CVE-2011-4968 in Ubuntu

CVE-2011-4968

Priority

Low

Description

nginx http proxy module does not verify peer identity of https origin
server

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968
http://mailman.nginx.org/pipermail/nginx-devel/2015-February/006484.html

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697940
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1098654
http://trac.nginx.org/nginx/ticket/13

Notes

sarnold> Backporting this fix is non-trivial and may break deployed
applications. Someone who really wanted this could use stunnel as a
work-around until 16.04 LTS is released.

Package

Source: nginx (LP Ubuntu Debian)

Upstream:	released (1.7.0)
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (see notes)

Patches:

Upstream:

http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-14 19:55:47 UTC (commit 13907)