Security update for shellinabox
shellinabox was updated to version 2.20 to fix the following security issues:
- It was possible to fallback to the HTTP protocol even when configured for
HTTPS. (CVE-2015-8400, boo#957748)
- Disable secure client-initiated renegotiation
- Set SSL options for increased security (disable SSLv2, SSLv3)
- Protection against large HTTP requests
non security fixes:
- Includes some MSIE and iOS rendering fixes
- Submitted by Ladislav Slezák (lslezak)
Fixed bugs
bnc#957748
VUL-0: CVE-2015-8400: shellinabox: DNS rebinding attack due to HTTP fallback