Paketname
python-OpenSSL
Datum
2013-09-13
Advisory ID
MDVSA-2013:233
Betroffene Versionen
MBS1 x86_64

Problembeschreibung

A vulnerability has been discovered and corrected in python-OpenSSL:

The string formatting of subjectAltName X509Extension instances in
pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when
encountering a null byte, possibly allowing man-in-the-middle attacks
through certificate spoofing (CVE-2013-4314).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

MBS1 x86_64

 9c1a53018f31b26cee286d9c05e06e6c  mbs1/x86_64/python-OpenSSL-0.12-2.1.mbs1.x86_64.rpm 
 f6b4dc37dde9cc96018b1f98a9f4df93  mbs1/SRPMS/python-OpenSSL-0.12-2.1.mbs1.src.rpm

Referenzen