DOCUMENTATION

Views

Search

Toolbox

Advisories:rPSA-2009-0155

From rPath Wiki

Jump to: navigation, search

rPath Security Advisory 2009-0155-1

Published: 2009-11-24

Products

rPath Appliance Platform Linux Service 2
rPath Linux 2

Rating

Major

Exposure Level Classification

Indirect Deterministic Weakness

Updated Versions

httpd=conary.rpath.com@rpl:2/2.2.9-4.3-1
httpd=rap-emc.rpath.com@rpath:emc-production-2/2.2.9-6-1
mod_ssl=conary.rpath.com@rpl:2/2.2.9-4.3-1
mod_ssl=rap-emc.rpath.com@rpath:emc-production-2/2.2.9-6-1

rPath Issue Tracking System

RPL-3146

References

Description

Previous versions of httpd are vulnerable to a man-in-the-middle attack

during TLS session renegotiation, sometimes referred to as the "Project

Mogul" issue. This vulnerability has been addressed in this update.

Additionally, a denial of service vulnerability and an access

restriction bypass in mod_proxy_ftp are resolved in this update.

Copyright 2009 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html

Retrieved from "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0155"

Categories: Support Issue | Advisories