A security issue was discovered.
It is now fixed with mod_ssl 2.8.18.
Please upgrade your installations ASAP.

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/
                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com

  Changes with mod_ssl 2.8.18 (11-May-2004 to 27-May-2004)

   *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
      if the Subject-DN in the client certificate exceeds 6KB in length.
      (CVE CAN-2004-0488).

   *) Handle the case of OpenSSL retry requests after interrupted system
      calls during the SSL handshake phase.

   *) Remove some unused functions.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to