http://blog.securityonion.net/2014/10/new-securityonion-web-page-and.html
That package updated the Apache configuration to disable SSLv3. However, the package used "sed" to update /etc/apache2/mods-enabled/ssl.conf, which is a symlink to /etc/apache2/mods-available/ssl.conf. When sed operates on a symlinked file, it replaces the symlink with a copy of the file and then makes its modifications. The broken symlink would have caused issues with future package updates, so I've released a new version of the securityonion-web-page package that fixes the symlink and updates the original file properly.
The new package version is as follows:
securityonion-web-page - 20141015-0ubuntu0securityonion7
Issues Resolved
Issue 640: securityonion-web-page: previous update broke ssl symlink
https://code.google.com/p/security-onion/issues/detail?id=629
Updating
The new packages are now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Updating using "sudo soup" |
Verifying that the update fixed the ssl.conf hyperlink |
Verifying that SSLProtocol excludes SSLv3 |
Restarting Apache using "sudo service apache2 restart" |
Verifying that SSLv3 is disabled using "openssl s_client -connect localhost:443 -ssl3" |
Thanks
Thanks to David Zawdie for testing!
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.