Apache又来了安全公告。。。

2004-05-29 06:40 • 本文约 140 字，阅读大致需要 1 分钟 | Security

刚刚想睡觉的时候收到了commit mail:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

clement     2004/05/28 08:27:02 PDT

  FreeBSD ports repository
  Modified files:
    www/apache2          Makefile 
  Added files:
    www/apache2/files    patch-modules:ssl:ssl_engine_kernel.c 
  Log:
  - Import security fix from Apache CVS...
  * modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer
  overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
  length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
  functions.
  - ... and of course bump PORTREVISION.
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
  http://secunia.com/advisories/11534/
  
  Reported by:    Charles-Damien Orbello <tazma@cultdeadsheep.org>
  
  Revision  Changes    Path
  1.178     +1 -0      ports/www/apache2/Makefile
  1.1       +39 -0     ports/www/apache2/files/patch-modules:ssl:ssl_engine_kernel.c (new)

确切地知道自己vulnerable，所以。。。