Common Vulnerabilities and Exposures assigned an identifier CVE-2014-0350 to the following vulnerability: Name: CVE-2014-0350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0350 Assigned: 20131205 Reference: https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG Reference: CERT-VN:VU#118748 Reference: http://www.kb.cert.org/vuls/id/118748 The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate. This issue has been fixed in version 1.4.6p4 and later.
Created poco tracking bugs for this issue: Affects: fedora-all [bug 1091813] Affects: epel-all [bug 1091814]
poco-1.4.2p1-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
poco-1.4.2p1-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
poco-1.4.2p1-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
poco-1.3.5-10.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.