openSUSE Security Update : shellinabox (openSUSE-2016-1501)
Medium Nessus Plugin ID 96063
SynopsisThe remote openSUSE host is missing a security update.
Descriptionshellinabox was updated to version 2.20 to fix the following security issues :
- It was possible to fallback to the HTTP protocol even when configured for HTTPS. (CVE-2015-8400, boo#957748)
- Disable secure client-initiated renegotiation
- Set SSL options for increased security (disable SSLv2, SSLv3)
- Protection against large HTTP requests
non security fixes :
- Includes some MSIE and iOS rendering fixes
SolutionUpdate the affected shellinabox packages.