[SECURITY] [DLA 55-1] nginx security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 55-1] nginx security update
From: Matt Palmer <mpalmer@debian.org>
Date: Wed, 17 Sep 2014 10:11:46 +1000
Message-id: <[🔎] 20140917001146.GJ25667@hezmatt.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : nginx
Version        : 0.7.67-3+squeeze4
CVE ID         : CVE-2014-3616

Antoine Delignat-Lavaud discovered that it was possible to reuse SSL
sessions in unrelated contexts if a shared SSL session cache or the same TLS
session ticket key was used for multiple "server" blocks.

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 53-1] apt security update
Next by Date: [SECURITY] [DLA 49-1] acpi-support security update
Previous by thread: [SECURITY] [DLA 53-1] apt security update
Next by thread: [SECURITY] [DLA 49-1] acpi-support security update
Index(es):
- Date
- Thread