Vulnerability in Gentoo Portage
CVE-2013-2100
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.016 (72.1th percentile) — read the EPSS interpretation.
Affected products
- Gentoo Portage — versions 2.1.12
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (vendor-advisory, x_refsource_GENTOO)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- secalert@redhat.com (mailing-list, x_refsource_MLIST, Exploit)
- secalert@redhat.com (vdb-entry, x_refsource_BID)
- secalert@redhat.com (vdb-entry, x_refsource_XF)