462614 – (CVE-2012-5662) <net-misc/suite3270-3.3.12_p12: SSL Certificate Verification Security Issue (CVE-2012-5662)

Bug 462614 (CVE-2012-5662) - <net-misc/suite3270-3.3.12_p12: SSL Certificate Verification Security Issue (CVE-2012-5662)

Summary: <net-misc/suite3270-3.3.12_p12: SSL Certificate Verification Security Issue (...

Status:	RESOLVED FIXED

Alias:	CVE-2012-5662

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://secunia.com/advisories/52650/
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2013-03-21 18:36 UTC by Agostino Sarubbo
Modified:	2013-09-11 09:55 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2013-03-21 18:36:25 UTC

From ${URL} :

Description
A security issue has been reported in x3270, which can be exploited by malicious people to conduct 
spoofing attacks.

The security issue is caused due to the application not properly verifying hostnames against the 
domain name in SSL certificates and can be exploited to e.g. spoof the server via a MitM 
(Man-in-the-Middle) attack and e.g. disclose potentially sensitive information.

The security issue is reported in versions 3.3.12 prior to 3.3.12ga12.


Solution
Update to version 3.3.12ga12.

Provided and/or discovered by
Florian Weimer, Red Hat Product Security Team.

Original Advisory
x3270:
http://sourceforge.net/projects/x3270/files/x3270/3.3.12ga12/

Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=889373

Comment 1 Robin Johnson archtester

2013-03-21 19:29:37 UTC

arches, please stabilize  net-misc/suite3270-3.3.12_p12.ebuild

target keywords:
amd64 ppc s390 sparc x86

Comment 2 Sergey Popov gentoo-dev

2013-03-22 06:43:27 UTC

(In reply to comment #1)
> arches, please stabilize  net-misc/suite3270-3.3.12_p12.ebuild
> 
> target keywords:
> amd64 ppc s390 sparc x86

It seems that you forgot to add other arches except s390

Comment 3 Agostino Sarubbo gentoo-dev

2013-03-22 16:18:37 UTC

amd64 stable

Comment 4 Agostino Sarubbo gentoo-dev

2013-03-22 16:21:16 UTC

x86 stable

Comment 5 Agostino Sarubbo gentoo-dev

2013-03-22 17:27:20 UTC

ppc stable

Comment 6 Agostino Sarubbo gentoo-dev

2013-04-02 10:56:47 UTC

sparc stable

Comment 7 Agostino Sarubbo gentoo-dev

2013-04-02 13:17:53 UTC

s390 stable

Comment 8 Chris Reffett (RETIRED) gentoo-dev

2013-09-11 03:54:29 UTC

GLSA vote: no.

Comment 9 Sergey Popov gentoo-dev

2013-09-11 09:55:39 UTC

GLSA vote: no

Closing as noglsa