CVE-2012-1177

Related Files

Ubuntu Security Notice USN-1547-1

Posted Aug 29, 2012

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1547-1 - Vreixo Formoso discovered that the libGData library, as used by Evolution and other applications, did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter data transmitted via the GData protocol.

tags | advisory, remote, protocol

systems | linux, ubuntu

advisories | CVE-2012-1177

SHA-256 | a4ab1606db51fda6b3872f4eb812e94c816f2b0d3a0230277fcb0126b714fb2a

Download | Favorite | View

Gentoo Linux Security Advisory 201208-06

Posted Aug 15, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-6 - A vulnerability in libgdata could allow remote attackers to perform man-in-the-middle attacks. Versions less than 0.8.1-r2 are affected.

tags | advisory, remote

systems | linux, gentoo

advisories | CVE-2012-1177

SHA-256 | 6c9550b2609f2f265e43e99e0791a7773adfb69954890e5f2e3a22021e0ab085

Download | Favorite | View

Mandriva Linux Security Advisory 2012-111

Posted Jul 25, 2012

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-111 - It was found that previously libgdata, a GLib-based library for accessing online service APIs using the GData protocol, did not perform SSL certificates validation even for secured connections. An application, linked against the libgdata library and holding the trust about the other side of the connection being the valid owner of the certificate, could be tricked into accepting of a spoofed SSL certificate by mistake. The updated packages have been patched to correct this issue.

tags | advisory, spoof, protocol

systems | linux, mandriva

advisories | CVE-2012-1177

SHA-256 | 0e6890a08ae22ca1f467f5d5fce0ae80f27743e936d792f852966aa408755bd7

Download | Favorite | View