1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility

    From Stefan Fritsch@1:229/2 to All on Thu Jan 6 00:40:02 2011
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------ Debian Security Advisory DSA-2141-3 [email protected] http://www.debian.org/security/ Stefan Fritsch January 06, 2011 http://www.debian.org/security/faq
    - ------------------------------------------------------------------------

    Package : apache2
    Vulnerability : backward compatibility option for SSL/TLS insecure
    renegotiation
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2009-3555
    Debian Bug : 587037

    DSA-2141-1 changed the behaviour of the openssl libraries in a server environment to only allow SSL/TLS renegotiation for clients that
    support the RFC5746 renegotiation extension. This update to apache2
    adds the new SSLInsecureRenegotiation configuration option that allows
    to restore support for insecure clients. More information can be found
    in the file /usr/share/doc/apache2.2-common/NEWS.Debian.gz .

    For the stable distribution (lenny), the compatibility option has been
    included in version 2.2.9-10+lenny9.

    In addition, apache2-mpm-itk has been rebuilt to work with the updated
    apache2 packages. The new version number is 2.2.6-02-1+lenny4.

    For the unstable distribution (sid), and the testing distribution
    (squeeze), the compatibility option has been included since version
    2.2.15-1.

    We recommend that you upgrade your apache2 and apache2-mpm-itk
    packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (GNU/Linux)

    iD8DBQFNJPfTbxelr8HyTqQRAh/DAJ4xuJnfV2wG28kSCNamFiZahQ4guwCfXT8G CStrDUDmqVy0cl5Yz8B3tU8=
    =+bhm
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)