DescriptionThe Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- openSUSE-SU-2013:1330-1, published Wed, 14 Aug 2013 03:04:14 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 12.3|| ||Patchnames: