« 狼和羊的故事—一笑而已 | Main | 关于blog的一些想法 »

Apache又来了安全公告。。。

刚刚想睡觉的时候收到了commit mail:

clement 2004/05/28 08:27:02 PDT

FreeBSD ports repository

Modified files:
www/apache2 Makefile
Added files:
www/apache2/files patch-modules:ssl:ssl_engine_kernel.c
Log:
- Import security fix from Apache CVS...
* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer
overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
functions.
- ... and of course bump PORTREVISION.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
http://secunia.com/advisories/11534/

Reported by: Charles-Damien Orbello

Revision Changes Path
1.178 +1 -0 ports/www/apache2/Makefile
1.1 +39 -0 ports/www/apache2/files/patch-modules:ssl:ssl_engine_kernel.c (new)

确切地知道自己vulnerable,所以。。。

Posted by Xin LI on May 28, 2004 11:40 PM |

Search


Advertise

About

This page contains a single entry from the blog posted on May 28, 2004 11:40 PM.

The previous post in this blog was 狼和羊的故事—一笑而已.

The next post in this blog is 关于blog的一些想法.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 4.01