wok rev 17238
dovecot, proftpd: CVE-2014-3566
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Sat Oct 18 14:31:43 2014 +0200 (2014-10-18) |
| parents | f2bdc266fba2 |
| children | bdcd8803b305 |
| files | dovecot/receipt proftpd/receipt |
line diff
1.1 --- a/dovecot/receipt Sat Oct 18 14:11:33 2014 +0200 1.2 +++ b/dovecot/receipt Sat Oct 18 14:31:43 2014 +0200 1.3 @@ -63,14 +63,18 @@ 1.4 chmod 755 $fs/etc/ssl/misc/* 1.5 1.6 # Customising config. 1.7 - sed -i -e "s/^#default_vsz_limit.*/default_vsz_limit = 50M"/ \ 1.8 + sed -i -e "s/^#default_vsz_limit.*/default_vsz_limit = 50M/" \ 1.9 $fs/etc/dovecot/conf.d/10-master.conf 1.10 1.11 - sed -i -e "s!^#log_path =.*!log_path = /var/log/dovecot/dovecot.log"! \ 1.12 + sed -i -e "s!^#log_path =.*!log_path = /var/log/dovecot/dovecot.log!" \ 1.13 $fs/etc/dovecot/conf.d/10-logging.conf 1.14 1.15 - sed -i -e "s/^#listen.*/listen = *"/ \ 1.16 + sed -i -e "s/^#listen.*/listen = */" \ 1.17 $fs/etc/dovecot/dovecot.conf 1.18 + 1.19 + # Unsafe, see CVE-2014-3566 POODLE 1.20 + sed -i -e "s/^#ssl_protocols =.*/ssl_protocols = !SSLv2 !SSLv3/" \ 1.21 + $fs/etc/dovecot/conf.d/10-ssl.conf 1.22 } 1.23 1.24 #nd post install commands for Tazpkg.
2.1 --- a/proftpd/receipt Sat Oct 18 14:11:33 2014 +0200 2.2 +++ b/proftpd/receipt Sat Oct 18 14:31:43 2014 +0200 2.3 @@ -34,4 +34,9 @@ 2.4 cp -a $install/usr/bin $fs/usr 2.5 cp -a $install/usr/lib/proftpd $fs/usr/lib 2.6 cp -a $install/etc $fs 2.7 + cat >> $fs/etc/proftpd.conf <<EOT 2.8 + 2.9 +# SSLv3 is unsafe, see CVE-2014-3566 POODLE 2.10 +# TLSProtocol TLSv1 2.11 +EOT 2.12 }