(RHSA-2014:1690) Low: python-backports-ssl_match_hostname security update

2014-10-22T04:00:00
ID RHSA-2014:1690
Type redhat
Reporter RedHat
Modified 2018-06-07T02:47:44

Description

The python-backports-ssl_match_hostname package provides RFC 6125 compliant wildcard matching.

A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. (CVE-2013-2099)

This issue was discovered by Florian Weimer of Red Hat Product Security.

All python-backports-ssl_match_hostname users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.