exploit the possibilities

Mandriva Linux Security Advisory 2013-229

Mandriva Linux Security Advisory 2013-229
Posted Sep 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-229 - A denial of service flaw was found in the way SSL module implementation of Python 3 performed matching of the certificate's name in the case it contained many '*' wildcard characters. A remote attacker, able to obtain valid certificate with its name containing a lot of '*' wildcard characters could use this flaw to cause denial of service (excessive CPU consumption) by issuing request to validate such a certificate for / to an application using the Python's ssl.match_hostname() functionality.

tags | advisory, remote, denial of service, python
systems | linux, mandriva
advisories | CVE-2013-2099
MD5 | 115f04300c8aadd79b8c495a5a32f43a

Mandriva Linux Security Advisory 2013-229

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:229
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : bzr
Date : September 10, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated bzr packages fix security vulnerabilities:

A denial of service flaw was found in the way SSL module implementation
of Python 3 performed matching of the certificate's name in the case
it contained many '*' wildcard characters. A remote attacker, able to
obtain valid certificate with its name containing a lot of '*' wildcard
characters could use this flaw to cause denial of service (excessive
CPU consumption) by issuing request to validate such a certificate
for / to an application using the Python's ssl.match_hostname()
functionality (CVE-2013-2099).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2099
http://advisories.mageia.org/MGASA-2013-0252.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
563a17f7f5cb219760291c5266f2af4e mbs1/x86_64/bzr-2.5.1-4.1.mbs1.x86_64.rpm
7503fdbb4f4fb3eb5d2ecc1e72676390 mbs1/SRPMS/bzr-2.5.1-4.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSLt8umqjQ0CJFipgRAnhqAJ9CrVGqwnpYXyI7sEJir+7RO5I+kACg8G4n
Jy+yOzVgUFV4VpXnnRIsOWo=
=cEfT
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close