[SECURITY] [DLA 55-1] nginx security update

2014-09-17T00:12:06
ID DEBIAN:DLA-55-1:A9977
Type debian
Reporter Debian
Modified 2014-09-17T00:12:06

Description

Package : nginx Version : 0.7.67-3+squeeze4 CVE ID : CVE-2014-3616

Antoine Delignat-Lavaud discovered that it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks.