lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Vhr4z-0007Hu-7a@alpha.psidef.org>
Date: Sat, 16 Nov 2013 20:23:13 -0500
From: Michael Gilbert <mgilbert@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 2795-2] lighttpd regression update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2795-2                   security@...ian.org
http://www.debian.org/security/                           Michael Gilbert
November 16, 2013                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lighttpd
Vulnerability  : regression
Problem type   : remote
Debian-specific: no
Debian Bug     : 729480

It was discovered discovered that SSL connections with client certificates
stopped working after the DSA-2795-1 update of lighttpd.  An upstream
patch has now been applied that provides an appropriate identifier for
client certificate verification.

For the oldstable distribution (squeeze), this problem has been fixed in
version 1.4.28-2+squeeze1.5.

For the stable distribution (wheezy), this problem has been fixed in
version 1.4.31-4+deb7u2.

For the testing (jessie) and unstable (sid) distributions, this problem
will be fixed soon.

We recommend that you upgrade your lighttpd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQQcBAEBCgAGBQJSiBhlAAoJELjWss0C1vRznAgf/3GLMXwDwNiZnCXnwyiiWDlz
i03rvD4JC/AKzA/BUqxbutauuwBCDL1ed/Rmrk0q3emX6k6RPJlsUe+NCsQXJbcz
P0g+eCXGAjos/uMhEwKxp+/BM2ePp64eT80pGQi5PIKy/ecYElda2HmOJTve1y28
0VNoQmKay67mmwkKz6YncD1TCp67085fRmPVLspk2TS+Pp2cEURfjc2m1MW9K7HL
Ad9RotqBKdKD6CfNC7owCJiWUaBImHWXVszXNUrpxUWK3GPuwR2stoRhZ3vpdv4X
aDuP4bxrrhFg9I2vjQZmD6bhTwPW4dHfP8K+1mmCdI+r587XN2l2Q61HDjYOBS5K
u/PHnhqOFC1bC+fi3mpLLD4b3tryDQmGoaKtq2hxZXzAb+cJFwWQVvUpd6WqJzcr
j2pjp2RPYHloG6cd0LryuOJmylodCCXx8CNDClnJvTMcKZlTcgfwNpFeAtumuh8R
xjq4M5Agt/AdwiJwURj7+fvbkPhyzjDWjJzb9CJSNQgbkQAeZgdS6Z5kn25hmuMs
71IsJtd6F7xpTlh6LyguEBVNG9p9WUGoFAA0R2OBC/8dDpspdHmavZwuHbrKhsLO
gW0nDyyyJNGFnu93OfB7f2JgQZkumGLt36JNjgtpGLPQsBHFIcbJ0Ido4Malh7FC
sEWbgcjpJ0ulOjGtpBuICxX7NDuqd2btn803W3bubuzRkvI61aVcm8TinLwaR45Z
5GMewIpivvaF09tRBjRCSV3Qnq7BJNdYYWq/w4y/vTN77Qrfo47YMorphT+BdWQw
3X7jaRccIikpVQEfvaqbKMRVYt4aKGkeso56lNCoLmegDbDrS2kkHc3ei8Nx1RB5
yhlNh3KJC7rDG5Xvp84Su/gzHcHcW65IHwYLrOxYHceThe1UD90jDCmdg4GubBPh
ut7ShBkOFM0cxThl4L9hD9M/ROTIHjVZo+36twaa6WGVyEkHNfhD9hHH5fOIdnp7
hsQOmo6c+KoYs7/jkpUKlTy301XRBCid8i4jB0Ohw/CdOf3IrmJ7X1M2nycjAsD9
Fc5TDp6Rrhm7222gIFwzcu0Rmy5uTndn2inClKNUhb/hj4/u7IwBHdUsgULERt5w
7JDK87sPCjlIxp/fredrwOsZpBb+XeRlXhzW6SuWpJuaxc9TKElHILmeqeMnjej1
vWMoWA1wvtWIdTg7V3e/Y38EugYSyx1Jj1GtuYjUhe+sqpiGWaTC3lrqPCdV0A84
9CCKS51ewqLwB1RJrUbaxc5g0dmULkUFGuwgb5WT63Dp9AZIB2O8B3RpqkdIzyXP
caFNz/ydPSH4vXCHckoTyJ04CzylX8HkTgPmvLshGJTs74U1hCEfOOWT+2tLiHo=
=Uz0N
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