Summary
The remote host is missing an update to perl-IO-Socket-SSL announced via advisory FEDORA-2009-7435.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update perl-IO-Socket-SSL' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-7435
Insight
Update Information:
This update to version 1.26 fixes an issue where only the prefix of the hostname was checked if there was no wildcard present, so for example www.example.org would match a certificate starting with www.exam.
ChangeLog:
* Sat Jul 4 2009 Paul Howarth - 1.26-1
- Update to 1.26 (verify_hostname_of_cert matched only the prefix for the hostname when no wildcard was given, e.g. www.example.org matched against a certificate with name www.exam in it)
* Fri Jul 3 2009 Paul Howarth - 1.25-1
- Update to 1.25 (fix t/nonblock.t for OS X 10.5 - CPAN RT#47240)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3024 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities