Bug#1010963: bullseye-pu: package nginx/1.18.0-6.1
Control: tags -1 + confirmed
On Sat, 2022-05-14 at 09:11 +0200, Jan Mojzis wrote:
> fixes ALPACA attack CVE-2021-3618:
> ALPACA is an application layer protocol content confusion attack,
> exploiting TLS servers implementing different protocols but using
> compatible certificates, such as multi-domain or wildcard
> certificates. A MiTM attacker having access to victim's traffic at
> the TCP/IP layer can redirect traffic from one subdomain to another,
> resulting in a valid TLS session. This breaks the authentication of
> TLS and cross-protocol attacks may be possible where the behavior of
> one protocol service may compromise the other at the application
> layer.
>
> [ Impact ]
>
> Similarly to smtpd_hard_error_limit in Postfix and
> smtp_max_unknown_commands
> in Exim, specifies the number of errors after which the connection is
> closed.
>
Please go ahead.
Regards,
Adam
Reply to: