Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 14 Apr 2019 08:30:49 +0200
From: Emmanuel Lecharny <elecharny@...che.org>
To: oss-security@...ts.openwall.com
Subject: [CVE-2019-0231] MINA SSLFilter security Issue

Description: Handling of the close_notify SSL/TLS message does not
lead to a connection closure, leading the server to retain the socket
opened and to have the client potentially receive clear-text messages
which were supposed to be encrypted.

This security issue is fixed by Apache MINA 2.0.21 or Apache MINA
2.0.21. Please migrate to those new versions.



-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.