[Bug 1370478] Re: [CVE-2014-3616] "possible to reuse cached SSL sessions in unrelated contexts"
Launchpad Bug Tracker
1370478 at bugs.launchpad.net
Tue Jan 6 18:22:05 UTC 2015
This bug was fixed in the package nginx - 1.1.19-1ubuntu0.7
---------------
nginx (1.1.19-1ubuntu0.7) precise-security; urgency=medium
* SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478)
- debian/patches/CVE-2014-3616.patch: Use a random value for session id
context, since there is no support for shared TLS Session Tickets in
this version in src/event/ngx_event_openssl.c.
- CVE-2014-3616
-- Lev Lazinskiy <llazinskiy at linode.com> Fri, 05 Dec 2014 22:25:50 -0500
** Changed in: nginx (Ubuntu Precise)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1370478
Title:
[CVE-2014-3616] "possible to reuse cached SSL sessions in unrelated
contexts"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1370478/+subscriptions
More information about the Ubuntu-server-bugs
mailing list