Friday, December 6, 2024

Re: Anyone using AWS.Client? You need Rawhide.

On 12/6/24 19:45, Björn Persson via Ada wrote:
> Anyone who uses the client-side HTTPS functionality of the Ada Web
> Server library needs to know about CVE-2024-37015. HTTPS requests made
> with AWS.Client are vulnerable to monster-in-the-middle attacks.
>
> Here's the announcement from Adacore:
> https://docs.adacore.com/corp/security-advisories/SEC.AWS-0031-v2.pdf

Wow, that's not a rocket-science-kind-of a vulnerability but rather a
really bad implementation of TLS! Quite a surprise to see this in one of
the official libraries from AdaCore!

Thanks for the heads-up!

--
Vratislav


--
_______________________________________________
Ada mailing list -- ada@lists.fedoraproject.org
To unsubscribe send an email to ada-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/ada@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

No comments:

Post a Comment