From security@linux-mandrake.com Wed Aug 4 17:00:53 2004 From: Mandrake Linux Security Team To: full-disclosure@lists.netsys.com Date: 28 Jul 2004 01:26:08 -0000 Subject: [Full-Disclosure] MDKSA-2004:075 - Updated mod_ssl packages fix potential vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: mod_ssl Advisory ID: MDKSA-2004:075 Date: July 27th, 2004 Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 ______________________________________________________________________ Problem Description: Ralf S. Engelschall found a remaining risky call to ssl_log while reviewing code for another issue reported by Virulent. The updated packages are patched to correct the problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0700 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 67b5f2830144f4f23252c6e790024913 10.0/RPMS/mod_ssl-2.8.16-1.2.100mdk.i586.rpm bc3d01ea44136b134f465f9477f4907c 10.0/SRPMS/mod_ssl-2.8.16-1.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 0e20fd551d0db86fb01bf1cac1fc0d00 amd64/10.0/RPMS/mod_ssl-2.8.16-1.2.100mdk.amd64.rpm bc3d01ea44136b134f465f9477f4907c amd64/10.0/SRPMS/mod_ssl-2.8.16-1.2.100mdk.src.rpm Corporate Server 2.1: ced0b61893293095a5f229728e4cbdb2 corporate/2.1/RPMS/mod_ssl-2.8.10-5.4.C21mdk.i586.rpm 543976686dac61408092c2d90faf45be corporate/2.1/SRPMS/mod_ssl-2.8.10-5.4.C21mdk.src.rpm Corporate Server 2.1/x86_64: 200c8254e7bbd46c8f9d5288803d33a1 x86_64/corporate/2.1/RPMS/mod_ssl-2.8.10-5.4.C21mdk.x86_64.rpm 543976686dac61408092c2d90faf45be x86_64/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.4.C21mdk.src.rpm Mandrakelinux 9.1: e58304a3bbc0581e643e5609e95b8230 9.1/RPMS/mod_ssl-2.8.12-8.2.91mdk.i586.rpm c752c0ae8d6d034eb61c1a967e0e50f0 9.1/SRPMS/mod_ssl-2.8.12-8.2.91mdk.src.rpm Mandrakelinux 9.1/PPC: c3ad8be79ca34e4a08d9d50d8c0e2178 ppc/9.1/RPMS/mod_ssl-2.8.12-8.2.91mdk.ppc.rpm c752c0ae8d6d034eb61c1a967e0e50f0 ppc/9.1/SRPMS/mod_ssl-2.8.12-8.2.91mdk.src.rpm Mandrakelinux 9.2: 51a525a5e2da3af2812d6f502dcb55ea 9.2/RPMS/mod_ssl-2.8.15-1.2.92mdk.i586.rpm faf4f30d6757b581b407e6dc645e17c0 9.2/SRPMS/mod_ssl-2.8.15-1.2.92mdk.src.rpm Mandrakelinux 9.2/AMD64: daf5b6b738aa5010619fc2cdf8817112 amd64/9.2/RPMS/mod_ssl-2.8.15-1.2.92mdk.amd64.rpm faf4f30d6757b581b407e6dc645e17c0 amd64/9.2/SRPMS/mod_ssl-2.8.15-1.2.92mdk.src.rpm Multi Network Firewall 8.2: 03dd0105896ff42ed4cd1fe48d3f62d7 mnf8.2/RPMS/mod_ssl-2.8.7-3.4.M82mdk.i586.rpm 7c306e82940c73410ccf8e9bb635adea mnf8.2/SRPMS/mod_ssl-2.8.7-3.4.M82mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBBwCwmqjQ0CJFipgRAvsqAJ4uzwldl0Yf+paawKs3W1wFZF/uQQCfT2pL yKWNwpXW9uoHgKYcFbnoho0= =itL+ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html