Mandriva Linux Security Advisory : bzr (MDVSA-2013:229)
Medium Nessus Plugin ID 69842
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated bzr packages fix security vulnerabilities :
A denial of service flaw was found in the way SSL module implementation of Python 3 performed matching of the certificate's name in the case it contained many '*' wildcard characters. A remote attacker, able to obtain valid certificate with its name containing a lot of '*' wildcard characters could use this flaw to cause denial of service (excessive CPU consumption) by issuing request to validate such a certificate for / to an application using the Python's ssl.match_hostname() functionality (CVE-2013-2099).
SolutionUpdate the affected bzr package.