User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2013-0381 (apache-mod_nss)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2013-0381: Updated apache-mod_nss package fixes CVE-2013-4566
Date:  Fri, 20 Dec 2013 18:27:25 +0100
Message-ID:  <20131220172725.42D83431AF@valstar.mageia.org>

MGASA-2013-0381 - Updated apache-mod_nss package fixes CVE-2013-4566 Publication date: 20 Dec 2013 URL: http://advisories.mageia.org/MGASA-2013-0381.html Type: security Affected Mageia releases: 3 CVE: CVE-2013-4566 Description: Updated apache-mod_nss package fixes security vulnerability: A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided (CVE-2013-4566). References: - https://rhn.redhat.com/errata/RHSA-2013-1779.html - https://bugs.mageia.org/show_bug.cgi?id=11872 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4566 SRPMS: - 3/core/apache-mod_nss-1.0.8-16.4.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds