kdelibs4 security update
KSSL did not properly verify the host name of a certificate
if the certificate was issued for an IP address
(CVE-2011-1094).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4225
Fixed bugs
bnc#669222
VUL-0: kdelibs4: KDE SSL name check issue
CVE#CVE-2011-1094
kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a ce
