Gentoo Linux Security Advisory 201101-6 - An error in the hostname matching of IO::Socket::SSL might enable remote attackers to conduct man-in-the-middle attacks. The vendor reported that IO::Socket::SSL does not properly handle Common Name (CN) fields. Versions less than 1.26 are affected.
f2c98c9c78e0188c0ee5171ed3e46864b2a8198da4a45d9f7d72a335c18ad998Mandriva Linux Security Advisory 2009-252 - The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate. This update provides a fix for this vulnerability. Packages were missing for 2009.0, this update addresses the problem.
05fe32553df3c03b9ca1fd805d010967f214e468fcf88bfe343084c1c25e1a33
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed