Advisories

MGASA-2021-0491 - Updated fossil packages fix security vulnerability

Publication date: 27 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0491.html
Type: security
Affected Mageia releases: 8
CVE: 

Client-side TLS so that it verifies that the server hostname matches its
certificate (Fixed in fossil 2.14.2).

A data exfiltration bug in the server (Fixed in fossil 2.14.1).

References:
- https://bugs.mageia.org/show_bug.cgi?id=29266
- https://fossil-scm.org/home/doc/trunk/www/changes.wiki#v2_14
- https://lists.opensuse.org/archives/list/[email protected]/thread/AQ44KVDTB6D2MENE7C2YPVCSV3BXT3B4/
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/JBTRZ5HCOUTIIKJF3T37NORI4P7EVYCY/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=

SRPMS:
- 8/core/fossil-2.14.2-1.mga8

Mageia 2021-0491: fossil security update

Client-side TLS so that it verifies that the server hostname matches its certificate (Fixed in fossil 2.14.2)

Summary

CVE: Client-side TLS so that it verifies that the server hostname matches its certificate (Fixed in fossil 2.14.2).
A data exfiltration bug in the server (Fixed in fossil 2.14.1).

Resolution

MGASA-2021-0491 - Updated fossil packages fix security vulnerability

References

- https://bugs.mageia.org/show_bug.cgi?id=29266

- https://fossil-scm.org/home/doc/trunk/www/changes.wiki#v2_14

- https://lists.opensuse.org/archives/list/[email protected]/thread/AQ44KVDTB6D2MENE7C2YPVCSV3BXT3B4/

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/JBTRZ5HCOUTIIKJF3T37NORI4P7EVYCY/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=

Severity
Issued Date: 27 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0491.html
Type: security
Affected Mageia releases: 8
Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.