Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 57379 - net-www/mod_ssl: format string vulnerability (<=2.8.19 for Apache 1.3.31)
Summary: net-www/mod_ssl: format string vulnerability (<=2.8.19 for Apache 1.3.31)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Reported: 2004-07-17 04:57 UTC by Matthias Geerdsen (RETIRED)
Modified: 2011-10-30 22:40 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Geerdsen (RETIRED) gentoo-dev 2004-07-17 04:57:14 UTC
From the Announcement on modssl-users:

    * From: Ralf S. Engelschall
    * Subject: [ANNOUNCE] mod_ssl 2.8.19 for Apache 1.3.31
    * Date: Fri, 16 Jul 2004 13:45:46 -0700 

We've today found an ssl_log() related format string vulnerability in
the mod_proxy hook functions of mod_ssl for Apache 1.3.x (mod_ssl for
Apache 2.x is not affected). A mod_ssl 2.8.19 for Apache 1.3.31 was
created which fixes this potential security hole.

Get mod_ssl-2.8.19-1.3.31.tar.gz from:


                                       Ralf S. Engelschall


Additional patches for non security related formatting bugs were posted in

Reproducible: Always
Steps to Reproduce:
Comment 1 Chuck Short (RETIRED) gentoo-dev 2004-07-17 05:20:37 UTC
In cvs, already marked stable for x86 and sparc.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2004-07-19 00:50:53 UTC
ppc, hppa, mips : please mark net-www/mod_ssl-2.8.19 stable.
Comment 3 Luca Barbato gentoo-dev 2004-07-22 01:27:06 UTC
Marked ppc
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-07-23 02:39:19 UTC
GLSA 200407-18
Comment 5 Joshua Kinard gentoo-dev 2004-07-27 22:27:54 UTC
stable on mips.