Advisories

Mandriva Advisories

Package name	mod_ssl
Date	August 8th, 2002
Advisory ID	MDKSA-2002:048
Affected versions	7.1, 7.2, 8.0, 8.1, 8.2, CS1.0
Synopsis	Updated mod_ssl packages fix buffer overflow

Problem Description

Frank Denis discovered an off-by-one error in mod_ssl dealing with the
handling of older configuration directorives (the rewrite_command
hook). A malicious user could use a specially-crafted .htaccess file
to execute arbitrary commands as the apache user or execute a DoS
against the apache child processes.

This vulnerability is fixed in mod_ssl 2.8.10; patches have been
applied to correct this problem in these packages.

Updated Packages

Mandrakelinux 7.1

 8f336f83c0ad7ba0f21da3f805839b77  7.1/RPMS/mod_ssl-2.8.5-3.1mdk.i586.rpm
9f28eb3330d357a7bb7e27fb16da757b  7.1/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

Mandrakelinux 7.2

 39ce2c8b476fd8069c8f0fe7aedbef21  7.2/RPMS/mod_ssl-2.8.5-3.1mdk.i586.rpm
9f28eb3330d357a7bb7e27fb16da757b  7.2/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

Mandrakelinux 8.0

 3f8e7d148ea509d27d0e59587ac86602  8.0/RPMS/mod_ssl-2.8.5-3.1mdk.i586.rpm
9f28eb3330d357a7bb7e27fb16da757b  8.0/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

Mandrakelinux 8.0/PPC

 d9e727172d7147dc3ec9140c24fcacff  ppc/8.0/RPMS/mod_ssl-2.8.5-3.1mdk.ppc.rpm
9f28eb3330d357a7bb7e27fb16da757b  ppc/8.0/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

Mandrakelinux 8.1

 7817c09901d4be439fd00bfd4cf9cc1b  8.1/RPMS/mod_ssl-2.8.5-3.1mdk.i586.rpm
9f28eb3330d357a7bb7e27fb16da757b  8.1/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

Mandrakelinux 8.1/IA64

 f55a946cac1b64bf4c9b1952aa9b779a  ia64/8.1/RPMS/mod_ssl-2.8.5-3.1mdk.ia64.rpm
9f28eb3330d357a7bb7e27fb16da757b  ia64/8.1/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

Mandrakelinux 8.2

 406eee7d9607cf40f5cea3376fe38697  8.2/RPMS/mod_ssl-2.8.7-3.1mdk.i586.rpm
9e421423dc9cef30f0a1b04a49ab87da  8.2/SRPMS/mod_ssl-2.8.7-3.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 01fc7c44707f19136d6f31b75ad754e1  ppc/8.2/RPMS/mod_ssl-2.8.7-3.1mdk.ppc.rpm
9e421423dc9cef30f0a1b04a49ab87da  ppc/8.2/SRPMS/mod_ssl-2.8.7-3.1mdk.src.rpm

Corporate Server 1.0.1

 8f336f83c0ad7ba0f21da3f805839b77  1.0.1/RPMS/mod_ssl-2.8.5-3.1mdk.i586.rpm
9f28eb3330d357a7bb7e27fb16da757b  1.0.1/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653
http://marc.theaimsgroup.com/?l=apache-modssl&m=102491918531562

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer