Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:122 - Updated mod_ssl packages fix information disclosure vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 2 Nov 2004 00:37:35 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           mod_ssl/apache2-mod_ssl
 Advisory ID:            MDKSA-2004:122
 Date:                   November 1st, 2004

 Affected versions:      10.0, 10.1, 9.2, Corporate Server 2.1,
                         Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A vulnerability in mod_ssl was discovered by Hartmut Keil.  After a
 renegotiation, mod_ssl would fail to ensure that the requested cipher
 suite is actually negotiated.  The provided packages have been patched
 to prevent this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 429d438717b8bfdd0ac366da8f3e7e89  10.0/RPMS/apache2-2.0.48-6.7.100mdk.i586.rpm
 6edd259a81c690a6a1299271a10de8ab  10.0/RPMS/apache2-common-2.0.48-6.7.100mdk.i586.rpm
 ddbbe0d19ccdcbcf7a4a4d823676faea  10.0/RPMS/apache2-devel-2.0.48-6.7.100mdk.i586.rpm
 9a1425b21544ff9bd81dcc3386c81631  10.0/RPMS/apache2-manual-2.0.48-6.7.100mdk.i586.rpm
 27cd57beaf5db175693d01366046691b  10.0/RPMS/apache2-mod_cache-2.0.48-6.7.100mdk.i586.rpm
 6141d95d82f2c2f38838b72c3ac7806a  10.0/RPMS/apache2-mod_dav-2.0.48-6.7.100mdk.i586.rpm
 48ac206a447c0c25fa9e617639474c77  10.0/RPMS/apache2-mod_deflate-2.0.48-6.7.100mdk.i586.rpm
 c6f94930e3b5055ad1073ee949110f57  10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.7.100mdk.i586.rpm
 56746abbceb15245aef8573bfa1b7a54  10.0/RPMS/apache2-mod_file_cache-2.0.48-6.7.100mdk.i586.rpm
 69bad52d4f96fccb86631a656f50f4eb  10.0/RPMS/apache2-mod_ldap-2.0.48-6.7.100mdk.i586.rpm
 e325fadb04ae542e22ae363ce496eb18  10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.7.100mdk.i586.rpm
 9d717c63ca90fd26cac4a3cf61cf269f  10.0/RPMS/apache2-mod_proxy-2.0.48-6.7.100mdk.i586.rpm
 d9f0228462bd4b7f041dbd94aae68125  10.0/RPMS/apache2-mod_ssl-2.0.48-6.7.100mdk.i586.rpm
 7193c375c5dcccc1e51637ec318aea7e  10.0/RPMS/apache2-modules-2.0.48-6.7.100mdk.i586.rpm
 38c0cb64d7c75e071c08832c7fd49c3a  10.0/RPMS/apache2-source-2.0.48-6.7.100mdk.i586.rpm
 20194ed8af9f9a691b23732058a739b9  10.0/RPMS/libapr0-2.0.48-6.7.100mdk.i586.rpm
 e53dbfcd27032f209a1d60a7cd5b5cbf  10.0/RPMS/mod_ssl-2.8.16-1.3.100mdk.i586.rpm
 ea8e6ebb5defc2e6465356bccb9d6678  10.0/SRPMS/apache2-2.0.48-6.7.100mdk.src.rpm
 8074914686563633c3948fd4143f7b09  10.0/SRPMS/mod_ssl-2.8.16-1.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 146b8d20ad0fec83efbf0a09a3a0dbe0  amd64/10.0/RPMS/apache2-2.0.48-6.7.100mdk.amd64.rpm
 936e446e2416dddbb4b189e35aa72279  amd64/10.0/RPMS/apache2-common-2.0.48-6.7.100mdk.amd64.rpm
 b62c10d878316695bcd8cb6209a85224  amd64/10.0/RPMS/apache2-devel-2.0.48-6.7.100mdk.amd64.rpm
 390b1b48fc06b57951521037835cd804  amd64/10.0/RPMS/apache2-manual-2.0.48-6.7.100mdk.amd64.rpm
 7a5affc7e9672730518d1f53982d1db5  amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.7.100mdk.amd64.rpm
 0e9243c8847f717e9f59954f23c571da  amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.7.100mdk.amd64.rpm
 cc345abfdea330abda80f2bb85288cc9  amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.7.100mdk.amd64.rpm
