Red Hat Bugzilla – Bug 1417585
links: Multiple vulnerabilities fixed in 2.14 release
Last modified: 2017-01-30 06:14:12 EST
Links upstream just released version 2.14 which fixes some security issues.
Security bug fixed: Don't load or render the content of "407 Proxy Authentication Required" reply when using https proxy. This avoids the FalseCONNECT attack.
Limit keepalive of ciphers with 64-bit block size to mitigate the SWEET32 attack
Created links tracking bugs for this issue:
Affects: epel-all [bug 1417586]
Affects: fedora-all [bug 1417587]