From ${URL} : Description A security issue has been reported in Python glanceclient Module, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to the application not properly verifying the server SSL certificate. This can be exploited to e.g. spoof the server via a MitM (Man-in-the-Middle) attack and e.g. disclose potentially sensitive information. The security issue is reported in version 0.9. Other versions may also be affected. Solution: Fixed in the GIT repository. Further details available to Secunia VIM customers Provided and/or discovered by: Thomas Leaman Original Advisory: Launchpad: https://bugs.launchpad.net/ossa/+bug/1192229 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
I updated glanceclient to 0.10.0 (which includes the fix) and removed the bad versions, this bug should be closable.
I'm removing myself as I see this as closable, re-add me if you don't think so.
Okay then.
CVE-2013-4111 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4111): The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
