From tsl@trustix.com Sun Jun 30 19:02:02 2002 From: Trustix Secure Linux Advisor To: bugtraq@securityfocus.com Date: Fri, 28 Jun 2002 14:05:09 +0200 Subject: TSL-2002-0058 - apache/mod_ssl -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2002-0058 Package name: apache Summary: Security fix Date: 2002-06-26 Affected versions: TSL 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Problem description: The mod_ssl team have upgraded their code due to a off-by-one buffer overflow bug in the compatibility functionality (mapping of old directives to new ones) We don't have any indication that this issue is in any way exploitable, but since the upstream vendor has released a new version, we want to upgrade the package. Action: We recommend that all systems with this package installed are upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at Questions? Check out our mailing lists: Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: The advisory itself is available from the errata pages at and or directly at MD5sums of the packages: - -------------------------------------------------------------------------- c3c52147e70e32b67e37a698eed17c02 ./1.5/SRPMS/apache-1.3.26-2tr.src.rpm 706a30c5c6790f7543a68b374be84e42 ./1.5/RPMS/apache-devel-1.3.26-2tr.i586.rpm 9530d767981081c524e0f30dc58cc9aa ./1.5/RPMS/apache-1.3.26-2tr.i586.rpm c3c52147e70e32b67e37a698eed17c02 ./1.2/SRPMS/apache-1.3.26-2tr.src.rpm 37262e06a438416089ee991cfa754d19 ./1.2/RPMS/apache-devel-1.3.26-2tr.i586.rpm e116c878bf1d51365ddf1a8a2b9fb585 ./1.2/RPMS/apache-1.3.26-2tr.i586.rpm c3c52147e70e32b67e37a698eed17c02 ./1.1/SRPMS/apache-1.3.26-2tr.src.rpm 4662fad3cbe2a1a8d07732977fa98e68 ./1.1/RPMS/apache-devel-1.3.26-2tr.i586.rpm e61b8f70992aff98d49012922dbe3010 ./1.1/RPMS/apache-1.3.26-2tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9GcbbwRTcg4BxxS0RAtiXAJ9wQ8stwabLQllEHMhOWeUL2bVjEwCaAoYR OlLRMhX3vBZFX6YQrOlMCBg= =ThLo -----END PGP SIGNATURE-----