There is new vulnerablity in mod_ssl
If this was regular system I would simply uprgade my port( I am on FreedBSD). When DA is there how do I uprgade ?
----------------------------------------------------------------------------
Two vulnerabilities were discovered in libapache-mod-ssl:
CAN-2004-0488 - Stack-based buffer overflow in the
ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl,
when mod_ssl is configured to trust the issuing CA, may allow remote
attackers to execute arbitrary code via a client certificate with a
long subject DN.
CAN-2004-0700 - Format string vulnerability in the ssl_log function
in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow
remote attackers to execute arbitrary messages via format string
specifiers in certain log messages for HTTPS.
-------------------------------------------------------------------------------
Thanks,
Peter
If this was regular system I would simply uprgade my port( I am on FreedBSD). When DA is there how do I uprgade ?
----------------------------------------------------------------------------
Two vulnerabilities were discovered in libapache-mod-ssl:
CAN-2004-0488 - Stack-based buffer overflow in the
ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl,
when mod_ssl is configured to trust the issuing CA, may allow remote
attackers to execute arbitrary code via a client certificate with a
long subject DN.
CAN-2004-0700 - Format string vulnerability in the ssl_log function
in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow
remote attackers to execute arbitrary messages via format string
specifiers in certain log messages for HTTPS.
-------------------------------------------------------------------------------
Thanks,
Peter
)