Codebase list nginx / b6807de
Release 1.2.1-2.2+wheezy3 Christos Trochalakis 9 years ago
3 changed file(s) with 34 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+10
-0
debian/changelog less more
0 nginx (1.2.1-2.2+wheezy3) wheezy-security; urgency=high
1
2 * debian/patches/fix-CVE-2014-3616.patch:
3 CVE-2014-3616: It was possible to reuse cached SSL sessions in
4 unrelated contexts, allowing virtual host confusion attacks in some
5 configurations by an attacker in a privileged network position.
6 (Closes: #761940)
7
8 -- Christos Trochalakis <yatiohi@ideopolis.gr> Thu, 18 Sep 2014 15:25:04 +0300
9
010 nginx (1.2.1-2.2+wheezy2) stable-security; urgency=high
111
212 * debian/patches/fix-CVE-2013-4547.patch:
+23
-0
debian/patches/fix-CVE-2014-3616.patch less more
0 Subject: fix CVE-2014-3616, Reuse cached SSL sessions in unrelated contexts
1 Origin: http://mailman.nginx.org/pipermail/nginx-devel/2014-September/005948.html
2 --- a/src/event/ngx_event_openssl.c
3 +++ b/src/event/ngx_event_openssl.c
4 @@ -1498,14 +1498,16 @@ ngx_int_t
5 ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
6 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout)
7 {
8 - long cache_mode;
9 + long cache_mode;
10 + u_char buf[16];
11
12 if (builtin_session_cache == NGX_SSL_NO_SCACHE) {
13 SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
14 return NGX_OK;
15 }
16
17 - SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len);
18 + RAND_pseudo_bytes(buf, 16);
19 + SSL_CTX_set_session_id_context(ssl->ctx, buf, 16);
20
21 if (builtin_session_cache == NGX_SSL_NONE_SCACHE) {
22
+1
-0
debian/patches/series less more
00 perl-use-dpkg-buildflags.patch
11 fix-CVE-2013-2070.patch
22 fix-CVE-2013-4547.patch
3 fix-CVE-2014-3616.patch