Mandriva Linux Security Advisory 2009-252 – The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate. This update provides a fix for this vulnerability. Packages were missing for 2009.0, this update addresses the problem.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83510/MDVSA-2009-252-1.txt
Source: https://packetstormsecurity.com/files/83510/Mandriva-Linux-Security-Advisory-2009-252.html