| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 1 Jun 2004 22:12:33 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:055 - Updated apache2 package fix vulnerability in mod_ssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: apache2
Advisory ID: MDKSA-2004:055
Date: June 1st, 2004
Affected versions: 10.0, 9.1, 9.2
______________________________________________________________________
Problem Description:
A stack-based buffer overflow exists in the ssl_util_uuencode_binary
function in ssl_util.c in Apache. When mod_ssl is configured to trust
the issuing CA, a remote attacker may be able to execute arbitrary
code via a client certificate with a long subject DN.
The provided packages are patched to prevent this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
3111b612aa249513d3bfd62d660d84f5 10.0/RPMS/apache2-2.0.48-6.2.100mdk.i586.rpm
be7f4c6d9976385c6884762a67521a20 10.0/RPMS/apache2-common-2.0.48-6.2.100mdk.i586.rpm
510706a2c99f5f7cc5f3e77bdb5da5aa 10.0/RPMS/apache2-devel-2.0.48-6.2.100mdk.i586.rpm
f227a7c85de5ab4ccdc0b23afb6c7592 10.0/RPMS/apache2-manual-2.0.48-6.2.100mdk.i586.rpm
0f39dd91febd2c23330e9d1c493891b6 10.0/RPMS/apache2-mod_cache-2.0.48-6.2.100mdk.i586.rpm
df6e1335b214e94f0c674851ff3212cf 10.0/RPMS/apache2-mod_dav-2.0.48-6.2.100mdk.i586.rpm
b1c6a7416444501b8060bbdf8ca48f0a 10.0/RPMS/apache2-mod_deflate-2.0.48-6.2.100mdk.i586.rpm
b6280f32c97c63b5088012838bc89cba 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.2.100mdk.i586.rpm
5c170c8430f68fb4a4afed4434b1e513 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.2.100mdk.i586.rpm
23bc5e376539bcee81b457f730efd7fd 10.0/RPMS/apache2-mod_ldap-2.0.48-6.2.100mdk.i586.rpm
9ce5229a7cc6ab93d85ec012ce696494 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.2.100mdk.i586.rpm
0c86183703f69db7cdb28de391d3f78e 10.0/RPMS/apache2-mod_proxy-2.0.48-6.2.100mdk.i586.rpm
b87416a718964d75904e529e52106063 10.0/RPMS/apache2-mod_ssl-2.0.48-6.2.100mdk.i586.rpm
432f0f4ae5e38e9b43b8364f324763dc 10.0/RPMS/apache2-modules-2.0.48-6.2.100mdk.i586.rpm
0427b1a08aabbd081cfca08af6071588 10.0/RPMS/apache2-source-2.0.48-6.2.100mdk.i586.rpm
f9ab0637af7ce7159d5252976ddd27e1 10.0/RPMS/libapr0-2.0.48-6.2.100mdk.i586.rpm
c2af0f267d9b0a31539c7c5e7fbdb4d9 10.0/SRPMS/apache2-2.0.48-6.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
b5434064b5ba9aa3295275029dd355f7 amd64/10.0/RPMS/apache2-2.0.48-6.2.100mdk.amd64.rpm
3e24450b95d3800cb2b53cbfe4247ed2 amd64/10.0/RPMS/apache2-common-2.0.48-6.2.100mdk.amd64.rpm
1513d147a1cd7e7d39b3544cef4452d8 amd64/10.0/RPMS/apache2-devel-2.0.48-6.2.100mdk.amd64.rpm
337ff1d5f687d7ea370d66244f1f773d amd64/10.0/RPMS/apache2-manual-2.0.48-6.2.100mdk.amd64.rpm
77a114c6f9a8719e1a1c190efef8744c amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.2.100mdk.amd64.rpm
0f4e28c95bf98b580974cef192aed867 amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.2.100mdk.amd64.rpm
25a8a1b55d27e905eaf152a4ac264dbd amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.2.100mdk.amd64.rpm
4c5dc9c54eb70194a3060a2365d6b4e8 amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.2.100mdk.amd64.rpm
