Updated perl-LWP-Protocol-https package fixes CVE-2014-3230
Publication date: 06 Jun 2014Modification date: 06 Jun 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-3230
Description
Updated perl-LWP-Protocol-https package fixes security vulnerability: It was reported that libwww-perl (LWP), when using IO::Socket::SSL (the default) and when the HTTPS_CA_DIR or HTTPS_CA_FILE environment variables were set, would disable server certificate verification, when the intent was to only disable hostname verification (CVE-2014-3230).
References
SRPMS
4/core
- perl-LWP-Protocol-https-6.40.0-2.1.mga4