Mandriva Linux Security Advisory : not-yet-commons-ssl (MDVSA-2015:141)

High Nessus Plugin ID 82394


The remote Mandriva Linux host is missing one or more security updates.


Updated not-yet-commons-ssl packages fixes security vulnerability :

It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack, where the attacker can spoof a valid certificate using a specially crafted subject (CVE-2014-3604).


Update the affected not-yet-commons-ssl and / or not-yet-commons-ssl-javadoc packages.

See Also

Plugin Details

Severity: High

ID: 82394

File Name: mandriva_MDVSA-2015-141.nasl

Version: $Revision: 1.1 $

Type: local

Published: 2015/03/30

Modified: 2015/03/30

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:not-yet-commons-ssl, p-cpe:/a:mandriva:linux:not-yet-commons-ssl-javadoc, cpe:/o:mandriva:business_server:2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2015/03/29

Reference Information

MDVSA: 2015:141