Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option


Chronologisch Thread 
  • From: Stefan Fritsch <sf AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option
  • Date: Wed, 05 Jan 2011 23:21:00 +0000
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <sf AT chopin.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 5 Jan 2011 23:21:10 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <9gfaNYBbpm.A.nHG.mzPJNB@liszt>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2141-3 security AT debian.org
http://www.debian.org/security/ Stefan Fritsch
January 06, 2011 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : apache2
Vulnerability : backward compatibility option for SSL/TLS insecure
renegotiation
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-3555
Debian Bug : 587037

DSA-2141-1 changed the behaviour of the openssl libraries in a server
environment to only allow SSL/TLS renegotiation for clients that
support the RFC5746 renegotiation extension. This update to apache2
adds the new SSLInsecureRenegotiation configuration option that allows
to restore support for insecure clients. More information can be found
in the file /usr/share/doc/apache2.2-common/NEWS.Debian.gz .

For the stable distribution (lenny), the compatibility option has been
included in version 2.2.9-10+lenny9.

In addition, apache2-mpm-itk has been rebuilt to work with the updated
apache2 packages. The new version number is 2.2.6-02-1+lenny4.

For the unstable distribution (sid), and the testing distribution
(squeeze), the compatibility option has been included since version
2.2.15-1.

We recommend that you upgrade your apache2 and apache2-mpm-itk
packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFNJPfTbxelr8HyTqQRAh/DAJ4xuJnfV2wG28kSCNamFiZahQ4guwCfXT8G
CStrDUDmqVy0cl5Yz8B3tU8=
=+bhm
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: E1Pacf6-0007Ms-OR AT chopin.debian.org">http://lists.debian.org/E1Pacf6-0007Ms-OR AT chopin.debian.org




  • [IT-SecNots] [SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option, Stefan Fritsch, 06.01.2011

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang