[Bug 1370478] Re: [CVE-2014-3616] "possible to reuse cached SSL sessions in unrelated contexts"

Launchpad Bug Tracker Mon, 22 Sep 2014 09:26:19 -0700

This bug was fixed in the package nginx - 1.4.6-1ubuntu3.1

---------------
nginx (1.4.6-1ubuntu3.1) trusty-security; urgency=medium


  * SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478)
    - debian/patches/CVE-2014-3616.patch: include hash of certificate in
      session id context in src/event/ngx_event_openssl.c.
    - CVE-2014-3616
 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>   Wed, 17 Sep 2014 08:56:46 
-0400

** Changed in: nginx (Ubuntu Trusty)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1370478

Title:
  [CVE-2014-3616] "possible to reuse cached SSL sessions in unrelated
  contexts"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1370478/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1370478] Re: [CVE-2014-3616] "possible to reuse cached SSL sessions in unrelated contexts"

Reply via email to