Overview

File _patchinfo of Package patchinfo.6064

<patchinfo incident="6064">
  <issue id="957748" tracker="bnc">VUL-0: CVE-2015-8400: shellinabox: DNS rebinding attack due to HTTP fallback</issue>
  <issue id="2015-8400" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>lslezak</packager>
  <summary>Security update for shellinabox</summary>
  <description>
shellinabox was updated to version 2.20 to fix the following security issues:

- It was possible to fallback to the HTTP protocol even when configured for
  HTTPS. (CVE-2015-8400, boo#957748)
- Disable secure client-initiated renegotiation
- Set SSL options for increased security (disable SSLv2, SSLv3)
- Protection against large HTTP requests

non security fixes:

- Includes some MSIE and iOS rendering fixes
  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places