Advisories ยป MGASA-2014-0427

Updated nginx packages fix CVE-2014-3616

Publication date: 28 Oct 2014
Modification date: 28 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3616

Description

Updated nginx package fixes security vulnerability:

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was
possible to reuse cached SSL sessions in unrelated contexts, allowing virtual
host confusion attacks in some configurations by an attacker in a privileged
network position (CVE-2014-3616).
                

References

SRPMS

3/core

4/core