Release 1.2.1-2.2+wheezy3
Christos Trochalakis
9 years ago
|
0 |
nginx (1.2.1-2.2+wheezy3) wheezy-security; urgency=high
|
|
1 |
|
|
2 |
* debian/patches/fix-CVE-2014-3616.patch:
|
|
3 |
CVE-2014-3616: It was possible to reuse cached SSL sessions in
|
|
4 |
unrelated contexts, allowing virtual host confusion attacks in some
|
|
5 |
configurations by an attacker in a privileged network position.
|
|
6 |
(Closes: #761940)
|
|
7 |
|
|
8 |
-- Christos Trochalakis <yatiohi@ideopolis.gr> Thu, 18 Sep 2014 15:25:04 +0300
|
|
9 |
|
0 | 10 |
nginx (1.2.1-2.2+wheezy2) stable-security; urgency=high
|
1 | 11 |
|
2 | 12 |
* debian/patches/fix-CVE-2013-4547.patch:
|
|
0 |
Subject: fix CVE-2014-3616, Reuse cached SSL sessions in unrelated contexts
|
|
1 |
Origin: http://mailman.nginx.org/pipermail/nginx-devel/2014-September/005948.html
|
|
2 |
--- a/src/event/ngx_event_openssl.c
|
|
3 |
+++ b/src/event/ngx_event_openssl.c
|
|
4 |
@@ -1498,14 +1498,16 @@ ngx_int_t
|
|
5 |
ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
|
|
6 |
ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout)
|
|
7 |
{
|
|
8 |
- long cache_mode;
|
|
9 |
+ long cache_mode;
|
|
10 |
+ u_char buf[16];
|
|
11 |
|
|
12 |
if (builtin_session_cache == NGX_SSL_NO_SCACHE) {
|
|
13 |
SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
|
|
14 |
return NGX_OK;
|
|
15 |
}
|
|
16 |
|
|
17 |
- SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len);
|
|
18 |
+ RAND_pseudo_bytes(buf, 16);
|
|
19 |
+ SSL_CTX_set_session_id_context(ssl->ctx, buf, 16);
|
|
20 |
|
|
21 |
if (builtin_session_cache == NGX_SSL_NONE_SCACHE) {
|
|
22 |
|
0 | 0 |
perl-use-dpkg-buildflags.patch
|
1 | 1 |
fix-CVE-2013-2070.patch
|
2 | 2 |
fix-CVE-2013-4547.patch
|
|
3 |
fix-CVE-2014-3616.patch
|