GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Jul 29, 2020 12:26 am Post subject: [ GLSA 202007-50 ] GLib Networking |
 |
|
Gentoo Linux Security Advisory
Title: GLib Networking: Improper certificate validation (GLSA 202007-50)
Severity: normal
Exploitable: remote
Date: 2020-07-27
Bug(s): #725880
ID: 202007-50
Synopsis
GLib Networking was not properly verifying TLS certificates in all
circumstances, possibly allowing an integrity/confidentiality compromise.
Background
Network-related giomodules for glib
Affected Packages
Package: net-libs/glib-networking
Vulnerable: < 2.62.4
Unaffected: >= 2.62.4
Architectures: All supported architectures
Description
GTlsClientConnection skips hostname verification of the server’s TLS
certificate if the application fails to specify the expected server
identity.
Impact
There may be a breach of integrity or confidentiality in connections
made using GLib Networking.
Workaround
There is no known workaround at this time.
Resolution
All GLib Networking users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/glib-networking-2.62.4"
|
References
CVE-2020-13645 |
|
News & Announcements
