Mandriva Linux Security Advisory : apache (MDVSA-2009:295)
Medium Nessus Plugin ID 42429
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered and corrected in apache :
Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555).
Additionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1.
This update provides a solution to this vulnerability.
SolutionUpdate the affected packages.