We've today found an ssl_log() related format string vulnerability in
the mod_proxy hook functions of mod_ssl for Apache 1.3.x (mod_ssl for
Apache 2.x is not affected). A mod_ssl 2.8.19 for Apache 1.3.31 was
created which fixes this potential security hole.

Get mod_ssl-2.8.19-1.3.31.tar.gz from:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
Official Announcement Mailing List          [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to