Red Hat Bugzilla – Bug 572232
CVE-2010-0744 aMSN: Improper SSL certificate validation (MITM) when connecting to the MSN server
Last modified: 2012-04-21 09:01:01 EDT
Gabriel Menezes Nunes reported:
that aMSN messenger failed to properly validate SSL certificates
when connecting to the MSN server. A remote attacker could
use this flaw to conduct man-in-the-middle attacks and / or
impersonate trusted servers.
Some upstream aMSN-devel communication regarding the patch:
And relevant commit:
This issue affects the versions of the amsn package, as shipped
with Fedora releases of 11 and 12.
Please fix, once the proposed, upstream patch  gets stabilized.
This is CVE-2010-0744.
could you please build new amsn package for Fedora
releases of 11 and 12, with proposed upstream changes:
Thanks && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
amsn-0.98.3-1.fc13 has been submitted as an update for Fedora 13.
amsn-0.98.3-1.fc12 has been submitted as an update for Fedora 12.
amsn-0.98.3-2.fc11 has been submitted as an update for Fedora 11.
amsn-0.98.3-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
amsn-0.98.3-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
amsn-0.98.3-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.