 2a22ea878c5741dd375ad394bc87f1f5  amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.7.100mdk.amd64.rpm
 babacc68efe1bc11a221013fc0910ba0  amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.7.100mdk.amd64.rpm
 122f0049f13e32db6a499c1ba937cd31  amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.7.100mdk.amd64.rpm
 4a92da61ce77dc5a28e6315068687537  amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.7.100mdk.amd64.rpm
 78996c9106336896f83c3f882afa8640  amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.7.100mdk.amd64.rpm
 4edb7510fa7225422933db88968890cd  amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.7.100mdk.amd64.rpm
 b109c1ac9ca2f0fe66e42944b543ccaa  amd64/10.0/RPMS/apache2-modules-2.0.48-6.7.100mdk.amd64.rpm
 46169f035e89af16def0ad29b1c7b327  amd64/10.0/RPMS/apache2-source-2.0.48-6.7.100mdk.amd64.rpm
 c358fa7df7e0b50818e25f2f8f7866a2  amd64/10.0/RPMS/lib64apr0-2.0.48-6.7.100mdk.amd64.rpm
 951ddb8c42310629b23d9eabb188c6b5  amd64/10.0/RPMS/mod_ssl-2.8.16-1.3.100mdk.amd64.rpm
 ea8e6ebb5defc2e6465356bccb9d6678  amd64/10.0/SRPMS/apache2-2.0.48-6.7.100mdk.src.rpm
 8074914686563633c3948fd4143f7b09  amd64/10.0/SRPMS/mod_ssl-2.8.16-1.3.100mdk.src.rpm

 Mandrakelinux 10.1:
 e714fa9784281c66b72817bb5deecf6b  10.1/RPMS/apache2-2.0.50-7.1.101mdk.i586.rpm
 efcbecb46dabc550023ad708e5b5356d  10.1/RPMS/apache2-common-2.0.50-7.1.101mdk.i586.rpm
 dea9db9c1c01e0983faf48f07472e19f  10.1/RPMS/apache2-devel-2.0.50-7.1.101mdk.i586.rpm
 d9b7e5a6031fbf5267c2049248fef0c7  10.1/RPMS/apache2-manual-2.0.50-7.1.101mdk.i586.rpm
 3f920325b94a6ebebca013340eb8e04a  10.1/RPMS/apache2-mod_cache-2.0.50-7.1.101mdk.i586.rpm
 592da78980d07502c3624f796ae6fbe8  10.1/RPMS/apache2-mod_dav-2.0.50-7.1.101mdk.i586.rpm
 5e98d536e68aeeec4478883c5cddd2c4  10.1/RPMS/apache2-mod_deflate-2.0.50-7.1.101mdk.i586.rpm
 ddf6aedfdd0e69201d96d370a75bcba5  10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.1.101mdk.i586.rpm
 6d4607217579d55ba1b6e16c34b21531  10.1/RPMS/apache2-mod_file_cache-2.0.50-7.1.101mdk.i586.rpm
 58edbcd2e6a6303596f61b6fceaf631e  10.1/RPMS/apache2-mod_ldap-2.0.50-7.1.101mdk.i586.rpm
 84ce3ae0a05d5511195b675a52ee3d99  10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.1.101mdk.i586.rpm
 e98c611a98dae2a92591fec63979a363  10.1/RPMS/apache2-mod_proxy-2.0.50-7.1.101mdk.i586.rpm
 66c51a72f1933c5146715dcf95c2a3c6  10.1/RPMS/apache2-mod_ssl-2.0.50-4.1.101mdk.i586.rpm
 df78cfe3bde7549a7e140baa297d0960  10.1/RPMS/apache2-modules-2.0.50-7.1.101mdk.i586.rpm
 06161835b5ef8166608d446e1e5adbb9  10.1/RPMS/apache2-source-2.0.50-7.1.101mdk.i586.rpm
 5efa55982a850f076b9b59716d32f0c4  10.1/RPMS/apache2-worker-2.0.50-7.1.101mdk.i586.rpm
 5b57e055e2d7b527f1319ca8f9f1f634  10.1/RPMS/mod_ssl-2.8.19-1.1.101mdk.i586.rpm
 1e7f77b7dfda5fffcadc105983f8d057  10.1/SRPMS/apache2-2.0.50-7.1.101mdk.src.rpm
 f570d037a621f96459b1277a751321f0  10.1/SRPMS/apache2-mod_ssl-2.0.50-4.1.101mdk.src.rpm
 7d747fde6e998c9493280925420bab7d  10.1/SRPMS/mod_ssl-2.8.19-1.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 af7afd1cd53cb0f6f21e00dbb05af085  x86_64/10.1/RPMS/apache2-2.0.50-7.1.101mdk.x86_64.rpm
 bc53536922c2faa9a05186e2329c0051  x86_64/10.1/RPMS/apache2-common-2.0.50-7.1.101mdk.x86_64.rpm
 e7ab3c9911988c2c7c7d7907c61e82c3  x86_64/10.1/RPMS/apache2-devel-2.0.50-7.1.101mdk.x86_64.rpm
 1d4a7e7283de77ff88b34c2f63e107de  x86_64/10.1/RPMS/apache2-manual-2.0.50-7.1.101mdk.x86_64.rpm
 abe578e53cd5b8ef6455049469018300  x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.1.101mdk.x86_64.rpm
 286510a60cdb51e587bb52a1a9fb1540  x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.1.101mdk.x86_64.rpm
 abf36d8698ff3380a7df6823655f6084  x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.1.101mdk.x86_64.rpm
 87f875b72cb4c0781d4a5dba06d3ac1c  x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.1.101mdk.x86_64.rpm
 16ade85a7672e70db7e64fd22031dad9  x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.1.101mdk.x86_64.rpm
 98fcd424d243b2e67caa9525c1ef2bbb  x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.1.101mdk.x86_64.rpm
 a8b126818e61e244b264af9af4a0300c  x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.1.101mdk.x86_64.rpm
 e0b056b71173248fe4dda59b8e369179  x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.1.101mdk.x86_64.rpm
 deb6381ca4d8b3f661e23189b3147c0b  x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.1.101mdk.x86_64.rpm
 ee24aeecfa66282cfdddf36868289d66  x86_64/10.1/RPMS/apache2-modules-2.0.50-7.1.101mdk.x86_64.rpm
 3787cc810380a875b017c5dd61dfa753  x86_64/10.1/RPMS/apache2-source-2.0.50-7.1.101mdk.x86_64.rpm
 85d018473eccf002f3952aa373ad011b  x86_64/10.1/RPMS/apache2-worker-2.0.50-7.1.101mdk.x86_64.rpm
 ec2086cc14f5d8dfe69d7d3997839dc3  x86_64/10.1/RPMS/mod_ssl-2.8.19-1.1.101mdk.x86_64.rpm
 1e7f77b7dfda5fffcadc105983f8d057  x86_64/10.1/SRPMS/apache2-2.0.50-7.1.101mdk.src.rpm
 f570d037a621f96459b1277a751321f0  x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.1.101mdk.src.rpm
 7d747fde6e998c9493280925420bab7d  x86_64/10.1/SRPMS/mod_ssl-2.8.19-1.1.101mdk.src.rpm

 Corporate Server 2.1:
 bbb22f7a803e1e8576c01b1625b9fe59  corporate/2.1/RPMS/mod_ssl-2.8.10-5.5.C21mdk.i586.rpm
 35924170ec84967c32030c56085ba4c9  corporate/2.1/SRPMS/mod_ssl-2.8.10-5.5.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 0fb53bcb355dcf8c3b0a6ef7f9b77c73  x86_64/corporate/2.1/RPMS/mod_ssl-2.8.10-5.5.C21mdk.x86_64.rpm
 35924170ec84967c32030c56085ba4c9  x86_64/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.5.C21mdk.src.rpm

 Mandrakelinux 9.2:
 b312c6619e75753289727e7f54e99cd6  9.2/RPMS/apache2-2.0.47-6.10.92mdk.i586.rpm
 f06a2e2d1eb60941b2ff4d01d85318da  9.2/RPMS/apache2-common-2.0.47-6.10.92mdk.i586.rpm
 51ea641f34b2f69942ad7721c03bcd5e  9.2/RPMS/apache2-devel-2.0.47-6.10.92mdk.i586.rpm
 d76190eb798cee44c4310ceae6b3bb4c  9.2/RPMS/apache2-manual-2.0.47-6.10.92mdk.i586.rpm
 fad309f79c12f0d596ad0fb00dcca2f1  9.2/RPMS/apache2-mod_cache-2.0.47-6.10.92mdk.i586.rpm
 4785ab184520460d1a97c3655cd18d92  9.2/RPMS/apache2-mod_dav-2.0.47-6.10.92mdk.i586.rpm
 29844a272f63fe05b339efba4fa56fbe  9.2/RPMS/apache2-mod_deflate-2.0.47-6.10.92mdk.i586.rpm
 51f8fcede09e49a3d4d674368c900adc  9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.10.92mdk.i586.rpm
 ce9fab1d93818c2f14bca5202b215b53  9.2/RPMS/apache2-mod_file_cache-2.0.47-6.10.92mdk.i586.rpm
 5c28f8dc9e753f8d11a6870e4ec0877a  9.2/RPMS/apache2-mod_ldap-2.0.47-6.10.92mdk.i586.rpm
