mod_ssl 2.8.18-1.3.31: Security Fix

Pią, 28 Maj 2004, 10:21:42 CEST

On Fri, 28 May 2004, Arkadiusz Patyk wrote:
> Wykryto buga w mod_ssl < 2.8.18-1.3.31.
> 
> Vulnerability:       arbitrary code execution  
> Description:                                                                                        
>   Georgi Guninski discovered [1] a stack-based buffer overflow in                                   
>   the "SSLOptions +FakeBasicAuth" implementation of Apache's SSL/TLS                                
>   extension module mod_ssl [0]. The overflow can occur if the Subject-DN                            
>   in the client certificate exceeds 6KB in length and mod_ssl is
>   configured to trust the issuing CA. The Common Vulnerabilities and                                
>   Exposures (CVE) project assigned the id CAN-2004-0488 [2] to the                                  
>   problem.                                                                                         
> 
> Zaktualizowałem na HEAD i RA-branch. Proszę o puszczenie na buildery
> i umieszenia na ftp ASAP. 

[RA] Poszło do pieca

-- 
pozdr.  Paweł Gołaszewski 
---------------------------------
My jsme borgové. Odpor je marný, budete asimilováni...