Debian GNU/Linux Advisory: libapache-mod-ssl | Linux Today

Debian GNU/Linux Advisory: libapache-mod-ssl

Written By
Web Webster
Web Webster
Jul 27, 2004

Debian Security Advisory DSA 532-2 security@debian.org
http://www.debian.org/security/
Matt Zimmerman
July 27th, 2004 http://www.debian.org/security/faq


Package : libapache-mod-ssl
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2004-0488 CAN-2004-0700

Two vulnerabilities were discovered in libapache-mod-ssl:

CAN-2004-0488 – Stack-based buffer overflow in the
ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl,
when mod_ssl is configured to trust the issuing CA, may allow
remote attackers to execute arbitrary code via a client certificate
with a long subject DN.

CAN-2004-0700 – Format string vulnerability in the ssl_log
function in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31
may allow remote attackers to execute arbitrary messages via format
string specifiers in certain log messages for HTTPS.

This is a revision to DSA 531-1, due to a problem with a
documentation symlink in the previous version of the i386 binary
package.

For the current stable distribution (woody), these problems have
been fixed in version 2.8.9-2.4.

For the unstable distribution (sid), CAN-2004-0488 was fixed in
version 2.8.18, and CAN-2004-0700 will be fixed soon.

We recommend that you update your libapache-mod-ssl package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4.dsc

Size/MD5 checksum: 678 9662032334a33e08047912fc12cda8f0

http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4.diff.gz

Size/MD5 checksum: 17957 dc9132bd59bf16275b8251fbb5990e50

http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9.orig.tar.gz

Size/MD5 checksum: 752613 aad438a4eaeeee29ae74483f7afe9db0

Architecture independent components:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.9-2.4_all.deb

Size/MD5 checksum: 303686 5042961977764bf6c3bc84c9cd308162

ARM architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_arm.deb

Size/MD5 checksum: 240194 a88b3f3565e22e385a0496bdf8e8d0e0

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_i386.deb

Size/MD5 checksum: 238998 0e800a60c0fd7857561cca76604bc8f5

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_ia64.deb

Size/MD5 checksum: 268822 eb8a35902a92cbe4dfa1e67d624790b5

HP Precision architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_hppa.deb

Size/MD5 checksum: 248214 44cb8c0d9d7fa46ec38b273a44d226ce

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_m68k.deb

Size/MD5 checksum: 241230 706150c2027a64dd5aad70768eddbfc9

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_mips.deb

Size/MD5 checksum: 236180 c7795b4db5b7f807c3e721e0a91f50b1

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_mipsel.deb

Size/MD5 checksum: 236150 6d045b6dad592a46d3097ea119e4a6aa

PowerPC architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_powerpc.deb

Size/MD5 checksum: 242036 4adbdef42037d2daf78dc5bcde7d3af0

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_s390.deb

Size/MD5 checksum: 242158 4df8b6c4f5b42322a23525d68f56d10e

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_sparc.deb

Size/MD5 checksum: 244258 b8a4594701931f00af84c9c8e8f27b94

These files will probably be moved into the stable distribution
on its next revision.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.