Ubuntu Security Notice 1547-1 - Vreixo Formoso discovered that the libGData library, as used by Evolution and other applications, did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter data transmitted via the GData protocol.
a74f0aaab1cc8128ef7472f38a47d4e6Gentoo Linux Security Advisory 201208-6 - A vulnerability in libgdata could allow remote attackers to perform man-in-the-middle attacks. Versions less than 0.8.1-r2 are affected.
ac6d8830da9ce1dd4fa6e0d9e344cc5bMandriva Linux Security Advisory 2012-111 - It was found that previously libgdata, a GLib-based library for accessing online service APIs using the GData protocol, did not perform SSL certificates validation even for secured connections. An application, linked against the libgdata library and holding the trust about the other side of the connection being the valid owner of the certificate, could be tricked into accepting of a spoofed SSL certificate by mistake. The updated packages have been patched to correct this issue.
9d57ae0cb393fc4dae67d1e0149717a7
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed