Description
This apache2 update fixes the following security issues:
- CRIME types of attack, based on size and timing analysis of compressed
content, are now mitigated by the new SSLCompression directive, set to
'no' in /etc/apache2/ssl-global.conf
- ssl-global.conf: SSLHonorCipherOrder set to on
- SSLCipherSuite updates to vhosts.d/vhost-ssl.template and
apache2-default-vhost-ssl.conf
- new config option CGIDScriptTimeout set to 60s in new file
conf.d/cgid-timeout.conf, preventing worker processes hanging forever if
a cgi launched from them has stopped reading input from the server