Gentoo Bug 57379 - net-www/mod_ssl: format string vulnerability (<=2.8.19 for Apache 1.3.31)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	57379
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Matthias Geerdsen <vorlon@gentoo.org>
Add CC:
CC:

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 57379 depends on:			Show dependency tree
Bug 57379 blocks:			Show dependency tree

Votes:	0 Show votes for this bug Vote for this bug

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2004-07-17 04:57 0000

From the Announcement on modssl-users:


    * From: Ralf S. Engelschall
    * Subject: [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31
    * Date: Fri, 16 Jul 2004 13:45:46 -0700 

We've today found an ssl_log() related format string vulnerability in
the mod_proxy hook functions of mod_ssl for Apache 1.3.x (mod_ssl for
Apache 2.x is not affected). A mod_ssl 2.8.19 for Apache 1.3.31 was
created which fixes this potential security hole.

Get mod_ssl-2.8.19-1.3.31.tar.gz from:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall

_________________

Additional patches for non security related formatting bugs were posted in http://www.mail-archive.com/modssl-users@modssl.org/msg16855.html

Reproducible: Always
Steps to Reproduce:

------- Comment #1 From Chuck Short (RETIRED) 2004-07-17 05:20:37 0000 -------

In cvs, already marked stable for x86 and sparc.

------- Comment #2 From Thierry Carrez (RETIRED) 2004-07-19 00:50:53 0000 -------

ppc, hppa, mips : please mark net-www/mod_ssl-2.8.19 stable.

------- Comment #3 From Luca Barbato 2004-07-22 01:27:06 0000 -------

Marked ppc

------- Comment #4 From Thierry Carrez (RETIRED) 2004-07-23 02:39:19 0000 -------

GLSA 200407-18

------- Comment #5 From Joshua Kinard 2004-07-27 22:27:54 0000 -------

stable on mips.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 57379

net-www/mod_ssl: format string vulnerability (<=2.8.19 for Apache 1.3.31)

Last modified: 2004-11-09 22:06:08 0000