Date: 28 Jul 2004 01:26:08 -0000
From: Mandrake Linux Security Team <security@linux-mandrake.com>
To: bugtraq@securityfocus.com
Subject: MDKSA-2004:075 - Updated mod_ssl packages fix potential vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: mod_ssl
Advisory ID: MDKSA-2004:075
Date: July 27th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
Ralf S. Engelschall found a remaining risky call to ssl_log while
reviewing code for another issue reported by Virulent. The updated
packages are patched to correct the problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0700
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
67b5f2830144f4f23252c6e790024913 10.0/RPMS/mod_ssl-2.8.16-1.2.100mdk.i586.rpm
bc3d01ea44136b134f465f9477f4907c 10.0/SRPMS/mod_ssl-2.8.16-1.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
0e20fd551d0db86fb01bf1cac1fc0d00 amd64/10.0/RPMS/mod_ssl-2.8.16-1.2.100mdk.amd64.rpm
bc3d01ea44136b134f465f9477f4907c amd64/10.0/SRPMS/mod_ssl-2.8.16-1.2.100mdk.src.rpm
Corporate Server 2.1:
ced0b61893293095a5f229728e4cbdb2 corporate/2.1/RPMS/mod_ssl-2.8.10-5.4.C21mdk.i586.rpm
543976686dac61408092c2d90faf45be corporate/2.1/SRPMS/mod_ssl-2.8.10-5.4.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
200c8254e7bbd46c8f9d5288803d33a1 x86_64/corporate/2.1/RPMS/mod_ssl-2.8.10-5.4.C21mdk.x86_64.rpm
543976686dac61408092c2d90faf45be x86_64/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.4.C21mdk.src.rpm
Mandrakelinux 9.1:
e58304a3bbc0581e643e5609e95b8230 9.1/RPMS/mod_ssl-2.8.12-8.2.91mdk.i586.rpm
c752c0ae8d6d034eb61c1a967e0e50f0 9.1/SRPMS/mod_ssl-2.8.12-8.2.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
c3ad8be79ca34e4a08d9d50d8c0e2178 ppc/9.1/RPMS/mod_ssl-2.8.12-8.2.91mdk.ppc.rpm
c752c0ae8d6d034eb61c1a967e0e50f0 ppc/9.1/SRPMS/mod_ssl-2.8.12-8.2.91mdk.src.rpm
Mandrakelinux 9.2:
51a525a5e2da3af2812d6f502dcb55ea 9.2/RPMS/mod_ssl-2.8.15-1.2.92mdk.i586.rpm
faf4f30d6757b581b407e6dc645e17c0 9.2/SRPMS/mod_ssl-2.8.15-1.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
daf5b6b738aa5010619fc2cdf8817112 amd64/9.2/RPMS/mod_ssl-2.8.15-1.2.92mdk.amd64.rpm
faf4f30d6757b581b407e6dc645e17c0 amd64/9.2/SRPMS/mod_ssl-2.8.15-1.2.92mdk.src.rpm
Multi Network Firewall 8.2:
03dd0105896ff42ed4cd1fe48d3f62d7 mnf8.2/RPMS/mod_ssl-2.8.7-3.4.M82mdk.i586.rpm
7c306e82940c73410ccf8e9bb635adea mnf8.2/SRPMS/mod_ssl-2.8.7-3.4.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBBwCwmqjQ0CJFipgRAvsqAJ4uzwldl0Yf+paawKs3W1wFZF/uQQCfT2pL
yKWNwpXW9uoHgKYcFbnoho0=
=itL+
-----END PGP SIGNATURE-----
