Advisories ยป MGASA-2014-0551

Updated not-yet-commons-ssl packages fix CVE-2014-3604

Publication date: 26 Dec 2014
Modification date: 26 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-3604


Updated not-yet-commons-ssl packages fixes security vulnerability:

It was discovered that the implementation used by the Not Yet Commons SSL
project to check that the server hostname matches the domain name in the
subject's CN field was flawed. This can be exploited by a Man-in-the-middle
(MITM) attack, where the attacker can spoof a valid certificate using a
specially crafted subject (CVE-2014-3604).