Summary: | <dev-python/pyopenssl-0.13.1: hostname check bypassing vulnerability (CVE-2013-4314) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1005325 | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-09-06 18:45:32 UTC
CVE-2013-4314 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4314): The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Arches, please stabilize. amd64 stable x86 stable Arch teams, please test and mark stable: =dev-python/pyopenssl-0.13.1 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. ia64 stable alpha stable ppc stable arm stable ppc64 stable sparc stable GLSA vote: no GLSA vote: no. Closing noglsa. |