Apache Libcloud Python library - Security updates and reports

Libcloud Vulnerabilities

SSL MITM vulnerability - CVE-2010-4340

Description:

Python SSL library doesn't validate a host SSL certificate and as a consequence, versions prior to 0.4.2 are vulnerable to a man-in-the-middle attack.

Affected versions: All the versions prior to 0.4.2

Fix version:

This vulnerability has been fixed in the version 0.4.2. You are strongly encouraged to upgrade to this version and set libcloud.security.VERIFY_SSL_CERT variable to True.

Reporting a vulnerability

If you find a security vulnerability you are strongly encouraged to report it to our private mailing list: security@libcloud.apache.org

PGP keys of the libcloud developers can be found at https://www.apache.org/dist/libcloud/KEYS

Apache Libcloud a unified interface to the cloud

Security updates and reports

home

news

about

getting started

documentation

who's using libcloud?

community resources

developer information

google summer of code

contributing

downloads

Get it

Need help?

What's going on

Links

Libcloud Vulnerabilities

Reporting a vulnerability