Advisories » MGASA-2015-0050

Updated hexchat packages fix security vulnerability

Publication date: 05 Feb 2015
Modification date: 05 Feb 2015
Type: security
Affected Mageia releases : 4

Description

HexChat did not verify that the server hostname matched the domain name in 
the subject's Common Name (CN) or subjectAltName field in X.509 
certificates. This could allow a man-in-the-middle attacker to spoof an 
SSL server if they had a certificate that was valid for any domain name.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15158
• http://openwall.com/lists/oss-security/2015/01/29/23
• https://github.com/hexchat/hexchat/issues/524

SRPMS

4/core

• hexchat-2.9.6.1-3.1.mga4