[SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option

2011-01-0523:21:00

lists.debian.org

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

JSON

Debian Security Advisory DSA-2141-3 [email protected]
http://www.debian.org/security/ Stefan Fritsch
January 06, 2011 http://www.debian.org/security/faq

Package : apache2
Vulnerability : backward compatibility option for SSL/TLS insecure
renegotiation
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-3555
Debian Bug : 587037

DSA-2141-1 changed the behaviour of the openssl libraries in a server
environment to only allow SSL/TLS renegotiation for clients that
support the RFC5746 renegotiation extension. This update to apache2
adds the new SSLInsecureRenegotiation configuration option that allows
to restore support for insecure clients. More information can be found
in the file /usr/share/doc/apache2.2-common/NEWS.Debian.gz .

For the stable distribution (lenny), the compatibility option has been
included in version 2.2.9-10+lenny9.

In addition, apache2-mpm-itk has been rebuilt to work with the updated
apache2 packages. The new version number is 2.2.6-02-1+lenny4.

For the unstable distribution (sid), and the testing distribution
(squeeze), the compatibility option has been included since version
2.2.15-1.

We recommend that you upgrade your apache2 and apache2-mpm-itk
packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian5mipselapache2-suexec-custom< 2.2.9-10+lenny6apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb
Debian5sparclibnss3-1d-dbg< 3.12.3.1-0lenny3libnss3-1d-dbg_3.12.3.1-0lenny3_sparc.deb
Debian4amd64apache2-prefork-dev< 2.2.3-4+etch11apache2-prefork-dev_2.2.3-4+etch11_amd64.deb
Debian4alphaapache2-threaded-dev< 2.2.3-4+etch11apache2-threaded-dev_2.2.3-4+etch11_alpha.deb
Debian5powerpcapache2-suexec< 2.2.9-10+lenny6apache2-suexec_2.2.9-10+lenny6_powerpc.deb
Debian5amd64libnss3-1d< 3.12.3.1-0lenny3libnss3-1d_3.12.3.1-0lenny3_amd64.deb
Debian5ia64apache2-mpm-event< 2.2.9-10+lenny6apache2-mpm-event_2.2.9-10+lenny6_ia64.deb
Debian6powerpclighttpd-mod-mysql-vhost< 1.4.28-2+squeeze1.2lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.2_powerpc.deb
Debian5armellibssl0.9.8-dbg< 0.9.8g-15+lenny11libssl0.9.8-dbg_0.9.8g-15+lenny11_armel.deb
Debian4mipsapache2-mpm-prefork< 2.2.3-4+etch11apache2-mpm-prefork_2.2.3-4+etch11_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	5	mipsel	apache2-suexec-custom	< 2.2.9-10+lenny6	apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb
Debian	5	sparc	libnss3-1d-dbg	< 3.12.3.1-0lenny3	libnss3-1d-dbg_3.12.3.1-0lenny3_sparc.deb
Debian	4	amd64	apache2-prefork-dev	< 2.2.3-4+etch11	apache2-prefork-dev_2.2.3-4+etch11_amd64.deb
Debian	4	alpha	apache2-threaded-dev	< 2.2.3-4+etch11	apache2-threaded-dev_2.2.3-4+etch11_alpha.deb
Debian	5	powerpc	apache2-suexec	< 2.2.9-10+lenny6	apache2-suexec_2.2.9-10+lenny6_powerpc.deb
Debian	5	amd64	libnss3-1d	< 3.12.3.1-0lenny3	libnss3-1d_3.12.3.1-0lenny3_amd64.deb
Debian	5	ia64	apache2-mpm-event	< 2.2.9-10+lenny6	apache2-mpm-event_2.2.9-10+lenny6_ia64.deb
Debian	6	powerpc	lighttpd-mod-mysql-vhost	< 1.4.28-2+squeeze1.2	lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.2_powerpc.deb
Debian	5	armel	libssl0.9.8-dbg	< 0.9.8g-15+lenny11	libssl0.9.8-dbg_0.9.8g-15+lenny11_armel.deb
Debian	4	mips	apache2-mpm-prefork	< 2.2.3-4+etch11	apache2-mpm-prefork_2.2.3-4+etch11_mips.deb