New mod_ssl packages

Mon, 26 Jul 2004 20:38:30 -0700 

New mod_ssl packages are available for Slack/390 9.0, 9.1, and -current to
fix a security issue.  A format string vulnerability in mod_proxy hook
functions could allow an attacker to run code as the mod_ssl user.  Sites
using mod_ssl should upgrade (be sure to back up your existing key files
first).

Here are the details from the Slack/390 -current ChangeLog:
+--------------------------+
Mon Jul 26 12:04:25 EDT 2004
patches/packages/mod_ssl-2.8.19_1.3.31-s390-1.tgz:
  Upgraded to mod_ssl-2.8.19-1.3.31.
  This fixes a security hole (ssl_log() related format string
  vulnerability in mod_proxy hook functions), so sites using mod_ssl
  should upgrade to the new version.  Be sure to back up your existing
  key files first.
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slack/390 9.0:
ftp://ftp.ibiblio.org/pub/Linux/distributions/slack390/slack390-9.0/slackwar
e/n/mod_ssl-2.8.19_1.3.31-s390-1.tgz

Updated package for Slack/390 9.1:
ftp://ftp.ibiblio.org/pub/Linux/distributions/slack390/slack390-9.1/patches/
packages/mod_ssl-2.8.19_1.3.31-s390-1.tgz

Updated package for Slack/390 -current:
ftp://ftp.ibiblio.org/pub/Linux/distributions/slack390/slack390-current/patc
hes/packages/mod_ssl-2.8.19_1.3.31-s390-1.tgz


MD5 signatures:
+-------------+

Slack/390 9.0 package:
46d2c08cb53012fa8f926accbb6678e2  mod_ssl-2.8.19_1.3.31-s390-1.tgz

Slack/390 9.1 package:
9c5eb48ed8804d8cff98955426c52995  mod_ssl-2.8.19_1.3.31-s390-1.tgz

Slack/390 -current package:
9457fabc06d1ef10872bdbd386d08659  mod_ssl-2.8.19_1.3.31-s390-1.tgz


Installation instructions:
+------------------------+

First, stop apache:

# apachectl stop

IMPORTANT:  Backup any keys/certificates you wish to save for
mod_ssl (in /etc/apache/ssl.*)

Next, upgrade these packages as root:

# upgradepkg mod_ssl-2.8.19_1.3.31-s390-1.tgz

If necessary, restore any mod_ssl config files.

Finally, restart apache:

# apachectl startssl


+-----+


Mark Post

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to