DOCUMENTATION

Views

Search

Toolbox

Advisories:rPSA-2009-0154

From rPath Wiki

Jump to: navigation, search

rPath Security Advisory 2009-0154-1

Published: 2009-11-24

Products

rPath Appliance Platform Linux Service 1
rPath Linux 1

Rating

Major

Exposure Level Classification

Indirect Deterministic Weakness

Updated Versions

httpd=conary.rpath.com@rpl:1/2.0.63-0.9-1
httpd=rap-emc.rpath.com@rpath:emc-production-1/2.0.63-4-1
mod_ssl=conary.rpath.com@rpl:1/2.0.63-0.9-1
mod_ssl=rap-emc.rpath.com@rpath:emc-production-1/2.0.63-4-1

rPath Issue Tracking System

References

Description

Previous versions of httpd are vulnerable to a man-in-the-middle attack

during TLS session renegotiation, sometimes referred to as the "Project

Mogul" issue. This vulnerability has been addressed in this update.

Additionally, two denial of service vulnerabilities and an access

restriction bypass in mod_proxy_ftp are resolved in this update.

Copyright 2009 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html

Retrieved from "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0154"

Categories: Support Issue | Advisories