Paketname
mod_ssl
Datum
2004-06-01
Advisory ID
MDKSA-2004:054
Betroffene Versionen
9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , CS2.1 i586 , 10.0 i586 , 9.2 i586 , 9.1 i586 , MNF8.2 i586 , 9.1 i586

Problembeschreibung

A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_engine_kernel.c in mod_ssl for Apache 1.3.x. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem.

Aktualisierte Pakete

9.2 amd64

 d46068aa64c2aa3c106428d6bcf5e480  amd64/9.2/RPMS/mod_ssl-2.8.15-1.1.92mdk.amd64.rpm
1bb3fbc11273a15fb681c8f94925154d  amd64/9.2/SRPMS/mod_ssl-2.8.15-1.1.92mdk.src.rpm

CS2.1 x86_64

 a9bb204c891b9f4e02d611ec5d26438b  x86_64/corporate/2.1/RPMS/mod_ssl-2.8.10-5.3.C21mdk.x86_64.rpm
9dcf45014753c32281f3ef9424bdb4d3  x86_64/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.3.C21mdk.src.rpm

10.0 amd64

 9443127cebae4776cba6a419faea6db9  amd64/10.0/RPMS/mod_ssl-2.8.16-1.1.100mdk.amd64.rpm
92c3494519927447e841b87e41c18030  amd64/10.0/SRPMS/mod_ssl-2.8.16-1.1.100mdk.src.rpm

CS2.1 i586

 02f0643ee2c77e343e982d45272d2736  corporate/2.1/RPMS/mod_ssl-2.8.10-5.3.C21mdk.i586.rpm
9dcf45014753c32281f3ef9424bdb4d3  corporate/2.1/SRPMS/mod_ssl-2.8.10-5.3.C21mdk.src.rpm

10.0 i586

 e835aa3c42443822b1bb38202a242864  10.0/RPMS/mod_ssl-2.8.16-1.1.100mdk.i586.rpm
92c3494519927447e841b87e41c18030  10.0/SRPMS/mod_ssl-2.8.16-1.1.100mdk.src.rpm

9.2 i586

 806e5234ca391db643339020e719bc0f  9.2/RPMS/mod_ssl-2.8.15-1.1.92mdk.i586.rpm
1bb3fbc11273a15fb681c8f94925154d  9.2/SRPMS/mod_ssl-2.8.15-1.1.92mdk.src.rpm

9.1 i586

 5cb8b20c7d25a23c41797fa9cc1515ff  9.1/RPMS/mod_ssl-2.8.12-8.1.91mdk.i586.rpm
f8222566b9d5dfb1a920a73f16142d4a  9.1/SRPMS/mod_ssl-2.8.12-8.1.91mdk.src.rpm

MNF8.2 i586

 9855760b94cdb77928ed1a480684bd7c  mnf8.2/RPMS/mod_ssl-2.8.7-3.3.M82mdk.i586.rpm
4ad6b33008550170e737fdd9d69a72ed  mnf8.2/SRPMS/mod_ssl-2.8.7-3.3.M82mdk.src.rpm

9.1 i586

 254ddacd51c9a8a82207c4a268c064f6  ppc/9.1/RPMS/mod_ssl-2.8.12-8.1.91mdk.ppc.rpm
f8222566b9d5dfb1a920a73f16142d4a  ppc/9.1/SRPMS/mod_ssl-2.8.12-8.1.91mdk.src.rpm

Referenzen