FEDORA-EPEL-2015-481f9cfb21

security update in Fedora EPEL 5 for shellinabox

Status: stable 3 years ago
  • Added support for middle-click paste
  • Improved iOS support
  • New logic to enable soft keyboard icon
  • Disable HTTPS fallback using the URL /plain. Consequently disables automatic upgrades from HTTP to HTTPS (CVE-2015-8400)

  • Fixed handling of large HTTP packets
  • Fixed services cleanup on session timeout
  • Added logging to system log files for important/fatal errors
  • Support for perfect forward secrecy (SSL)
  • Disabled secure client initiated renegotiations (SSL)
  • Minor CSS fixes
  • SSL security issues
  • Firefox international keyboard issue
  • 256 color support
  • Message passing support for embedded shellinabox
  • Unix domain socket support
  • Real IP recognition over proxy
  • Other minor bug fixes and improvements
  • Packaging: add license macro, switch to GitHub sources

Comments 6

This update has been submitted for testing by slaanesh.

This update has obsoleted shellinabox-2.18-1.el5, and has inherited its bugs and notes.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by slaanesh.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
urgent
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago

Related Bugs 3

00 #1252109 We package an unmaintained fork of shellinabox
00 #1287578 CVE-2015-8400 shellinabox: DNS rebinding attack due to HTTP fallback [fedora-all]
00 #1287579 CVE-2015-8400 shellinabox: DNS rebinding attack due to HTTP fallback [epel-all]

Automated Test Results