Nome do pacote
perl-IO-Socket-SSL
Data
2009-09-30
ID Alerta
MDVSA-2009:252
Versões afetadas
2009.0 x86_64 , 2009.0 i586 , MES5 i586 , MES5 x86_64

Descrição do problema

A vulnerability was discovered and corrected in perl-IO-Socket-SSL:

The verify_hostname_of_cert function in the certificate checking
feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only
matches the prefix of a hostname when no wildcard is used, which
allows remote attackers to bypass the hostname check for a certificate
(CVE-2009-3024).

This update provides a fix for this vulnerability.

Pacotes atualizados

2009.0 x86_64

 4b2b70c98ccf0372ddac26ab9ee7cf00  2009.0/x86_64/perl-IO-Socket-SSL-1.15-1.1mdv2009.0.noarch.rpm

2009.0 i586

 105f213eb1d2351b25922ee75ab2d0f4  2009.0/i586/perl-IO-Socket-SSL-1.15-1.1mdv2009.0.noarch.rpm

MES5 i586

 a0bbb57dfcffbc6707eda691eeb3a3e5  mes5/i586/perl-IO-Socket-SSL-1.15-1.1mdvmes5.noarch.rpm 
 4661a26b8c88cd183ebada5fb4155b98  mes5/SRPMS/perl-IO-Socket-SSL-1.15-1.1mdvmes5.src.rpm

MES5 x86_64

 44c13cc673984ccf919dd512613bffd3  mes5/x86_64/perl-IO-Socket-SSL-1.15-1.1mdvmes5.noarch.rpm 
 4661a26b8c88cd183ebada5fb4155b98  mes5/SRPMS/perl-IO-Socket-SSL-1.15-1.1mdvmes5.src.rpm

Referências