Source: e2guardian X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for e2guardian. CVE-2021-44273[0]: | e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate | validation in the SSL MITM engine. In standalone mode (i.e., acting as | a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if | built with OpenSSL v1.1.x, did not validate hostnames in certificates | of the web servers that it connected to, and thus was itself | vulnerable to MITM attacks. https://www.openwall.com/lists/oss-security/2021/12/23/2 https://github.com/e2guardian/e2guardian/issues/707 Fixed by: https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2 Cheers, Moritz