Slackware Advisory SSA:2004-305-01 Apache+mod_ssl Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2004-305-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-305-01

Insight

New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix a security issue. Apache has been upgraded to version 1.3.33 which fixes a buffer overflow which may allow local users to execute arbitrary code as the apache user. The mod_ssl package has also been upgraded to version 2.8.22_1.3.33. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940

Severity

Classification

CVE CVE-2004-0492, CVE-2004-0940

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Slackware Advisory SSA:2004-049-01 Kernel security update
Slackware Advisory SSA:2003-259-02 ProFTPD Security Advisory
Slackware Advisory SSA:2003-253-01 security issues in pine
Slackware Advisory SSA:2004-049-02 metamail security update
Slackware Advisory SSA:2003-336-01 Kernel security update

Slackware Advisory SSA:2004-305-01 apache+mod_ssl

Take action and discover your vulnerabilities