Updated serf packages fix CVE-2014-3504
Publication date: 26 Aug 2014Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3504
Description
Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications (CVE-2014-3504).
References
SRPMS
4/core
- serf-1.3.2-2.1.mga4
3/core
- serf-1.1.1-2.1.mga3