 87a1c68f6c5294343aeadf53737f7b90  9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.10.92mdk.i586.rpm
 9f114f43426e496f63abb49e3697121c  9.2/RPMS/apache2-mod_proxy-2.0.47-6.10.92mdk.i586.rpm
 900730bdc0e7c427c8566d3549a25854  9.2/RPMS/apache2-mod_ssl-2.0.47-6.10.92mdk.i586.rpm
 de5b05c49ad0e05d0894594014c1196a  9.2/RPMS/apache2-modules-2.0.47-6.10.92mdk.i586.rpm
 45cc0029100e385f54474f0aa9e7223c  9.2/RPMS/apache2-source-2.0.47-6.10.92mdk.i586.rpm
 4e1957d8592e62098ff4be7e2b1006c2  9.2/RPMS/libapr0-2.0.47-6.10.92mdk.i586.rpm
 8fc7c6d3324a88309a6fd3dcc53f5495  9.2/RPMS/mod_ssl-2.8.15-1.3.92mdk.i586.rpm
 9d7c85949ee82104c2e9aa3f8c7eeb5a  9.2/SRPMS/apache2-2.0.47-6.10.92mdk.src.rpm
 1b1ca90dfaad56a8e9b72996e7326eee  9.2/SRPMS/mod_ssl-2.8.15-1.3.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 543d639dacd77a9120ce5d18ab8182d6  amd64/9.2/RPMS/apache2-2.0.47-6.10.92mdk.amd64.rpm
 d0eafc19c3cfbdb8eead634b5af006e7  amd64/9.2/RPMS/apache2-common-2.0.47-6.10.92mdk.amd64.rpm
 ca61c7be7085ea9c27cb67e4406ce0be  amd64/9.2/RPMS/apache2-devel-2.0.47-6.10.92mdk.amd64.rpm
 b986b2fc9d5ae3e3926c7fcf521866e4  amd64/9.2/RPMS/apache2-manual-2.0.47-6.10.92mdk.amd64.rpm
 d423e61363e56cd7557ce0a7bf4ff4f9  amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.10.92mdk.amd64.rpm
 cdfc95e2f7d1f62e8941a660a1890832  amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.10.92mdk.amd64.rpm
 53ca615e3fd661236bc517e4fa34ecfc  amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.10.92mdk.amd64.rpm
 f55acf23c9f4d390f416be8a1b056494  amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.10.92mdk.amd64.rpm
 e5f68ec4b8c51b1b505baad44601fd87  amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.10.92mdk.amd64.rpm
 e0ab7918f345fca17d9da8ac3f6b07bd  amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.10.92mdk.amd64.rpm
 999e91d7acc4203c577f6a6314231a9b  amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.10.92mdk.amd64.rpm
 8a0b12128fc41bfa487ba4587f075545  amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.10.92mdk.amd64.rpm
 83724c0485d7fea735b8b7a7a64cb33d  amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.10.92mdk.amd64.rpm
 25fb5ebb5493ef1ba22bd66dc244999d  amd64/9.2/RPMS/apache2-modules-2.0.47-6.10.92mdk.amd64.rpm
 80baf78003f6a137704c3c3675d9292c  amd64/9.2/RPMS/apache2-source-2.0.47-6.10.92mdk.amd64.rpm
 6a58f3643d9406be341b797af29e509b  amd64/9.2/RPMS/lib64apr0-2.0.47-6.10.92mdk.amd64.rpm
 c7fc3129993f2832d57004b80d614925  amd64/9.2/RPMS/mod_ssl-2.8.15-1.3.92mdk.amd64.rpm
 9d7c85949ee82104c2e9aa3f8c7eeb5a  amd64/9.2/SRPMS/apache2-2.0.47-6.10.92mdk.src.rpm
 1b1ca90dfaad56a8e9b72996e7326eee  amd64/9.2/SRPMS/mod_ssl-2.8.15-1.3.92mdk.src.rpm

 Multi Network Firewall 8.2:
 5f789e741db0885e7d73fccd4022b387  mnf8.2/RPMS/mod_ssl-2.8.7-3.5.M82mdk.i586.rpm
 5b471a15f2d5b9b70f85c561d75226f8  mnf8.2/SRPMS/mod_ssl-2.8.7-3.5.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBhtbPmqjQ0CJFipgRAqmOAKDwzXY3+O8BuiaernMQHmETjeAqDQCeN/l/
BGpmugS8zoF2ahqbRSNuv7E=
=yvOV
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:122 - Updated mod_ssl packages fix information disclosure vulnerability Mandrake Linux Security Team (Nov 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]