Debian: DSA-2141-1 Moderate: apache2 Insecure Renegotiation Remote Issue
debian
January 5, 2011
DSA-2141-1 changed the behaviour of the openssl libraries in a server environment to only allow SSL/TLS renegotiation for clients that support the RFC5746 renegotiation extension
Summary
For the stable distribution (lenny), the compatibility option has been
included in version 2.2.9-10+lenny9.
In addition, apache2-mpm-itk has been rebuilt to work with the updated
apache2 packages. The new version number is 2.2.6-02-1+lenny4.
For the unstable distribution (sid), and the testing distribution
(squeeze), the compatibility option has been included since version
2.2.15-1.
We recommend that you upgrade your apache2 and apache2-mpm-itk
packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
PREVIOUS
NEXT
Package: apache2
CVE ID: CVE-2009-3555
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!