mod_ssl 2.8.18-1.3.31: Security Fix
Paweł Gołaszewski
blues at ds.pg.gda.pl
Fri May 28 10:21:42 CEST 2004
On Fri, 28 May 2004, Arkadiusz Patyk wrote:
> Wykryto buga w mod_ssl < 2.8.18-1.3.31.
>
> Vulnerability: arbitrary code execution
> Description:
> Georgi Guninski discovered [1] a stack-based buffer overflow in
> the "SSLOptions +FakeBasicAuth" implementation of Apache's SSL/TLS
> extension module mod_ssl [0]. The overflow can occur if the Subject-DN
> in the client certificate exceeds 6KB in length and mod_ssl is
> configured to trust the issuing CA. The Common Vulnerabilities and
> Exposures (CVE) project assigned the id CAN-2004-0488 [2] to the
> problem.
>
> Zaktualizowałem na HEAD i RA-branch. Proszę o puszczenie na buildery
> i umieszenia na ftp ASAP.
[RA] Poszło do pieca
--
pozdr. Paweł Gołaszewski
---------------------------------
My jsme borgové. Odpor je marný, budete asimilováni...
More information about the pld-devel-pl
mailing list