GLSA-201208-06 : libgdata: Man-in-the-Middle attack
Medium Nessus Plugin ID 61545
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201208-06 (libgdata: Man-in-the-Middle attack)
An error in the '_gdata_service_build_session()' function of gdata-service.c prevents libgdata from properly validating certificates.
A remote attacker could perform man-in-the-middle attacks to spoof arbitrary SSL servers via a crafted certificate.
There is no known workaround at this time.
SolutionAll libgdata users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/libgdata-0.8.1-r2'