Mandriva Update For Perl-IO-Socket-SSL MDVSA-2011:092 (perl-IO-Socket-SSL) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in perl-IO-Socket-SSL: IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions (CVE-2010-4334). The updated packages have been patched to correct this issue.

Affected

perl-IO-Socket-SSL on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64

Severity

Classification

CVE CVE-2010-4334

CVSS	Base Score: 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:102 (apache)
Mandrake Security Advisory MDVSA-2009:058 (wireshark)
Mandrake Security Advisory MDVSA-2009:122 (squirrelmail)
Mandrake Security Advisory MDVSA-2009:034 (squid)
Mandrake Security Advisory MDVSA-2009:177 (ruby)

Mandriva Update for perl-IO-Socket-SSL MDVSA-2011:092 (perl-IO-Socket-SSL)

Take action and discover your vulnerabilities