Package name
perl-IO-Socket-SSL
Date
2011-05-18
Advisory ID
MDVSA-2011:092
Affected versions
2010.1 i586 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in perl-IO-Socket-SSL:

IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE,
fails open to VERIFY_NONE instead of throwing an error when a
ca_file/ca_path cannot be verified, which allows remote attackers to
bypass intended certificate restrictions (CVE-2010-4334).

The updated packages have been patched to correct this issue.

Updated packages

2010.1 i586

 007ca8027ba70b7e4ab5da50c885be90  2010.1/i586/perl-IO-Socket-SSL-1.330.0-1.1mdv2010.2.noarch.rpm 
 9018fd9f1902f37c8ec0c25e4338bb7b  2010.1/SRPMS/perl-IO-Socket-SSL-1.330.0-1.1mdv2010.2.src.rpm

2010.1 x86_64

 f6df3259d182f82753f57c0df646627a  2010.1/x86_64/perl-IO-Socket-SSL-1.330.0-1.1mdv2010.2.noarch.rpm 
 9018fd9f1902f37c8ec0c25e4338bb7b  2010.1/SRPMS/perl-IO-Socket-SSL-1.330.0-1.1mdv2010.2.src.rpm

References