1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3029-1] nginx security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Sep 20 08:20:01 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3029-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso September 20, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : nginx
    CVE ID : CVE-2014-3616
    Debian Bug : 761940

    Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing
    virtual host confusion attacks in some configurations by an attacker in
    a privileged network position.

    For the stable distribution (wheezy), this problem has been fixed in
    version 1.2.1-2.2+wheezy3.

    For the testing distribution (jessie), this problem has been fixed in
    version 1.6.2-1.

    For the unstable distribution (sid), this problem has been fixed in
    version 1.6.2-1.

    We recommend that you upgrade your nginx packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJUHRscAAoJEAVMuPMTQ89EGuUP/iedSRE21l/sSyJRUxP5GIoC GjKzrIsbFFDHY9gKH0JUJbVc5ayeEciHLWY7cY119Rlim6/IPpd4T246y4QzPyYd W0tI7eAmmg2zOjCIafubvLHii+FYQ93xSn6Y09CEL9XiHmVxDHS/uDdCBcQKhKaI rXaVc+VAg+I396RcyE6houS1GTPoUmkhJkMKOu4HCutx6foXjT78wLFJEiFLAy9I vVPhZ1+En1PqaJgqry8FEwkreiNF+Lzjb1VLpQzvNzi21uRhz3sPDCy6Y2nkMEhV 4fdYZJKEJGHWC/cdZXCwu5T4lnAZWSB7QYa26yiaUraWO9SrqJw20HgN1YnuGTFf YbeG3qdhMjEYVsdyi0VARtw3yZXfy122/yE0vvaYv0HKFp4Nrzm/5NBysuO+Zcg2 zt422dH9O0bLasJp6lm3tcSzGkfME7Fz63X6/CNupzoFnXcVP+IQpEHYD53+S1mf 3CUPp8sFxauuWuCpMb7hbD8hzYzrPRxB6cRsdAoKxSqTUn+dPOZRFp84tRuW0U5c mBs7DfmfWnnscmTJ/gUbeES+Ac8Tfbrr1Rsz12vAs7onuXxHHH/NSihtsLGYQ17N xzgGSXfgAfnky2J5ZkTOTVE+LvKkoWQX3cq8a+t5JaZjGJZinDkU5CSTOyik80Nr dGeskBuPPhZC1qYrJkyI
    =XURr
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)