DescriptionThe Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
NVD CVSS v2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
SUSE informationSUSE Bugzilla entry: 831947 [RESOLVED / FIXED] SUSE Security Advisories:
- openSUSE-SU-2013:1330-1, published Wed, 14 Aug 2013 03:04:14 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 12.3|| ||Patchnames: |