GLSA-201502-06 : nginx: Information disclosure
Medium Nessus Plugin ID 81229
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201502-06 (nginx: Information disclosure)
An SSL session fixation vulnerability has been found in nginx when multiple servers use the same shared ssl_session_cache or ssl_session_ticket_key.
A remote attacker may be able to obtain sensitive information.
There is no known workaround at this time.
SolutionAll nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/nginx-1.7.6'