November 8, 2009

Mandriva Linux Security Advisory 2009:295: apache

A vulnerability was discovered and corrected in apache:

Apache is affected by SSL injection or man-in-the-middle attacks
due to a design flaw in the SSL and/or TLS protocols. A short term
solution was released Sat Nov 07 2009 by the ASF team to mitigate
these problems. Apache will now reject in-session renegotiation
(CVE-2009-3555).

Additionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1.

This update provides a solution to this vulnerability...

Read More

Click Here!