http://www.mandriva.com/en/
______________________________
Package : nginx
Date : March 28, 2015
Affected: Business Server 2.0
______________________________
Problem Description:
Updated nginx package fixes security vulnerabilities:
A bug in the experimental SPDY implementation in nginx was found,
which might allow an attacker to cause a heap memory buffer overflow
in a worker process by using a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2014-0133).
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that
it was possible to reuse cached SSL sessions in unrelated contexts,
allowing virtual host confusion attacks in some configurations by an
attacker in a privileged network position (CVE-2014-3616).
______________________________
References:
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://advisories.mageia.org/
http://advisories.mageia.org/
______________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
f859044a48eda0b859c931bce36881
36f49f7a1ca40c8546e82d514023b3
______________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Komentarų nėra:
Rašyti komentarą