MDKSA-2002:020

Nom du paquet

mod_ssl

Date

2002-03-07

Advisory ID

MDKSA-2002:020

Affected versions

8.1 i586 , SNF7.2 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.0 i586 , 7.1 i586 , 7.2 i586

Problem description

Ed Moyle discovered a buffer overflow in mod_ssl's session caching mechanisms that use shared memory and dbm. This could potentially be triggered by sending a very long client certificate to the server.

Updated packages

8.1 i586

 59974b39c67f4e2773416349c8207d54  ia64/8.1/RPMS/mod_ssl-2.8.5-2.1mdk.ia64.rpm
8e9e7f26e64e15d4323e69cc9afad15e  ia64/8.1/SRPMS/mod_ssl-2.8.5-2.1mdk.src.rpm

SNF7.2 i586

 27f5f01c9f3ec9fda3af4661fa84c9f5  snf7.2/RPMS/mod_ssl-2.8.4-4.2mdk.i586.rpm
5421309dd07559693f07800528561612  snf7.2/SRPMS/mod_ssl-2.8.4-4.2mdk.src.rpm

CS1.0 i586

 57b34a081cca5b85aae6c097d067316a  1.0.1/RPMS/mod_ssl-2.8.5-2.4mdk.i586.rpm
5189233df0f03cb8fe78675dc4b7b58b  1.0.1/SRPMS/mod_ssl-2.8.5-2.4mdk.src.rpm

8.1 i586

 020058f4fd26dc78480804caf5cd0044  8.1/RPMS/mod_ssl-2.8.5-2.1mdk.i586.rpm
8e9e7f26e64e15d4323e69cc9afad15e  8.1/SRPMS/mod_ssl-2.8.5-2.1mdk.src.rpm

8.0 i586

 25812a052c7e82db4015c80395d0a142  8.0/RPMS/mod_ssl-2.8.5-2.2mdk.i586.rpm
ae2ab6e8cd666f6171b682f69340e0df  8.0/SRPMS/mod_ssl-2.8.5-2.2mdk.src.rpm

8.0 i586

 53b213329a866d92c4a70273cf0b591d  ppc/8.0/RPMS/mod_ssl-2.8.5-2.2mdk.ppc.rpm
ae2ab6e8cd666f6171b682f69340e0df  ppc/8.0/SRPMS/mod_ssl-2.8.5-2.2mdk.src.rpm

7.1 i586

 57b34a081cca5b85aae6c097d067316a  7.1/RPMS/mod_ssl-2.8.5-2.4mdk.i586.rpm
5189233df0f03cb8fe78675dc4b7b58b  7.1/SRPMS/mod_ssl-2.8.5-2.4mdk.src.rpm

7.2 i586

 b1fd2e18a7d3b8d512e2bf858c040282  7.2/RPMS/mod_ssl-2.8.5-2.3mdk.i586.rpm
09c08fd15d6e826188f51a41a047b568  7.2/SRPMS/mod_ssl-2.8.5-2.3mdk.src.rpm

References

• http://online.securityfocus.com/bid/4189