Summary: | <dev-python/python-swiftclient-{2.0.3,2.1.0}: SSL Certificate Verification Security Issue[OSSA 2014-005] (CVE-2013-6396) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/55762/ | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-11-15 20:11:40 UTC
This has been assigned CVE-2013-6396 as per https://bugzilla.redhat.com/show_bug.cgi?id=1031652 partially fixed (in 2.0.2), unfortuanately it looks like they will not backport... https://bugs.launchpad.net/python-swiftclient/+bug/1199783/comments/21 fixed (bad versions removed from tree), kthnxbai Thank you for your work! Closing - noglsa CVE-2013-6396 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6396): The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |