UbuntuUpdates.org

Package "shellinabox"

Name: shellinabox

Description:

publish command line shell through AJAX interface

Latest version: 2.14-1ubuntu0.1
Release: trusty (14.04)
Level: updates
Repository: universe
Homepage: http://shellinabox.com

Links


Download "shellinabox"


Other versions of "shellinabox" in Trusty

Repository Area Version
base universe 2.14-1
security universe 2.14-1ubuntu0.1

Changelog

Version: 2.14-1ubuntu0.1 2016-08-25 01:06:47 UTC

  shellinabox (2.14-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Disable HTTP fallback using the URL /plain.
    Consequently disables automatic upgrades from HTTP to HTTPS.
    - Thanks to Stephen Roettger for finding the bug.
    - Thanks to Luka Krajger for writing the fix.
    - Fixes CVE-2015-8400

 -- Emily Ratliff <email address hidden> Tue, 23 Aug 2016 17:07:53 -0500

CVE-2015-8400 The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attac



About   -   Send Feedback to @ubuntu_updates