MGASA-2012-0190
| Date: | August 2nd, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated libgdata packages fix security vulnerability:
It was found that previously libgdata, a GLib-based library for
accessing online service APIs using the GData protocol, did not
perform SSL certificates validation even for secured connections.
An application, linked against the libgdata library and holding
the trust about the other side of the connection being the valid
owner of the certificate, could be tricked into accepting of a
spoofed SSL certificate by mistake (MITM attack) (CVE-2012-1177).
Additionally, because this now builds against the rootcerts package,
rootcerts has been updated to the latest version and nss has been
rebuilt against the new rootcerts package.
Updated Packages:
Mageia 1:
libgdata-i18n-0.6.6-1.1.mga1
lib(64)gdata7-0.6.6-1.1.mga1
lib(64)gdata-devel-0.6.6-1.1.mga1
lib(64)nss3-3.13.5-1.1.mga1
lib(64)nss-devel-3.13.5-1.1.mga1
lib(64)nss-static-devel-3.13.5-1.1.mga1
nss-3.13.5-1.1.mga1
nss-doc-3.13.5-1.1.mga1
rootcerts-20120628.00-1.mga1
rootcerts-java-20120628.00-1.mga1
Mageia 2:
libgdata-i18n-0.12.0-1.1.mga2
lib(64)gdata13-0.12.0-1.1.mga2
lib(64)gdata-devel-0.12.0-1.1.mga2
lib(64)gdata-gir0.0-0.12.0-1.1.mga2
lib(64)nss3-3.13.5-1.1.mga2
lib(64)nss-devel-3.13.5-1.1.mga2
lib(64)nss-static-devel-3.13.5-1.1.mga2
nss-3.13.5-1.1.mga2
nss-doc-3.13.5-1.1.mga2
rootcerts-20120628.00-1.mga2
rootcerts-java-20120628.00-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1177
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:111
https://bugs.mageia.org/show_bug.cgi?id=6330
