Wed Mar 10 09:57:53 UTC 2010
The CUPS Driver Development Kit (DDK) is part of the main CUPS package now.
This update addresses a few security issues.
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations.
mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
when request headers indicate a request body is incoming; not a case of
mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers.
[This is the most serious flaw, but does not affect Linux systems]
For more information, see:
(* Security fix *)
The OpenSSL package has been patched and recompiled to revert a change that broke decrypting some files encrypted with previous versions of OpenSSL.
This same fix appears in the latest upstream snapshots.
Permissions in this forum:You cannot reply to topics in this forum