Fedora 13 : perl-IO-Socket-SSL-1.37-1.fc13 (2010-19054)
Medium Nessus Plugin ID 51381
SynopsisThe remote Fedora host is missing a security update.
DescriptionThis update fixes a problem whereby IO::Socket::SSL fell back to the 'VERIFY_NONE' verification mode if another verification mode was defined but no valid ca_file or ca_path was provided.
The updated version throws an error in that situation rather than proceeding with the connection despite being unable to verify the certificate(s) as requested.
This issue was originally reported at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected perl-IO-Socket-SSL package.