Debian Security Advisory
DLA-282-1 lighttpd -- LTS security update
- Date Reported:
- 25 Jul 2015
- Affected Packages:
- lighttpd
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-3566.
- More information:
-
This update allows to disable SSLv3 in lighttpd in order to protect against the POODLE attack. SSLv3 is now disabled by default and can be reenabled (if needed) using the ssl.use-sslv3 option.