Advisories ยป MGASA-2013-0277

Updated python-OpenSSL package fixes security vulnerability

Publication date: 13 Sep 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4314

Description

The string formatting of subjectAltName X509Extension instances in
pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when
encountering a null byte, possibly allowing man-in-the-middle attacks
through certificate spoofing (CVE-2013-4314).
                

References

SRPMS

3/core

2/core