This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
A vulnerability was discovered and corrected in perl-IO-Socket-SSL :
The verify_hostname_of_cert function in the certificate checking
feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only
matches the prefix of a hostname when no wildcard is used, which
allows remote attackers to bypass the hostname check for a certificate
This update provides a fix for this vulnerability.
Packages were missing for 2009.0, this update addresses the problem.
Update the affected perl-IO-Socket-SSL package.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true