MDVSA-2009:178 -- Mandriva perl-IO-Socket-SSLID: oval:org.secpod.oval:def:300575 | Date: (C)2012-01-07 (M)2021-09-11 |
Class: PATCH | Family: unix |
A vulnerability was discovered and corrected in perl-IO-Socket-SSL: The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate . This update provides a fix for this vulnerability.
Platform: |
Mandriva Linux 2009.0 |
Product: |
perl-IO-Socket-SSL |