Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 11: FEDORA-2009-7435 Moderate: perl-IO-Socket-SSL Hostname Fix

fedora
Calendar Grey July 19, 2009
Dist Fedora Esm H88
Enhances hostname prefix validation in SSL certificates for the Fedora 11 perl-IO-Socket-SSL package upgrade.

This update to version 1.26 fixes an issue where only the prefix of the hostname was checked if there was no wildcard present, so for example www.example.org would match a certi...

Summary

This module is a true drop-in replacement for IO::Socket::INET that

uses SSL to encrypt data before it is transferred to a remote server

or client. IO::Socket::SSL supports all the extra features that one

needs to write a full-featured SSL client or server application:

multiple SSL contexts, cipher selection, certificate verification, and

SSL version selection. As an extra bonus, it works perfectly with

mod_perl.

Update Information:

This update to version 1.26 fixes an issue where only the prefix of the hostname was checked if there was no wildcard present, so for example ple.org would match a certificate starting with ple.org

Topics%20covered

Topics Covered

security advisory security issue Fedora moderate severity perl library certificate check SSL fix

Change Log

* Sat Jul 4 2009 Paul Howarth <paul@city-fan.org> - 1.26-1 - Update to 1.26 (verify_hostname_of_cert matched only the prefix for the hostname when no wildcard was given, e.g. ple.org matched against a certificate with name ple.com in it) * Fri Jul 3 2009 Paul Howarth <paul@city-fan.org> - 1.25-1 - Update to 1.25 (fix t/nonblock.t for OS X 10.5 - CPAN RT#47240)

References


[ 1 ] Bug #509819 - perl-IO-Socket-SSL: incorrect checking of certificate hostnames https://bugzilla.redhat.com/show_bug.cgi?id=509819

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update perl-IO-Socket-SSL' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: perl-IO-Socket-SSL
Product: Fedora 11
Version: 1.26
Release: 1.fc11
URL: https://metacpan.org/dist/IO-Socket-SSL
Summary: Perl library for transparent SSL

Topics%20covered

Topics Covered

security advisory security issue Fedora moderate severity perl library certificate check SSL fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here