MDKSA-2004:122 - Updated mod_ssl packages fix information disclosure vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: mod_ssl/apache2-mod_ssl
Advisory ID: MDKSA-2004:122
Date: November 1st, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A vulnerability in mod_ssl was discovered by Hartmut Keil. After a
renegotiation, mod_ssl would fail to ensure that the requested cipher
suite is actually negotiated. The provided packages have been patched
to prevent this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
429d438717b8bfdd0ac366da8f3e7e89 10.0/RPMS/apache2-2.0.48-6.7.100mdk.i586.rpm
6edd259a81c690a6a1299271a10de8ab
10.0/RPMS/apache2-common-2.0.48-6.7.100mdk.i586.rpm
ddbbe0d19ccdcbcf7a4a4d823676faea
10.0/RPMS/apache2-devel-2.0.48-6.7.100mdk.i586.rpm
9a1425b21544ff9bd81dcc3386c81631
10.0/RPMS/apache2-manual-2.0.48-6.7.100mdk.i586.rpm
27cd57beaf5db175693d01366046691b
10.0/RPMS/apache2-mod_cache-2.0.48-6.7.100mdk.i586.rpm
6141d95d82f2c2f38838b72c3ac7806a
10.0/RPMS/apache2-mod_dav-2.0.48-6.7.100mdk.i586.rpm
48ac206a447c0c25fa9e617639474c77
10.0/RPMS/apache2-mod_deflate-2.0.48-6.7.100mdk.i586.rpm
c6f94930e3b5055ad1073ee949110f57
10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.7.100mdk.i586.rpm
56746abbceb15245aef8573bfa1b7a54
10.0/RPMS/apache2-mod_file_cache-2.0.48-6.7.100mdk.i586.rpm
69bad52d4f96fccb86631a656f50f4eb
10.0/RPMS/apache2-mod_ldap-2.0.48-6.7.100mdk.i586.rpm
e325fadb04ae542e22ae363ce496eb18
10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.7.100mdk.i586.rpm
9d717c63ca90fd26cac4a3cf61cf269f
10.0/RPMS/apache2-mod_proxy-2.0.48-6.7.100mdk.i586.rpm
d9f0228462bd4b7f041dbd94aae68125
10.0/RPMS/apache2-mod_ssl-2.0.48-6.7.100mdk.i586.rpm
7193c375c5dcccc1e51637ec318aea7e
10.0/RPMS/apache2-modules-2.0.48-6.7.100mdk.i586.rpm
38c0cb64d7c75e071c08832c7fd49c3a
10.0/RPMS/apache2-source-2.0.48-6.7.100mdk.i586.rpm
20194ed8af9f9a691b23732058a739b9 10.0/RPMS/libapr0-2.0.48-6.7.100mdk.i586.rpm
e53dbfcd27032f209a1d60a7cd5b5cbf 10.0/RPMS/mod_ssl-2.8.16-1.3.100mdk.i586.rpm
ea8e6ebb5defc2e6465356bccb9d6678 10.0/SRPMS/apache2-2.0.48-6.7.100mdk.src.rpm
8074914686563633c3948fd4143f7b09 10.0/SRPMS/mod_ssl-2.8.16-1.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
146b8d20ad0fec83efbf0a09a3a0dbe0
amd64/10.0/RPMS/apache2-2.0.48-6.7.100mdk.amd64.rpm
936e446e2416dddbb4b189e35aa72279
amd64/10.0/RPMS/apache2-common-2.0.48-6.7.100mdk.amd64.rpm
b62c10d878316695bcd8cb6209a85224
amd64/10.0/RPMS/apache2-devel-2.0.48-6.7.100mdk.amd64.rpm
390b1b48fc06b57951521037835cd804
amd64/10.0/RPMS/apache2-manual-2.0.48-6.7.100mdk.amd64.rpm
7a5affc7e9672730518d1f53982d1db5
amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.7.100mdk.amd64.rpm
0e9243c8847f717e9f59954f23c571da
amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.7.100mdk.amd64.rpm
cc345abfdea330abda80f2bb85288cc9
amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.7.100mdk.amd64.rpm
2a22ea878c5741dd375ad394bc87f1f5
amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.7.100mdk.amd64.rpm
babacc68efe1bc11a221013fc0910ba0
amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.7.100mdk.amd64.rpm
122f0049f13e32db6a499c1ba937cd31
amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.7.100mdk.amd64.rpm
4a92da61ce77dc5a28e6315068687537
amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.7.100mdk.amd64.rpm
78996c9106336896f83c3f882afa8640
amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.7.100mdk.amd64.rpm
4edb7510fa7225422933db88968890cd
amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.7.100mdk.amd64.rpm
b109c1ac9ca2f0fe66e42944b543ccaa
amd64/10.0/RPMS/apache2-modules-2.0.48-6.7.100mdk.amd64.rpm
46169f035e89af16def0ad29b1c7b327
amd64/10.0/RPMS/apache2-source-2.0.48-6.7.100mdk.amd64.rpm
c358fa7df7e0b50818e25f2f8f7866a2
amd64/10.0/RPMS/lib64apr0-2.0.48-6.7.100mdk.amd64.rpm
951ddb8c42310629b23d9eabb188c6b5
amd64/10.0/RPMS/mod_ssl-2.8.16-1.3.100mdk.amd64.rpm
ea8e6ebb5defc2e6465356bccb9d6678
amd64/10.0/SRPMS/apache2-2.0.48-6.7.100mdk.src.rpm
8074914686563633c3948fd4143f7b09
amd64/10.0/SRPMS/mod_ssl-2.8.16-1.3.100mdk.src.rpm
Mandrakelinux 10.1:
e714fa9784281c66b72817bb5deecf6b 10.1/RPMS/apache2-2.0.50-7.1.101mdk.i586.rpm
efcbecb46dabc550023ad708e5b5356d
10.1/RPMS/apache2-common-2.0.50-7.1.101mdk.i586.rpm
dea9db9c1c01e0983faf48f07472e19f
10.1/RPMS/apache2-devel-2.0.50-7.1.101mdk.i586.rpm
d9b7e5a6031fbf5267c2049248fef0c7
10.1/RPMS/apache2-manual-2.0.50-7.1.101mdk.i586.rpm
3f920325b94a6ebebca013340eb8e04a
10.1/RPMS/apache2-mod_cache-2.0.50-7.1.101mdk.i586.rpm
592da78980d07502c3624f796ae6fbe8
10.1/RPMS/apache2-mod_dav-2.0.50-7.1.101mdk.i586.rpm
5e98d536e68aeeec4478883c5cddd2c4
10.1/RPMS/apache2-mod_deflate-2.0.50-7.1.101mdk.i586.rpm
ddf6aedfdd0e69201d96d370a75bcba5
10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.1.101mdk.i586.rpm
6d4607217579d55ba1b6e16c34b21531
10.1/RPMS/apache2-mod_file_cache-2.0.50-7.1.101mdk.i586.rpm
58edbcd2e6a6303596f61b6fceaf631e
10.1/RPMS/apache2-mod_ldap-2.0.50-7.1.101mdk.i586.rpm
84ce3ae0a05d5511195b675a52ee3d99
10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.1.101mdk.i586.rpm
e98c611a98dae2a92591fec63979a363
10.1/RPMS/apache2-mod_proxy-2.0.50-7.1.101mdk.i586.rpm
66c51a72f1933c5146715dcf95c2a3c6
10.1/RPMS/apache2-mod_ssl-2.0.50-4.1.101mdk.i586.rpm
df78cfe3bde7549a7e140baa297d0960
10.1/RPMS/apache2-modules-2.0.50-7.1.101mdk.i586.rpm
06161835b5ef8166608d446e1e5adbb9
10.1/RPMS/apache2-source-2.0.50-7.1.101mdk.i586.rpm
5efa55982a850f076b9b59716d32f0c4
10.1/RPMS/apache2-worker-2.0.50-7.1.101mdk.i586.rpm
5b57e055e2d7b527f1319ca8f9f1f634 10.1/RPMS/mod_ssl-2.8.19-1.1.101mdk.i586.rpm
1e7f77b7dfda5fffcadc105983f8d057 10.1/SRPMS/apache2-2.0.50-7.1.101mdk.src.rpm
f570d037a621f96459b1277a751321f0
10.1/SRPMS/apache2-mod_ssl-2.0.50-4.1.101mdk.src.rpm
7d747fde6e998c9493280925420bab7d 10.1/SRPMS/mod_ssl-2.8.19-1.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
af7afd1cd53cb0f6f21e00dbb05af085
x86_64/10.1/RPMS/apache2-2.0.50-7.1.101mdk.x86_64.rpm
bc53536922c2faa9a05186e2329c0051
x86_64/10.1/RPMS/apache2-common-2.0.50-7.1.101mdk.x86_64.rpm
e7ab3c9911988c2c7c7d7907c61e82c3
