MDKSA-2004:054
- Package name
- mod_ssl
- Date
- 2004-06-01
- Advisory ID
- MDKSA-2004:054
- Affected versions
- 9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , CS2.1 i586 , 10.0 i586 , 9.2 i586 , 9.1 i586 , MNF8.2 i586 , 9.1 i586
Problem description
A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_engine_kernel.c in mod_ssl for Apache 1.3.x. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem.
Updated packages
9.2 amd64
d46068aa64c2aa3c106428d6bcf5e480 amd64/9.2/RPMS/mod_ssl-2.8.15-1.1.92mdk.amd64.rpm 1bb3fbc11273a15fb681c8f94925154d amd64/9.2/SRPMS/mod_ssl-2.8.15-1.1.92mdk.src.rpm
CS2.1 x86_64
a9bb204c891b9f4e02d611ec5d26438b x86_64/corporate/2.1/RPMS/mod_ssl-2.8.10-5.3.C21mdk.x86_64.rpm 9dcf45014753c32281f3ef9424bdb4d3 x86_64/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.3.C21mdk.src.rpm
10.0 amd64
9443127cebae4776cba6a419faea6db9 amd64/10.0/RPMS/mod_ssl-2.8.16-1.1.100mdk.amd64.rpm 92c3494519927447e841b87e41c18030 amd64/10.0/SRPMS/mod_ssl-2.8.16-1.1.100mdk.src.rpm
CS2.1 i586
02f0643ee2c77e343e982d45272d2736 corporate/2.1/RPMS/mod_ssl-2.8.10-5.3.C21mdk.i586.rpm 9dcf45014753c32281f3ef9424bdb4d3 corporate/2.1/SRPMS/mod_ssl-2.8.10-5.3.C21mdk.src.rpm
10.0 i586
e835aa3c42443822b1bb38202a242864 10.0/RPMS/mod_ssl-2.8.16-1.1.100mdk.i586.rpm 92c3494519927447e841b87e41c18030 10.0/SRPMS/mod_ssl-2.8.16-1.1.100mdk.src.rpm
9.2 i586
806e5234ca391db643339020e719bc0f 9.2/RPMS/mod_ssl-2.8.15-1.1.92mdk.i586.rpm 1bb3fbc11273a15fb681c8f94925154d 9.2/SRPMS/mod_ssl-2.8.15-1.1.92mdk.src.rpm
9.1 i586
5cb8b20c7d25a23c41797fa9cc1515ff 9.1/RPMS/mod_ssl-2.8.12-8.1.91mdk.i586.rpm f8222566b9d5dfb1a920a73f16142d4a 9.1/SRPMS/mod_ssl-2.8.12-8.1.91mdk.src.rpm
MNF8.2 i586
9855760b94cdb77928ed1a480684bd7c mnf8.2/RPMS/mod_ssl-2.8.7-3.3.M82mdk.i586.rpm 4ad6b33008550170e737fdd9d69a72ed mnf8.2/SRPMS/mod_ssl-2.8.7-3.3.M82mdk.src.rpm
9.1 i586
254ddacd51c9a8a82207c4a268c064f6 ppc/9.1/RPMS/mod_ssl-2.8.12-8.1.91mdk.ppc.rpm f8222566b9d5dfb1a920a73f16142d4a ppc/9.1/SRPMS/mod_ssl-2.8.12-8.1.91mdk.src.rpm