You are here
Mark - Tue, 2013/11/12 - 00:52
Hi, does anybody know if a security patch was backported to allow disabling SSL/TLS compression?
I recently set up my first TKL phpbb appliance and ran a nessus scan on it. It returned a TLS CRIME vulnerability found. The solution is to 'upgrade to 2.2.4' but it doesn't look like there is a Debian distribution for that version. 2.4 seems to be the next release. Any thoughts or suggestions would be welcome.
https://discussions.nessus.org/thread/5546
https://issues.apache.org/bugzilla/show_bug.cgi?id=53219
According to the Debian bug report, it is backported to the source but I'm wondering if it made it into the TKL appliance.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674142
The output of my: apt-cache policy apache2
apache2:
Installed: 2.2.22-13
Candidate: 2.2.22-13
Version table:
*** 2.2.22-13 0
500 http://cdn.debian.net/debian/ wheezy/main amd64 Packages
100 /var/lib/dpkg/status
Best,
Mark
Forum:
Does TKL 13.0 come with apache2 version 2.2.4 or newer?
Hi,
before I go ahead and spin up a new replacement appliance TKL 13.0 for the 12.x I currently have running, I thought I would ask... what version of apache2 does TKL 13.0 come with? If it is 2.2.4 or newer, it will resolve my initial question/post.
Thanks a lot,
Mark
Strange results...
Firstly, if there are security patched software (from Debian) on your TKL appliance it will auto update (auto updates run nightly).
Secondly you already have a later version than 2.2.4... Your apt-cache policy states that you have 2.2.22! (A fully 18 releases newer!)
BTW it looks like you already have the Wheezy version of Apache on your v12.1 server... I would still definately recommend spinning up a new server though...
PS sorry for slow reply.
Add new comment