x86_64/10.1/RPMS/apache2-devel-2.0.50-7.1.101mdk.x86_64.rpm
1d4a7e7283de77ff88b34c2f63e107de
x86_64/10.1/RPMS/apache2-manual-2.0.50-7.1.101mdk.x86_64.rpm
abe578e53cd5b8ef6455049469018300
x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.1.101mdk.x86_64.rpm
286510a60cdb51e587bb52a1a9fb1540
x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.1.101mdk.x86_64.rpm
abf36d8698ff3380a7df6823655f6084
x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.1.101mdk.x86_64.rpm
87f875b72cb4c0781d4a5dba06d3ac1c
x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.1.101mdk.x86_64.rpm
16ade85a7672e70db7e64fd22031dad9
x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.1.101mdk.x86_64.rpm
98fcd424d243b2e67caa9525c1ef2bbb
x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.1.101mdk.x86_64.rpm
a8b126818e61e244b264af9af4a0300c
x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.1.101mdk.x86_64.rpm
e0b056b71173248fe4dda59b8e369179
x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.1.101mdk.x86_64.rpm
deb6381ca4d8b3f661e23189b3147c0b
x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.1.101mdk.x86_64.rpm
ee24aeecfa66282cfdddf36868289d66
x86_64/10.1/RPMS/apache2-modules-2.0.50-7.1.101mdk.x86_64.rpm
3787cc810380a875b017c5dd61dfa753
x86_64/10.1/RPMS/apache2-source-2.0.50-7.1.101mdk.x86_64.rpm
85d018473eccf002f3952aa373ad011b
x86_64/10.1/RPMS/apache2-worker-2.0.50-7.1.101mdk.x86_64.rpm
ec2086cc14f5d8dfe69d7d3997839dc3
x86_64/10.1/RPMS/mod_ssl-2.8.19-1.1.101mdk.x86_64.rpm
1e7f77b7dfda5fffcadc105983f8d057
x86_64/10.1/SRPMS/apache2-2.0.50-7.1.101mdk.src.rpm
f570d037a621f96459b1277a751321f0
x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.1.101mdk.src.rpm
7d747fde6e998c9493280925420bab7d
x86_64/10.1/SRPMS/mod_ssl-2.8.19-1.1.101mdk.src.rpm
Corporate Server 2.1:
bbb22f7a803e1e8576c01b1625b9fe59
corporate/2.1/RPMS/mod_ssl-2.8.10-5.5.C21mdk.i586.rpm
35924170ec84967c32030c56085ba4c9
corporate/2.1/SRPMS/mod_ssl-2.8.10-5.5.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
0fb53bcb355dcf8c3b0a6ef7f9b77c73
x86_64/corporate/2.1/RPMS/mod_ssl-2.8.10-5.5.C21mdk.x86_64.rpm
35924170ec84967c32030c56085ba4c9
x86_64/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.5.C21mdk.src.rpm
Mandrakelinux 9.2:
b312c6619e75753289727e7f54e99cd6 9.2/RPMS/apache2-2.0.47-6.10.92mdk.i586.rpm
f06a2e2d1eb60941b2ff4d01d85318da
9.2/RPMS/apache2-common-2.0.47-6.10.92mdk.i586.rpm
51ea641f34b2f69942ad7721c03bcd5e
9.2/RPMS/apache2-devel-2.0.47-6.10.92mdk.i586.rpm
d76190eb798cee44c4310ceae6b3bb4c
9.2/RPMS/apache2-manual-2.0.47-6.10.92mdk.i586.rpm
fad309f79c12f0d596ad0fb00dcca2f1
9.2/RPMS/apache2-mod_cache-2.0.47-6.10.92mdk.i586.rpm
4785ab184520460d1a97c3655cd18d92
9.2/RPMS/apache2-mod_dav-2.0.47-6.10.92mdk.i586.rpm
29844a272f63fe05b339efba4fa56fbe
9.2/RPMS/apache2-mod_deflate-2.0.47-6.10.92mdk.i586.rpm
51f8fcede09e49a3d4d674368c900adc
9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.10.92mdk.i586.rpm
ce9fab1d93818c2f14bca5202b215b53
9.2/RPMS/apache2-mod_file_cache-2.0.47-6.10.92mdk.i586.rpm
5c28f8dc9e753f8d11a6870e4ec0877a
