Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx
incorrectly reused cached SSL sessions. An attacker could possibly use this
issue in certain configurations to obtain access to information from a
different virtual host.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 14.04 | noarch | nginx-core | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-core-dbg | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-extras | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-extras-dbg | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-full | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-full-dbg | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-light | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-light-dbg | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-naxsi | < 1.4.6-1ubuntu3.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nginx-naxsi-dbg | < 1.4.6-1ubuntu3.1 | UNKNOWN |