Advisories » MGASA-2014-0427

Updated nginx packages fix CVE-2014-3616

Publication date: 28 Oct 2014
Modification date: 28 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3616

Description

Updated nginx package fixes security vulnerability:

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was
possible to reuse cached SSL sessions in unrelated contexts, allowing virtual
host confusion attacks in some configurations by an attacker in a privileged
network position (CVE-2014-3616).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14104
• https://www.debian.org/security/2014/dsa-3029
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616

SRPMS

4/core

• nginx-1.4.7-1.1.mga4

3/core

• nginx-1.2.9-1.3.mga3