d72b2779cd56ac23897071f6d8c62384 amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.2.100mdk.amd64.rpm
752d4bca2e9fd6815745ce2265250c67 amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.2.100mdk.amd64.rpm
d414e1317b44b367d42937dd476e8484 amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.2.100mdk.amd64.rpm
0c33ae8b773b13eb528aa1e1769e36fa amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.2.100mdk.amd64.rpm
fd54f99ef0c42360e09799cf881cd37b amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.2.100mdk.amd64.rpm
c2361c2527ebbeafef57034173d2840b amd64/10.0/RPMS/apache2-modules-2.0.48-6.2.100mdk.amd64.rpm
f799b8ddd90bca399459acd04b7010e0 amd64/10.0/RPMS/apache2-source-2.0.48-6.2.100mdk.amd64.rpm
e60ee45d646fb0a6bc6c20f18b7c30d3 amd64/10.0/RPMS/lib64apr0-2.0.48-6.2.100mdk.amd64.rpm
c2af0f267d9b0a31539c7c5e7fbdb4d9 amd64/10.0/SRPMS/apache2-2.0.48-6.2.100mdk.src.rpm
Mandrakelinux 9.1:
a11cbb72043587a99412d7052dcba791 9.1/RPMS/apache2-2.0.47-1.8.91mdk.i586.rpm
bbc02417b82fa4bc6b2b7a74a204c7c2 9.1/RPMS/apache2-common-2.0.47-1.8.91mdk.i586.rpm
4cf89cb891b0856ba8b162e67061ea1a 9.1/RPMS/apache2-devel-2.0.47-1.8.91mdk.i586.rpm
a96bfe336f16891d1d20a5a13b56a36f 9.1/RPMS/apache2-manual-2.0.47-1.8.91mdk.i586.rpm
fea9374b8a23495b08ef5adad4074d23 9.1/RPMS/apache2-mod_dav-2.0.47-1.8.91mdk.i586.rpm
88e51a6e2be5c81063e29c7429c63733 9.1/RPMS/apache2-mod_ldap-2.0.47-1.8.91mdk.i586.rpm
d33b565415852146de64b950e2aeb178 9.1/RPMS/apache2-mod_ssl-2.0.47-1.8.91mdk.i586.rpm
69a56bece8b91acfdc11e199dbe486c3 9.1/RPMS/apache2-modules-2.0.47-1.8.91mdk.i586.rpm
a17ba2052134939a3e5947f595162033 9.1/RPMS/apache2-source-2.0.47-1.8.91mdk.i586.rpm
5d0d10fe9603e84a1d48910c31eb783e 9.1/RPMS/libapr0-2.0.47-1.8.91mdk.i586.rpm
d3034e88376372e030e6933191fd2dc9 9.1/SRPMS/apache2-2.0.47-1.8.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
cdbeb822dbb99fda215877ea3e62b2b7 ppc/9.1/RPMS/apache2-2.0.47-1.8.91mdk.ppc.rpm
ea58b7fe2522668f5748d722e38536fb ppc/9.1/RPMS/apache2-common-2.0.47-1.8.91mdk.ppc.rpm
830e5778c4765b6d788e6edc0de9e06f ppc/9.1/RPMS/apache2-devel-2.0.47-1.8.91mdk.ppc.rpm
ce43d8231c6e6e923871744fd72596f5 ppc/9.1/RPMS/apache2-manual-2.0.47-1.8.91mdk.ppc.rpm
c88920e151a05c23dffe03998973e1a1 ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.8.91mdk.ppc.rpm
f5b23a897dd1ee750496a7d852e634c5 ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.8.91mdk.ppc.rpm
494663652f8644d56beace3df3c63f00 ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.8.91mdk.ppc.rpm
3e02de6e503834d5982510d549117bcf ppc/9.1/RPMS/apache2-modules-2.0.47-1.8.91mdk.ppc.rpm
cd2d7f0e97ae4bceb365332f868d986d ppc/9.1/RPMS/apache2-source-2.0.47-1.8.91mdk.ppc.rpm
7f1525deceba60b85382ec30b4bb8003 ppc/9.1/RPMS/libapr0-2.0.47-1.8.91mdk.ppc.rpm
d3034e88376372e030e6933191fd2dc9 ppc/9.1/SRPMS/apache2-2.0.47-1.8.91mdk.src.rpm
Mandrakelinux 9.2:
b45203ab6443ad24bc2373a82a9d0234 9.2/RPMS/apache2-2.0.47-6.5.92mdk.i586.rpm
f727f5ce2d9504484b6acf7589f6a981 9.2/RPMS/apache2-common-2.0.47-6.5.92mdk.i586.rpm
eafda47abdec2ac8e5898fb37c604def 9.2/RPMS/apache2-devel-2.0.47-6.5.92mdk.i586.rpm
