Mandriva Linux Security Advisory : not-yet-commons-ssl (MDVSA-2015:141)

high Nessus Plugin ID 82394

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated not-yet-commons-ssl packages fixes security vulnerability :

It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack, where the attacker can spoof a valid certificate using a specially crafted subject (CVE-2014-3604).

Solution

Update the affected not-yet-commons-ssl and / or not-yet-commons-ssl-javadoc packages.

See Also

http://advisories.mageia.org/MGASA-2014-0551.html

Plugin Details

Severity: High

ID: 82394

File Name: mandriva_MDVSA-2015-141.nasl

Version: 1.4

Type: local

Published: 3/30/2015

Updated: 1/14/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:not-yet-commons-ssl, p-cpe:/a:mandriva:linux:not-yet-commons-ssl-javadoc, cpe:/o:mandriva:business_server:2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 3/29/2015

Reference Information

MDVSA: 2015:141