Eridani alert ERISA-2002:029 (mod_ssl)
| From: | Eridani Star System <linux@eridani.co.uk> | |
| To: | eridani-announce@eridani.co.uk | |
| Subject: | [Eridani-Announce] ERISA-2002:029 - mod_ssl (apache) | |
| Date: | Thu, 25 Jul 2002 21:49:04 +0100 (BST) |
========================================================================= ERIDANI LINUX - SECURITY ANNOUNCEMENT ========================================================================= Package: mod_ssl (apache) Summary: Off-by-one local code execution and DoS vulnerability Date: 2002-07-25 ID: ERISA-2002:029 ========================================================================= Problem description: Mod-ssl provides strong cryptography for the Apache webserver via the Secure Sockets Layer (SSL). A maliciously-crafted .htaccess file, may be used by an attacker to execute arbitrary commands as the httpd user or launch a denial of service attack. The problem is fixed in mod_ssl 2.8.10. ------------------------------------------------------------------------- Updated packages: 214390279c17f1b510360339706da7c0 apache-1.3.26-2.src.rpm 7036150e09ae529b8eb3fd80c880b085 apache-1.3.26-2.i386.rpm 147f95c7eb05627028cfac9bec12afb1 apache-devel-1.3.26-2.i386.rpm 7bfcb4acdae3d7c678d577ef448aa5c5 apache-manual-1.3.26-2.i386.rpm c8cf8ff5c469a3d04d66073c10236a62 mod_ssl-2.8.10-2.i386.rpm ------------------------------------------------------------------------- References: http://lwn.net/Articles/3848/ ========================================================================= Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/ or by HTTP from http://ftp.eridani.co.uk/ Packages are signed with our GNU GPG key, also on our FTP site. Users of releases of Eridani Linux prior to 6.3 are advised to download the source RPM and rebuild for their system. Copyright (C)2002 Eridani Star System -- Michael "Soruk" McConnell http://www.eridani.co.uk Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more... _______________________________________________ Eridani-Announce mailing list To be removed from this list email linux@eridani.co.uk requesting removal.