9.2/RPMS/apache2-mod_ldap-2.0.47-6.10.92mdk.i586.rpm
87a1c68f6c5294343aeadf53737f7b90
9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.10.92mdk.i586.rpm
9f114f43426e496f63abb49e3697121c
9.2/RPMS/apache2-mod_proxy-2.0.47-6.10.92mdk.i586.rpm
900730bdc0e7c427c8566d3549a25854
9.2/RPMS/apache2-mod_ssl-2.0.47-6.10.92mdk.i586.rpm
de5b05c49ad0e05d0894594014c1196a
9.2/RPMS/apache2-modules-2.0.47-6.10.92mdk.i586.rpm
45cc0029100e385f54474f0aa9e7223c
9.2/RPMS/apache2-source-2.0.47-6.10.92mdk.i586.rpm
4e1957d8592e62098ff4be7e2b1006c2 9.2/RPMS/libapr0-2.0.47-6.10.92mdk.i586.rpm
8fc7c6d3324a88309a6fd3dcc53f5495 9.2/RPMS/mod_ssl-2.8.15-1.3.92mdk.i586.rpm
9d7c85949ee82104c2e9aa3f8c7eeb5a 9.2/SRPMS/apache2-2.0.47-6.10.92mdk.src.rpm
1b1ca90dfaad56a8e9b72996e7326eee 9.2/SRPMS/mod_ssl-2.8.15-1.3.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
543d639dacd77a9120ce5d18ab8182d6
amd64/9.2/RPMS/apache2-2.0.47-6.10.92mdk.amd64.rpm
d0eafc19c3cfbdb8eead634b5af006e7
amd64/9.2/RPMS/apache2-common-2.0.47-6.10.92mdk.amd64.rpm
ca61c7be7085ea9c27cb67e4406ce0be
amd64/9.2/RPMS/apache2-devel-2.0.47-6.10.92mdk.amd64.rpm
b986b2fc9d5ae3e3926c7fcf521866e4
amd64/9.2/RPMS/apache2-manual-2.0.47-6.10.92mdk.amd64.rpm
d423e61363e56cd7557ce0a7bf4ff4f9
amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.10.92mdk.amd64.rpm
cdfc95e2f7d1f62e8941a660a1890832
amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.10.92mdk.amd64.rpm
53ca615e3fd661236bc517e4fa34ecfc
amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.10.92mdk.amd64.rpm
f55acf23c9f4d390f416be8a1b056494
amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.10.92mdk.amd64.rpm
e5f68ec4b8c51b1b505baad44601fd87
amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.10.92mdk.amd64.rpm
e0ab7918f345fca17d9da8ac3f6b07bd
amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.10.92mdk.amd64.rpm
999e91d7acc4203c577f6a6314231a9b
amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.10.92mdk.amd64.rpm
8a0b12128fc41bfa487ba4587f075545
amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.10.92mdk.amd64.rpm
83724c0485d7fea735b8b7a7a64cb33d
amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.10.92mdk.amd64.rpm
25fb5ebb5493ef1ba22bd66dc244999d
amd64/9.2/RPMS/apache2-modules-2.0.47-6.10.92mdk.amd64.rpm
80baf78003f6a137704c3c3675d9292c
amd64/9.2/RPMS/apache2-source-2.0.47-6.10.92mdk.amd64.rpm
6a58f3643d9406be341b797af29e509b
amd64/9.2/RPMS/lib64apr0-2.0.47-6.10.92mdk.amd64.rpm
c7fc3129993f2832d57004b80d614925
amd64/9.2/RPMS/mod_ssl-2.8.15-1.3.92mdk.amd64.rpm
9d7c85949ee82104c2e9aa3f8c7eeb5a
amd64/9.2/SRPMS/apache2-2.0.47-6.10.92mdk.src.rpm
1b1ca90dfaad56a8e9b72996e7326eee
amd64/9.2/SRPMS/mod_ssl-2.8.15-1.3.92mdk.src.rpm
Multi Network Firewall 8.2:
5f789e741db0885e7d73fccd4022b387 mnf8.2/RPMS/mod_ssl-2.8.7-3.5.M82mdk.i586.rpm
5b471a15f2d5b9b70f85c561d75226f8 mnf8.2/SRPMS/mod_ssl-2.8.7-3.5.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBhtbPmqjQ0CJFipgRAqmOAKDwzXY3+O8BuiaernMQHmETjeAqDQCeN/l/
BGpmugS8zoF2ahqbRSNuv7E=
=yvOV
-----END PGP SIGNATURE-----