Advisories ยป MGASA-2014-0353

Updated serf packages fix CVE-2014-3504

Publication date: 26 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3504

Description

Updated serf packages fix security vulnerability:

Ben Reser discovered that serf did not correctly handle SSL certificates
with NUL bytes in the CommonName or SubjectAltNames fields. A remote
attacker could exploit this to perform a man in the middle attack to view
sensitive information or alter encrypted communications (CVE-2014-3504).
                

References

SRPMS

4/core

3/core