advisories/11206.adv

type: security
subject: Updated python-OpenSSL package fixes security vulnerability
CVE:
 - CVE-2013-4314
src:
  2:
   core:
     - python-OpenSSL-0.12-1.1.mga2
  3:
   core:
     - python-OpenSSL-0.13-2.1.mga3
description: |
  The string formatting of subjectAltName X509Extension instances in
  pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when
  encountering a null byte, possibly allowing man-in-the-middle attacks
  through certificate spoofing (CVE-2013-4314).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=11206
 - https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html
 - https://bugzilla.redhat.com/show_bug.cgi?id=1005325
ID: MGASA-2013-0277
1	type: security
2	subject: Updated python-OpenSSL package fixes security vulnerability
3	CVE:
4	- CVE-2013-4314
5	src:
6	2:
7	core:
8	- python-OpenSSL-0.12-1.1.mga2
9	3:
10	core:
11	- python-OpenSSL-0.13-2.1.mga3
12	description: \|
13	The string formatting of subjectAltName X509Extension instances in
14	pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when
15	encountering a null byte, possibly allowing man-in-the-middle attacks
16	through certificate spoofing (CVE-2013-4314).
17	references:
18	- https://bugs.mageia.org/show_bug.cgi?id=11206
19	- https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html
20	- https://bugzilla.redhat.com/show_bug.cgi?id=1005325
21	ID: MGASA-2013-0277