Apache又来了安全公告。。。

| No Comments | No TrackBacks |

刚刚想睡觉的时候收到了commit mail:

clement 2004/05/28 08:27:02 PDT

FreeBSD ports repository

Modified files:
www/apache2 Makefile
Added files:
www/apache2/files patch-modules:ssl:ssl_engine_kernel.c
Log:
- Import security fix from Apache CVS...
* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer
overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
functions.
- ... and of course bump PORTREVISION.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
http://secunia.com/advisories/11534/

Reported by: Charles-Damien Orbello

Revision Changes Path
1.178 +1 -0 ports/www/apache2/Makefile
1.1 +39 -0 ports/www/apache2/files/patch-modules:ssl:ssl_engine_kernel.c (new)

确切地知道自己vulnerable,所以。。。

No TrackBacks

TrackBack URL: https://blog.delphij.net/mt/mt-tb.cgi/316

Leave a comment

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.2.3