paul Posted December 5, 2009 Report Share Posted December 5, 2009 A vulnerability was discovered and corrected in perl-IO-Socket-SSL: The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate (CVE-2009-3024). This update provides a fix for this vulnerability. Update: Packages were missing for 2009.0, this update addresses the problem. Link to comment Share on other sites More sharing options...
Recommended Posts