[SECURITY] Fedora 11 Update: perl-IO-Socket-SSL-1.26-1.fc11

updates at fedoraproject.org updates at fedoraproject.org
Sun Jul 19 10:06:10 UTC 2009 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-7435
2009-07-11 02:40:16
--------------------------------------------------------------------------------

Name        : perl-IO-Socket-SSL
Product     : Fedora 11
Version     : 1.26
Release     : 1.fc11
URL         : http://search.cpan.org/dist/IO-Socket-SSL/
Summary     : Perl library for transparent SSL
Description :
This module is a true drop-in replacement for IO::Socket::INET that
uses SSL to encrypt data before it is transferred to a remote server
or client. IO::Socket::SSL supports all the extra features that one
needs to write a full-featured SSL client or server application:
multiple SSL contexts, cipher selection, certificate verification, and
SSL version selection. As an extra bonus, it works perfectly with
mod_perl.

--------------------------------------------------------------------------------
Update Information:

This update to version 1.26 fixes an issue where only the prefix of the hostname
was checked if there was no wildcard present, so for example www.example.org
would match a certificate starting with www.exam.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul  4 2009 Paul Howarth <paul at city-fan.org> - 1.26-1
- Update to 1.26 (verify_hostname_of_cert matched only the prefix for the
  hostname when no wildcard was given, e.g. www.example.org matched against a
  certificate with name www.exam in it)
* Fri Jul  3 2009 Paul Howarth <paul at city-fan.org> - 1.25-1
- Update to 1.25 (fix t/nonblock.t for OS X 10.5 - CPAN RT#47240)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #509819 - perl-IO-Socket-SSL: incorrect checking of certificate hostnames
        https://bugzilla.redhat.com/show_bug.cgi?id=509819
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl-IO-Socket-SSL' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list