8842f5bab2a525868d7ded2c7737bf38 9.2/RPMS/apache2-manual-2.0.47-6.5.92mdk.i586.rpm
e5eca4891a90df4777f83297fcb397d4 9.2/RPMS/apache2-mod_cache-2.0.47-6.5.92mdk.i586.rpm
c234e089f0d35fbcd62360f8ce3fa6fb 9.2/RPMS/apache2-mod_dav-2.0.47-6.5.92mdk.i586.rpm
623397c51d7b7239d169a997e7a365c0 9.2/RPMS/apache2-mod_deflate-2.0.47-6.5.92mdk.i586.rpm
1a884f364a4155eb18698dc3a7fb92f3 9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.5.92mdk.i586.rpm
5ee061ac770af13bfc11a600d4a65ea1 9.2/RPMS/apache2-mod_file_cache-2.0.47-6.5.92mdk.i586.rpm
88d9923fe86c2aa9eb3a249776ff8976 9.2/RPMS/apache2-mod_ldap-2.0.47-6.5.92mdk.i586.rpm
179cbd3f6cb9b1e8d3536134e0e35354 9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.5.92mdk.i586.rpm
9167804d711ee3a478cd7042a0aa523d 9.2/RPMS/apache2-mod_proxy-2.0.47-6.5.92mdk.i586.rpm
8ec772426dd2600b65021c5f60748c52 9.2/RPMS/apache2-mod_ssl-2.0.47-6.5.92mdk.i586.rpm
dcc9dba2ecc0e8fa7e8fe9dae75b0959 9.2/RPMS/apache2-modules-2.0.47-6.5.92mdk.i586.rpm
0b949c30da2754ae3b88a803cb45517a 9.2/RPMS/apache2-source-2.0.47-6.5.92mdk.i586.rpm
0833bcad1698f811d18bbb12ce11dc3c 9.2/RPMS/libapr0-2.0.47-6.5.92mdk.i586.rpm
1afd7ce470710ac3ed8f7ae4e344ff92 9.2/SRPMS/apache2-2.0.47-6.5.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
6744490bc56e70abf362927c3755db17 amd64/9.2/RPMS/apache2-2.0.47-6.5.92mdk.amd64.rpm
35e7d6f05a478db830a165aa05382a17 amd64/9.2/RPMS/apache2-common-2.0.47-6.5.92mdk.amd64.rpm
cfa01cdb3126e6a735ff69c936c1f9e5 amd64/9.2/RPMS/apache2-devel-2.0.47-6.5.92mdk.amd64.rpm
5e52e0ef523a8383cede0395c2c04430 amd64/9.2/RPMS/apache2-manual-2.0.47-6.5.92mdk.amd64.rpm
db785af0a804319de566134b585abb36 amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.5.92mdk.amd64.rpm
0c1fe531569925cfd812d1340489ecc5 amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.5.92mdk.amd64.rpm
f67dab1f37130bf6eb0ddfb65c4fdda9 amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.5.92mdk.amd64.rpm
ed8d8f03faff8ebbe3d88392fa94dcd4 amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.5.92mdk.amd64.rpm
e4ceff685c7aac3f156a05ecd91e73f4 amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.5.92mdk.amd64.rpm
0cedfd81e38b7af96a20a58d75afb4b6 amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.5.92mdk.amd64.rpm
ebee758fa628bcadd8a53cea587497a2 amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.5.92mdk.amd64.rpm
aa732eb8c3cd2d5f456e15cdcce6aa08 amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.5.92mdk.amd64.rpm
41e4d2277f0196b9a6e5d259f9df39c4 amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.5.92mdk.amd64.rpm
1014599e6cfb73e88cd8991cb8f78bfc amd64/9.2/RPMS/apache2-modules-2.0.47-6.5.92mdk.amd64.rpm
f91bc1ce80d21e5b2830e7c1aead5178 amd64/9.2/RPMS/apache2-source-2.0.47-6.5.92mdk.amd64.rpm
6d6fed31d95ee6b23f6fce0abe9e645a amd64/9.2/RPMS/lib64apr0-2.0.47-6.5.92mdk.amd64.rpm
1afd7ce470710ac3ed8f7ae4e344ff92 amd64/9.2/SRPMS/apache2-2.0.47-6.5.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAvP9RmqjQ0CJFipgRAnLWAJ9XhMeD5o0GtecsyXY8IVVQGGT8XwCeP562
+x53j3ohHo6aZEMnXAy7sko=
=EJEa
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists