Nome do pacote
python-OpenSSL
Data
2013-09-13
ID Alerta
MDVSA-2013:233
Versões afetadas
MBS1 x86_64

Descrição do problema

A vulnerability has been discovered and corrected in python-OpenSSL:

The string formatting of subjectAltName X509Extension instances in
pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when
encountering a null byte, possibly allowing man-in-the-middle attacks
through certificate spoofing (CVE-2013-4314).

The updated packages have been patched to correct this issue.

Pacotes atualizados

MBS1 x86_64

 9c1a53018f31b26cee286d9c05e06e6c  mbs1/x86_64/python-OpenSSL-0.12-2.1.mbs1.x86_64.rpm 
 f6b4dc37dde9cc96018b1f98a9f4df93  mbs1/SRPMS/python-OpenSSL-0.12-2.1.mbs1.src.rpm

Referências