Joined: 12 May 2004
|Posted: Wed Jul 29, 2020 12:26 am Post subject: [ GLSA 202007-50 ] GLib Networking
|Gentoo Linux Security Advisory
Title: GLib Networking: Improper certificate validation (GLSA 202007-50)
GLib Networking was not properly verifying TLS certificates in all
circumstances, possibly allowing an integrity/confidentiality compromise.
Network-related giomodules for glib
Vulnerable: < 2.62.4
Unaffected: >= 2.62.4
Architectures: All supported architectures
GTlsClientConnection skips hostname verification of the server’s TLS
certificate if the application fails to specify the expected server
There may be a breach of integrity or confidentiality in connections
made using GLib Networking.
There is no known workaround at this time.
All GLib Networking users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/glib-networking-2.62.4"