Mageia Advisory: MGASA-2014-0551 - Updated not-yet-commons-ssl packages fix CVE-2014-3604

Updated not-yet-commons-ssl packages fix CVE-2014-3604

Publication date: 26 Dec 2014
Modification date: 26 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-3604

Description

Updated not-yet-commons-ssl packages fixes security vulnerability:

It was discovered that the implementation used by the Not Yet Commons SSL
project to check that the server hostname matches the domain name in the
subject's CN field was flawed. This can be exploited by a Man-in-the-middle
(MITM) attack, where the attacker can spoof a valid certificate using a
specially crafted subject (CVE-2014-3604).

References

https://bugs.mageia.org/show_bug.cgi?id=14175
https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138550.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3604

SRPMS

4/core

not-yet-commons-ssl-0.3.15-1.mga4

Advisories » MGASA-2014-0551

Updated not-yet-commons-ssl packages fix CVE-2014-3604

Description

References

SRPMS

4/core