GLib Networking: Improper certificate validation

GLib Networking: Improper certificate validation GLib Networking was not properly verifying TLS certificates in all circumstances, possibly allowing an integrity/confidentiality compromise. glib-networking 2020-07-27 2020-07-27 725880 remote 2.62.4 2.62.4

Network-related giomodules for glib

GTlsClientConnection skips hostname verification of the server’s TLS certificate if the application fails to specify the expected server identity.

There may be a breach of integrity or confidentiality in connections made using GLib Networking.

There is no known workaround at this time.

All GLib Networking users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-libs/glib-networking-2.62.4"

CVE-2020-13645 sam_c sam_c