blob: 4a00f5c52c58c2cdae24416fae3831b621817222 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
#use wml::debian::translation-check translation="1.2" maintainer=""
#pddp rafalm80
<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>
<p>Two vulnerabilities were discovered in libapache-mod-ssl:</p>
<ul>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a>
<p>Stack-based buffer overflow in the
ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl,
when mod_ssl is configured to trust the issuing CA, may allow remote
attackers to execute arbitrary code via a client certificate with a
long subject DN.</p>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0700">CAN-2004-0700</a>
<p>Format string vulnerability in the ssl_log function
in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow
remote attackers to execute arbitrary messages via format string
specifiers in certain log messages for HTTPS.</p>
</ul>
<p>For the current stable distribution (woody), these problems have been
fixed in version 2.8.9-2.4.</p>
<p>For the unstable distribution (sid), <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</a> was fixed in
version 2.8.18, and <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0700">CAN-2004-0700</a> will be fixed soon.</p>
<p>We recommend that you update your libapache-mod-ssl package.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2004/dsa-532.data"
|
