Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2012:111 (libgdata)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72135

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2012:111 (libgdata)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to libgdata
announced via advisory MDVSA-2012:111.

A vulnerability has been discovered and corrected in libgdata:

It was found that previously libgdata, a GLib-based library for
accessing online service APIs using the GData protocol, did not
perform SSL certificates validation even for secured connections. An
application, linked against the libgdata library and holding the
trust about the other side of the connection being the valid owner
of the certificate, could be tricked into accepting of a spoofed SSL
certificate by mistake (MITM attack) (CVE-2012-1177).

The updated packages have been patched to correct this issue.

Affected: 2011.

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:111

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1177
50432
http://secunia.com/advisories/50432
DSA-2482
http://www.debian.org/security/2012/dsa-2482
MDVSA-2012:111
http://www.mandriva.com/security/advisories?name=MDVSA-2012:111
USN-1547-1
http://www.ubuntu.com/usn/USN-1547-1
[oss-security] 20120314 CVE Request: libgdata did not verify SSL certificates
http://www.openwall.com/lists/oss-security/2012/03/14/1
[oss-security] 20120314 Re: CVE Request: libgdata did not verify SSL certificates
http://www.openwall.com/lists/oss-security/2012/03/14/3
http://www.openwall.com/lists/oss-security/2012/03/14/8
http://git.gnome.org/browse/libgdata/commit/?h=libgdata-0-10&id=8eff8fa9138859e03e58c2aa76600ab63eb5c29c
http://git.gnome.org/browse/libgdata/commit/?id=6799f2c525a584dc998821a6ce897e463dad7840
https://bugs.launchpad.net/ubuntu/+source/libgdata/+bug/938812
https://bugzilla.gnome.org/show_bug.cgi?id=671535
https://bugzilla.novell.com/show_bug.cgi?id=752088

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72135
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:111 (libgdata)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libgdata announced via advisory MDVSA-2012:111. A vulnerability has been discovered and corrected in libgdata: It was found that previously libgdata, a GLib-based library for accessing online service APIs using the GData protocol, did not perform SSL certificates validation even for secured connections. An application, linked against the libgdata library and holding the trust about the other side of the connection being the valid owner of the certificate, could be tricked into accepting of a spoofed SSL certificate by mistake (MITM attack) (CVE-2012-1177). The updated packages have been patched to correct this issue. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:111 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1177 50432 http://secunia.com/advisories/50432 DSA-2482 http://www.debian.org/security/2012/dsa-2482 MDVSA-2012:111 http://www.mandriva.com/security/advisories?name=MDVSA-2012:111 USN-1547-1 http://www.ubuntu.com/usn/USN-1547-1 [oss-security] 20120314 CVE Request: libgdata did not verify SSL certificates http://www.openwall.com/lists/oss-security/2012/03/14/1 [oss-security] 20120314 Re: CVE Request: libgdata did not verify SSL certificates http://www.openwall.com/lists/oss-security/2012/03/14/3 http://www.openwall.com/lists/oss-security/2012/03/14/8 http://git.gnome.org/browse/libgdata/commit/?h=libgdata-0-10&id=8eff8fa9138859e03e58c2aa76600ab63eb5c29c http://git.gnome.org/browse/libgdata/commit/?id=6799f2c525a584dc998821a6ce897e463dad7840 https://bugs.launchpad.net/ubuntu/+source/libgdata/+bug/938812 https://bugzilla.gnome.org/show_bug.cgi?id=671535 https://bugzilla.novell.com/show_bug.cgi?id=752088
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com