Package name
perl-IO-Socket-SSL
Date
2009-12-05
Advisory ID
MDVSA-2009:252-1
Affected versions
2009.0 x86_64 , 2009.0 i586

Problem description

A vulnerability was discovered and corrected in perl-IO-Socket-SSL:

The verify_hostname_of_cert function in the certificate checking
feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only
matches the prefix of a hostname when no wildcard is used, which
allows remote attackers to bypass the hostname check for a certificate
(CVE-2009-3024).

This update provides a fix for this vulnerability.

Update:

Packages were missing for 2009.0, this update addresses the problem.

Updated packages

2009.0 x86_64

 4297e01f0dc3ee3d86c95b8fe09b07f5  2009.0/x86_64/perl-IO-Socket-SSL-1.15-1.2mdv2009.0.noarch.rpm 
 ffe8c1ead458cc0c011258f57d4908bf  2009.0/SRPMS/perl-IO-Socket-SSL-1.15-1.2mdv2009.0.src.rpm

2009.0 i586

 7e37ff49f7a218b12b4635a0fb061c8e  2009.0/i586/perl-IO-Socket-SSL-1.15-1.2mdv2009.0.noarch.rpm 
 ffe8c1ead458cc0c011258f57d4908bf  2009.0/SRPMS/perl-IO-Socket-SSL-1.15-1.2mdv2009.0.src.rpm

References