Debian Security Advisory
DLA-55-1 nginx -- LTS security update
- Date Reported:
- 17 Sep 2014
- Affected Packages:
- nginx
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-3616.
- More information:
-
Antoine Delignat-Lavaud discovered that it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple
server
blocks.For Debian 6
Squeeze
, these issues have been fixed in nginx version 0.7.67-3+squeeze4