CVE-2013-4314

Related Files

Debian Security Advisory 2763-1

Posted Sep 24, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2763-1 - It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field.

tags | advisory, python

systems | linux, debian

advisories | CVE-2013-4314

SHA-256 | 49f7af93886cb2e4925c18af4a4080e0c1640e728c84299dcb893d6514dbfc87

Download | Favorite | View

Ubuntu Security Notice USN-1965-1

Posted Sep 23, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1965-1 - It was discovered that pyOpenSSL did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2013-4314

SHA-256 | 9a62177c15f37e7c4836b84c5bef097ee6d8aade227639bbf1331a5b2718f5f8

Download | Favorite | View

Mandriva Linux Security Advisory 2013-233

Posted Sep 13, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-233 - The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing. The updated packages have been patched to correct this issue.

tags | advisory, spoof

systems | linux, mandriva

advisories | CVE-2013-4314

SHA-256 | a43120d106d63684cf3f88a50e2e526955d2903de89c95489a0ab2bb2069c224

Download | Favorite | View