7209961c
SHA-256: 275566e8983651a0e72a1d2e570daa42ac1212957fa12c10205a2e388aa4e3df
axis-manual-1.2.1-2jpp.7.el5_9.s390x.rpm     MD5: 6dc8cba42ed7f2614a729b79da828695
SHA-256: 8fbe3fb000a7694892201d65499736599a74b91c26dd58aa13d946a13fbcee39
 
x86_64:
axis-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: c09f8319326ec7a8edf9e688419efb9b
SHA-256: e436edbabaff041bd7154d710c36d7471f91c5a1834394768a835137f8691208
axis-debuginfo-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 506b14458d8755f55576f63b30f604ff
SHA-256: e662ec997d857800eb4d542fdef11ede14acf506d3a66e6ca4c9bc45d6f626e3
axis-javadoc-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 88e65874e0ff8f4b0be5402a40450fbf
SHA-256: 54f8cc33988accf7a78d8a404fbe8c87139cb5f29147916db4de4bfd06fd134e
axis-manual-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 49f76be8229ad91dabd3e6f547c95607
SHA-256: 58abd320ab6c86ced1ecb591c649481bb0ca56150514535f396f9068f3c6d3b2
 
Red Hat Enterprise Linux Long Life (v. 5.9 server)

SRPMS:
axis-1.2.1-2jpp.7.el5_9.src.rpm     MD5: 5c0c25146d4b16a2db0105def4a358c7
SHA-256: 6278d6fbb72f9bbb32a1fb2f8d7891160c0c102734c65a1416c0f1031380be50
 
IA-32:
axis-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: 5705b25f1fbbda2b4109cd7287858da8
SHA-256: ba766f39c238ef4b36fe64296ecb1ac2a30b145b1d4af8ea2a79f9fe026a3f31
axis-debuginfo-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: a030a95aeddab00530a4a83357075995
SHA-256: f94f323726f5178df3da1cefe1946616d8039352eea854f0e9fcb7c44577b50b
axis-javadoc-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: 6ca9599d4bbdd75fd058c798cc988dca
SHA-256: 26287d4463b900d2717ace8a0f2807b59a3bb0feeb37de79ce8a5bfc8074566b
axis-manual-1.2.1-2jpp.7.el5_9.i386.rpm     MD5: 6918111b26b91a28307e758ffc1951fb
SHA-256: 034e7cdd936b08474a29d4f3d86afbeb5fa28fa2f24780663d9d764f64d682bd
 
IA-64:
axis-1.2.1-2jpp.7.el5_9.ia64.rpm     MD5: 1b0970ed746d827e1ed3311b499fbdc0
SHA-256: b292dde593c08cf5f88b492b9554e4f9fa62e57ad882aaf3ea0064989928164e
axis-debuginfo-1.2.1-2jpp.7.el5_9.ia64.rpm     MD5: c39024af6c8c72719727089fca9a1acd
SHA-256: ecbb182780fd4011d5ae11480f812f93ef2b5637721dea0cf3584deaa08058af
axis-javadoc-1.2.1-2jpp.7.el5_9.ia64.rpm     MD5: fbd51829d4c8574365412cdc9ca7b684
SHA-256: 7535ab55857da0d8af9f4c27d43d083dd7cc5a9433e074d63a6d350eb558cf39
axis-manual-1.2.1-2jpp.7.el5_9.ia64.rpm     MD5: 57f4a34b71169189b56dd8911d316917
SHA-256: 68853648cf48dafa8643b9ffa07c36e5e28b91ea95384f03f137e0c5e5cc5a6a
 
x86_64:
axis-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: c09f8319326ec7a8edf9e688419efb9b
SHA-256: e436edbabaff041bd7154d710c36d7471f91c5a1834394768a835137f8691208
axis-debuginfo-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 506b14458d8755f55576f63b30f604ff
SHA-256: e662ec997d857800eb4d542fdef11ede14acf506d3a66e6ca4c9bc45d6f626e3
axis-javadoc-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 88e65874e0ff8f4b0be5402a40450fbf
SHA-256: 54f8cc33988accf7a78d8a404fbe8c87139cb5f29147916db4de4bfd06fd134e
axis-manual-1.2.1-2jpp.7.el5_9.x86_64.rpm     MD5: 49f76be8229ad91dabd3e6f547c95607
SHA-256: 58abd320ab6c86ced1ecb591c649481bb0ca56150514535f396f9068f3c6d3b2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

873252 - CVE-2012-5784 axis: Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/