Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora: 2009:7544 Moderate: perl-IO-Socket-SSL Hostname Check Issue

fedora
Calendar Grey July 19, 2009
Dist Fedora Esm H88
Upgrade of perl-IO-Socket-SSL in Fedora 10 addresses hostname validation and resolves SSL encryption vulnerabilities.

This update to version 1.26 fixes an issue where only the prefix of the hostname was checked if there was no wildcard present, so for example www.example.org would match a certi...

Summary

This module is a true drop-in replacement for IO::Socket::INET that

uses SSL to encrypt data before it is transferred to a remote server

or client. IO::Socket::SSL supports all the extra features that one

needs to write a full-featured SSL client or server application:

multiple SSL contexts, cipher selection, certificate verification, and

SSL version selection. As an extra bonus, it works perfectly with

mod_perl.

Update Information:

This update to version 1.26 fixes an issue where only the prefix of the hostname was checked if there was no wildcard present, so for example ple.org would match a certificate starting with ple.org

Topics%20covered

Topics Covered

security advisory moderate Fedora perl-IO-Socket-SSL hostname check SSL encryption

Change Log

* Sat Jul 4 2009 Paul Howarth <paul@city-fan.org> - 1.26-1 - Update to 1.26 (verify_hostname_of_cert matched only the prefix for the hostname when no wildcard was given, e.g. ple.org matched against a certificate with name ple.com in it) * Fri Jul 3 2009 Paul Howarth <paul@city-fan.org> - 1.25-1 - Update to 1.25 (fix t/nonblock.t for OS X 10.5 - CPAN RT#47240) * Thu Apr 2 2009 Paul Howarth <paul@city-fan.org> - 1.24-1 - Update to 1.24 (add verify hostname scheme ftp, same as http) * Wed Feb 25 2009 Paul Howarth <paul@city-fan.org> - 1.23-1 - Update to 1.23 (complain when no certificates are provided) * Sat Jan 24 2009 Paul Howarth <paul@city-fan.org> - 1.22-1 - Update to latest upstream version: 1.22 * Thu Jan 22 2009 Paul Howarth <paul@city-fan.org> - 1.20-1 - Update to latest upstream version: 1.20 * Tue Nov 18 2008 Paul Howarth <paul@city-fan.org> - 1.18-1 - Update to latest upstream version: 1.18 - BR: perl(IO::Socket::INET6) for extra test coverage

References


[ 1 ] Bug #509819 - perl-IO-Socket-SSL: incorrect checking of certificate hostnames https://bugzilla.redhat.com/show_bug.cgi?id=509819

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update perl-IO-Socket-SSL' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: perl-IO-Socket-SSL
Product: Fedora 10
Version: 1.26
Release: 1.fc10
URL: https://metacpan.org/dist/IO-Socket-SSL
Summary: Perl library for transparent SSL

Topics%20covered

Topics Covered

security advisory moderate Fedora perl-IO-Socket-SSL hostname check SSL encryption

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here