Mandriva Linux Security Advisory : serf (MDVSA-2014:166)
Medium Nessus Plugin ID 77645
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated serf packages fix security vulnerability :
Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications (CVE-2014-3504).
SolutionUpdate the affected lib64serf-devel and / or lib64serf0 packages.