Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  


--------------------------------------------------------------------------
  Turbolinux Security Advisory TLSA-2002-38
  http://www/turbolinux.co.jp/security/
                                            security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Mod_ssl

Capture of the httpd server authority by unauthorized user.

   Release date : 2002-07-03

   Solution: package : mod_ssl-2.8.10-2

   Problem
    There is a possibility of unauthorized user making use of the.htaccess file, and capturing authority of the httpd server. 
There is a possibility of memory leak occurring with CA certification processing.

   Solution:
    Please verify version and execute the command below.

    # rpm -qa | grep package name

    When problem corresponds, please download the update package. Do the update  by the using the command below.
    Furthermore, please execute the package number which corresponds to your version number. Without starting a new paragraph, please enter the "\ " Bunchu sign.

    Execution example
    ---------------------------------------------------------------------
    # rpm -Fvh Package-1.0.0-1.i586.rpm \
    Package-doc-1.0.0-1.i586.rpm \
    Package-devel-1.0.0-1.i586.rpm

    The case where rpm command is executed, please enter as follows on the command line.

    # rpm -Fvh package-1.0.0-1.i586.rpm package-doc-1.0.0-1.i586.rpm package-devel-1.0.0-1.i586.rpm
    ---------------------------------------------------------------------

    < Turbolinux 8 Workstation >
    # rpm -Fvh apache-1.3.26-2.i586.rpm \
    apache-devel-1.3.26-2.i586.rpm \
    apache-manual-1.3.26-2.i586.rpm \
    Auth_ldap-1.6.0-2.i586.rpm \
    mod_bandwidth-2.0.3-3.i586.rpm \
    mod_dav-1.0.3-1.i586.rpm \
    mod_perl-1.26-3.i586.rpm \
    mod_python-2.7.6-4.i586.rpm \
    mod_ruby-0.9.7-3.i586.rpm \
    mod_ssl-2.8.10-2.i586.rpm \
    mod_throttle-312-3.i586.rpm \
    php-4.1.2-6.i586.rpm \
    php-gd-4.1.2-6.i586.rpm \
    php-imap-4.1.2-6.i586.rpm \
    php-ldap-4.1.2-6.i586.rpm \
    php-manual-4.1.2-6.i586.rpm \
    php-ming-4.1.2-6.i586.rpm \
    php-mysql-4.1.2-6.i586.rpm \
    php-pgsql-4.1.2-6.i586.rpm

    < Turbolinux 7 Server >
    # rpm -Fvh apache-1.3.26-2.i586.rpm \
    apache-devel-1.3.26-2.i586.rpm \
    apache-manual-1.3.26-2.i586.rpm \
    Auth_ldap-1.6.0-2.i586.rpm \
    mod_bandwidth-2.0.3-3.i586.rpm \
    mod_dav-1.0.3-1.i586.rpm \
    mod_perl-1.26-3.i586.rpm \
    mod_ruby-0.9.7-3.i586.rpm \
    mod_ssl-2.8.10-2.i586.rpm \
    mod_throttle-312-3.i586.rpm \
    php-4.1.2-7.i586.rpm \
    php-imap-4.1.2-7.i586.rpm \
    php-ldap-4.1.2-7.i586.rpm \
    php-manual-4.1.2-7.i586.rpm \
    php-mysql-4.1.2-7.i586.rpm \
    php-pgsql-4.1.2-7.i586.rpm

    < Turbolinux 7 Workstation >
    # rpm -Fvh apache-1.3.26-2.i586.rpm \
    apache-devel-1.3.26-2.i586.rpm \
    apache-manual-1.3.26-2.i586.rpm \
    Auth_ldap-1.6.0-2.i586.rpm \
    mod_bandwidth-2.0.3-3.i586.rpm \
    mod_ruby-0.9.7-3.i586.rpm \
    mod_ssl-2.8.10-2.i586.rpm \
    mod_throttle-312-3.i586.rpm \
    php-4.1.2-7.i586.rpm \
    php-imap-4.1.2-7.i586.rpm \
    php-ldap-4.1.2-7.i586.rpm \
    php-manual-4.1.2-7.i586.rpm \
    php-mysql-4.1.2-7.i586.rpm \
    php-pgsql-4.1.2-7.i586.rpm

    < Turbolinux Server 6.5 >
    # rpm -Uvh Cyrus-sasl-1.5.24-15.i386.rpm \
    Cyrus-sasl-devel-1.5.24-15.i386.rpm
    # rpm -Fvh apache-1.3.26-2.i386.rpm \
    apache-devel-1.3.26-2.i386.rpm \
    apache-manual-1.3.26-2.i386.rpm \
    mod_ssl-2.8.10-2.i386.rpm \
    openssl-0.9.6b-1.i386.rpm \
    openssl-devel-0.9.6b-1.i386.rpm \
    php-3.0.18-10jaJP.i386.rpm \
    php-imap-3.0.18-10jaJP.i386.rpm \
    php-ldap-3.0.18-10jaJP.i386.rpm \
    php-manual-3.0.18-10jaJP.i386.rpm \
    php-mysql-3.0.18-10jaJP.i386.rpm \
    php-pgsql-3.0.18-10jaJP.i386.rpm

    < Turbolinux Advanced Server 6 >
    < Turbolinux Server 6.1 >
    # rpm -Fvh apache-1.3.23-7.i386.rpm \
    apache-devel-1.3.23-7.i386.rpm \
    apache-manual-1.3.23-7.i386.rpm \
    mod_ssl-2.8.7-7.i386.rpm \
    openssl-0.9.6b-1.i386.rpm

    < Turbolinux Workstation 6.0 >

    * The mod_ssl is not recorded.

* If using the RSA SSL of note TurboLinux Server Japanese edition 6.1 recording, with the environment which constructs the Secure Web Server, please do not update the mod_ssl package.

Package updates: http://www.turbolinux.co.jp/update/




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.