Updated nginx packages fix CVE-2014-3616
Publication date: 28 Oct 2014Modification date: 28 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3616
Description
Updated nginx package fixes security vulnerability: Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position (CVE-2014-3616).
References
SRPMS
3/core
- nginx-1.2.9-1.3.mga3
4/core
- nginx-1.4.7-1.1.mga4