SynopsisThe remote Fedora host is missing a security update.
DescriptionBackport various security fixes. Note they usually are extra options that need to be enabled manually so that we won't break functionality :
- CVE-2011-3389: Make it possible to deny use of 'BEAST' vulnerable ciphers
- CVE-2012-4929: Disable compression to be safe from 'CRIME'
- CVE-2005-2090: Chunked encofing response splitting (no awkward name here)
- CVE-2014-3566: Allow disabling SSLv3 (and others), to be safe from 'POODLE'
- A redirect XSS fix
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected Pound package.