Mandriva Linux Security Advisory : not-yet-commons-ssl (MDVSA-2015:141)
High Nessus Plugin ID 82394
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated not-yet-commons-ssl packages fixes security vulnerability :
It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack, where the attacker can spoof a valid certificate using a specially crafted subject (CVE-2014-3604).
SolutionUpdate the affected not-yet-commons-ssl and / or not-yet-commons-ssl-javadoc packages.