Date: Fri, 28 Jun 2002 14:05:09 +0200
From: (Trustix Secure Linux Advisor) <tsl@trustix.com>
To: bugtraq@securityfocus.com
Subject: TSL-2002-0058 - apache/mod_ssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0058
Package name: apache
Summary: Security fix
Date: 2002-06-26
Affected versions: TSL 1.1, 1.2, 1.5
- --------------------------------------------------------------------------
Problem description:
The mod_ssl team have upgraded their code due to a off-by-one buffer
overflow bug in the compatibility functionality (mapping of old directives
to new ones)
We don't have any indication that this issue is in any way exploitable,
but since the upstream vendor has released a new version, we want to
upgrade the package.
Action:
We recommend that all systems with this package installed are upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All TSL updates are available from
<URI:http://www.trustix.net/pub/Trustix/updates/>;
<URI:ftp://ftp.trustix.net/pub/Trustix/updates/>;
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Get SWUP from:
<URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>;
Public testing:
These packages have been available for public testing for some time.
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree is located at
<URI:http://www.trustix.net/pub/Trustix/testing/>;
<URI:ftp://ftp.trustix.net/pub/Trustix/testing/>;
Questions?
Check out our mailing lists:
<URI:http://www.trustix.net/support/>;
Verification:
This advisory along with all TSL packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.net/TSL-GPG-KEY>;
The advisory itself is available from the errata pages at
<URI:http://www.trustix.net/errata/trustix-1.2/>; and
<URI:http://www.trustix.net/errata/trustix-1.5/>;
or directly at
<URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0058-apache.asc.txt>;
MD5sums of the packages:
- --------------------------------------------------------------------------
c3c52147e70e32b67e37a698eed17c02 ./1.5/SRPMS/apache-1.3.26-2tr.src.rpm
706a30c5c6790f7543a68b374be84e42 ./1.5/RPMS/apache-devel-1.3.26-2tr.i586.rpm
9530d767981081c524e0f30dc58cc9aa ./1.5/RPMS/apache-1.3.26-2tr.i586.rpm
c3c52147e70e32b67e37a698eed17c02 ./1.2/SRPMS/apache-1.3.26-2tr.src.rpm
37262e06a438416089ee991cfa754d19 ./1.2/RPMS/apache-devel-1.3.26-2tr.i586.rpm
e116c878bf1d51365ddf1a8a2b9fb585 ./1.2/RPMS/apache-1.3.26-2tr.i586.rpm
c3c52147e70e32b67e37a698eed17c02 ./1.1/SRPMS/apache-1.3.26-2tr.src.rpm
4662fad3cbe2a1a8d07732977fa98e68 ./1.1/RPMS/apache-devel-1.3.26-2tr.i586.rpm
e61b8f70992aff98d49012922dbe3010 ./1.1/RPMS/apache-1.3.26-2tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9GcbbwRTcg4BxxS0RAtiXAJ9wQ8stwabLQllEHMhOWeUL2bVjEwCaAoYR
OlLRMhX3vBZFX6YQrOlMCBg=
=ThLo
-----END PGP SIGNATURE-----
