(Nov 16) It was discovered discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate verification. [More…]
Red Hat: 2013:1526-01: nagios: Moderate Advisory
(Nov 18) Updated nagios packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More…]
Red Hat: 2013:1525-01: openstack-glance: Moderate Advisory
(Nov 18) Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More…]
Debian: 2797-1: chromium-browser: Multiple vulnerabilities
(Nov 17) Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2931 [More…]
Debian: 2798-1: curl: unchecked ssl certificate h
(Nov 17) Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust [More…]