Slackware Linux Advisories: mod_ssl, PHP Jun 3, 2004, 02 :29 UTC (0 Talkback[s]) (2242 reads)
[slackware-security] mod_ssl (SSA:2004-154-01)
New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, and -current
to fix a security issue. The packages were upgraded to mod_ssl-2.8.18-1.3.31
fixing a buffer overflow that may allow remote attackers to execute arbitrary
code via a client certificate with a long subject DN, if mod_ssl is
configured to trust the issuing CA. Web sites running mod_ssl should upgrade
to the new set of apache and mod_ssl packages. There are new PHP packages as
well to fix a Slackware-specific local denial-of-service issue (an additional
Slackware advisory SSA:2004-154-02 has been issued for PHP).
More details about the mod_ssl issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Wed Jun 2 11:28:17 PDT 2004
patches/packages/mod_ssl-2.8.18_1.3.31-i486-1.tgz: Upgraded to
mod_ssl-2.8.18-1.3.31. This fixes a buffer overflow that may allow remote
attackers to execute arbitrary code via a client certificate with a long
subject DN, if mod_ssl is configured to trust the issuing CA:
*) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
if the Subject-DN in the client certificate exceeds 6KB in length.
For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
(* Security fix *)
Other changes: Make the sample keys .new so as not to overwrite existing
server keys. However, any existing mod_ssl package will have these listed
as non-config files, and will still remove and replace these upon upgrade.
You'll have to save your config files one more time... sorry).
+--------------------------+
[slackware-security] PHP local security issue (SSA:2004-154-02)
New PHP packages are available for Slackware 8.1, 9.0, 9.1, and -current
to fix a security issue. These fix a problem in previous Slackware php
packages where linking PHP against a static library in an insecure path
(under /tmp) could allow a local attacker to place shared libraries at
this location causing PHP to crash, or to execute arbitrary code as the
PHP user (which is by default, "nobody").
Thanks to Bryce Nichols for researching and reporting this issue.
Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Wed Jun 2 11:28:17 PDT 2004
patches/packages/php-4.3.6-i486-1.tgz: Upgraded to php-4.3.6. This is
compiled with c-client.a in /usr/local/lib/c-client/ to fix a problem in
previous php packages where linking against the library in a path under
/tmp caused an ELF rpath to this location to be built into the PHP binaries.
A local attacker could (by placing shared libraries in this location) either
crash PHP or cause arbitrary code to be executed as the PHP user (typically
"nobody"). Thanks to Bryce Nichols for discovering this issue and bringing
it to my attention.
(* Security fix *)
+--------------------------+
