https://bugzilla.redhat.com/show_bug.cgi?id=1005325 " Vincent Danen 2013-09-06 12:24:39 EDT The pyOpenSSL module implements hostname identity checks but it did not properly handle hostnames in the certificate that contain null bytes. In all releases prior to 0.13.1, the string formatting of subjectAltName X509Extension instances incorrectly truncated fields of the name when encountering the null byte. When a CA than an SSL client trusts issues a server certificate that has a null byte in the subjectAltName, remote attackers can obtain a certifcate for 'www.foo.org\0.example.com' from the CA to spoof 'www.foo.org' and conduct man-in-the-middle attacks between the pyOpenSSL-using client and SSL servers. [1] https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html" Reproducible: Steps to Reproduce:
python-OpenSSL-0.12-1.1.mga2, python-OpenSSL-0.13-2.1.mga3 and python-OpenSSL-0.13.1-1.mga4 has been submitted where this is fixed.
Advisory: ======================== Updated python-OpenSSL package fixes security vulnerability: The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing (CVE-2013-4314). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4314 https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html https://bugzilla.redhat.com/show_bug.cgi?id=1005325 ======================== Updated packages in core/updates_testing: ======================== python-OpenSSL-0.12-1.1.mga2 python-OpenSSL-0.13-2.1.mga3 from SRPMS: python-OpenSSL-0.12-1.1.mga2.src.rpm python-OpenSSL-0.13-2.1.mga3.src.rpm
Version: 2 => 3Assignee: bugsquad => qa-bugsSummary: CVE-2013-4314: python-OpenSSL - hostname check bypassing vulnerability => python-OpenSSL - hostname check bypassing vulnerability (CVE-2013-4314)Whiteboard: (none) => MGA2TOOSeverity: normal => major
Created attachment 4345 [details] Script for testing https connection.
CC: (none) => davidwhodgins
Testing complete m2 and m3, both arches. Advisory 11206.adv committed to svn. Someone from the sysadmin team please push 11206.adv to updates.
Keywords: (none) => validated_updateWhiteboard: MGA2TOO => MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OK has_procedureCC: (none) => sysadmin-bugs
Mandriva has issued an advisory for this today (September 13): http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:233/
URL: http://www.openwall.com/lists/oss-security/2013/09/06/2 => http://lwn.net/Vulnerabilities/566722/CC: (none) => luigiwalser
http://advisories.mageia.org/MGASA-2013-0277.html
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)