Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 22: Shellinabox 2.19 moderate: DNS Rebinding Attack

fedora
Calendar Grey January 8, 2016
Dist Fedora Esm H88
Elevate your Fedora setup with an upgraded shellinabox, addressing DNS rebinding vulnerabilities and enhancing compatibility with iOS devices.
* Added support for middle-click paste * Improved iOS support * New logic to enable soft keyboard icon * Disable HTTPS fallback using the URL /plain

Summary

Shell In A Box implements a web server that can export arbitrary command line

tools to a web based terminal emulator. This emulator is accessible to any

JavaScript and CSS enabled web browser and does not require any additional

browser plugins.

Update Information:

* Added support for middle-click paste * Improved iOS support * New logic to enable soft keyboard icon * Disable HTTPS fallback using the URL /plain. Consequently disables automatic upgrades from HTTP to HTTPS (CVE-2015-8400)

Change Log

References


[ 1 ] Bug #1287579 - CVE-2015-8400 shellinabox: DNS rebinding attack due to HTTP fallback [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287579 [ 2 ] Bug #1287578 - CVE-2015-8400 shellinabox: DNS rebinding attack due to HTTP fallback [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287578

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update shellinabox' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: shellinabox
Product: Fedora 22
Version: 2.19
Release: 1.fc22
Summary: Web based AJAX terminal emulator

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here