|
|
Subscribe / Log in / New account

python: man in the middle attack

Package(s):python CVE #(s):CVE-2013-4238
Created:August 26, 2013 Updated:December 4, 2013
Description: From the CVE entry:

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Alerts:
Fedora FEDORA-2014-14257 python3 2014-11-13
openSUSE openSUSE-SU-2014:0498-1 python3 2014-04-09
Debian DSA-2880-1 python2.7 2014-03-17
openSUSE openSUSE-SU-2014:0380-1 python 2014-03-15
Scientific Linux SLSA-2013:1582-2 python 2013-12-03
Oracle ELSA-2013-1582 python 2013-11-27
Red Hat RHSA-2013:1582-02 python 2013-11-21
Ubuntu USN-1985-1 python3.3 2013-10-01
Ubuntu USN-1984-1 python3.2 2013-10-01
Ubuntu USN-1983-1 python2.7 2013-10-01
Ubuntu USN-1982-1 python2.6 2013-10-01
Mageia MGASA-2013-0252 python3 2013-08-22
Mageia MGASA-2013-0250 python 2013-08-17
Mandriva MDVSA-2013:214 python 2013-08-21
Fedora FEDORA-2013-15146 python 2013-08-24
openSUSE openSUSE-SU-2013:1462-1 python3 2013-09-18
openSUSE openSUSE-SU-2013:1463-1 python 2013-09-18
openSUSE openSUSE-SU-2013:1437-1 python3 2013-09-13
openSUSE openSUSE-SU-2013:1440-1 python 2013-09-13
Fedora FEDORA-2013-15254 python3 2013-08-27
openSUSE openSUSE-SU-2013:1438-1 python 2013-09-13
openSUSE openSUSE-SU-2013:1439-1 python3 2013-09-13
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds