Abrir sesión
logo

DEFENSA FRENTE A LAS CIBERAMENAZAS

barra-separadora

Boletines de Vulnerabilidades


Desbordamiento de búfer en el módulo mod_SSL para Apache

Clasificación de la vulnerabilidad

Propiedad Valor
Nivel de Confianza Oficial
Impacto Obtener acceso
Dificultad Experto
Requerimientos del atacante Acceso remoto sin cuenta a un servicio exotico

Información sobre el sistema

Propiedad Valor
Fabricante afectado GNU/Linux
Software afectado mod_SSL 2.x - Apache 2.0.x
mod_SSL 2.x - Apache 1.3.x

Descripción

Se ha descubierto una vulnerabilidad de desbordamiento de búfer en las versiones 2.x del módulo mod_ssl para Apache (tanto la rama 1.3 como la rama 2.0). La vulnerabilidad se da en la función ssl_util_uuencode_binary() a la hora de manejar el certificado del cliente si la opción "FakeBasicAuth" está habilitada.

La explotación de esta vulnerabilidad podría permitir a un atacante remoto provocar una situación de denegación de servicio o la ejecución remota de código mediante el uso de un certificado especialmente diseñado y una CA en la que confíe el servidor.

Solución

Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo.


Actualización de software

mod_SSL
Apache 1.3.31 - mod_SSL 2.8.18
http://www.modssl.org/source/mod_ssl-2.8.18-1.3.31.tar.gz
Apache 2.0.50
http://httpd.apache.org/download.cgi

Mandrake Linux - Apache2

Mandrakelinux 9.1
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-2.0.47-1.8.91mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-common-2.0.47-1.8.91mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-devel-2.0.47-1.8.91mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-manual-2.0.47-1.8.91mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-mod_dav-2.0.47-1.8.91mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-mod_ldap-2.0.47-1.8.91mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-mod_ssl-2.0.47-1.8.91mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-modules-2.0.47-1.8.91mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-source-2.0.47-1.8.91mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/libapr0-2.0.47-1.8.91mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/apache2-2.0.47-1.8.91mdk.src.rpm
PPC
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-2.0.47-1.8.91mdk.ppc.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-common-2.0.47-1.8.91mdk.ppc.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-devel-2.0.47-1.8.91mdk.ppc.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-manual-2.0.47-1.8.91mdk.ppc.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.8.91mdk.ppc.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.8.91mdk.ppc.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.8.91mdk.ppc.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-modules-2.0.47-1.8.91mdk.ppc.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-source-2.0.47-1.8.91mdk.ppc.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/libapr0-2.0.47-1.8.91mdk.ppc.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/apache2-2.0.47-1.8.91mdk.src.rpm

Mandrakelinux 9.2
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-common-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-devel-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-manual-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_cache-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_dav-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_deflate-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_ldap-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_proxy-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_ssl-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-modules-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-source-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libapr0-2.0.47-6.5.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/apache2-2.0.47-6.5.92mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-common-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-devel-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-manual-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-modules-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-source-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64apr0-2.0.47-6.5.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/apache2-2.0.47-6.5.92mdk.src.rpm

Mandrakelinux 10.0
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-common-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-devel-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-manual-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_cache-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_dav-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_deflate-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_ldap-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_proxy-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_ssl-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-modules-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-source-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libapr0-2.0.48-6.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/apache2-2.0.48-6.2.100mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-common-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-devel-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-manual-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-modules-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-source-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64apr0-2.0.48-6.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/apache2-2.0.48-6.2.100mdk.src.rpm

Mandrake Linux - mod_SSL

Mandrakelinux 9.1
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/mod_ssl-2.8.12-8.1.91mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/mod_ssl-2.8.12-8.1.91mdk.src.rpm
PPC
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/mod_ssl-2.8.12-8.1.91mdk.ppc.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/mod_ssl-2.8.12-8.1.91mdk.src.rpm

Mandrakelinux 9.2
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/mod_ssl-2.8.15-1.1.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/mod_ssl-2.8.15-1.1.92mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/mod_ssl-2.8.15-1.1.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/mod_ssl-2.8.15-1.1.92mdk.src.rpm

Mandrakelinux 10.0
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/mod_ssl-2.8.16-1.1.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/mod_ssl-2.8.16-1.1.100mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/mod_ssl-2.8.16-1.1.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/mod_ssl-2.8.16-1.1.100mdk.src.rpm

Mandrake Multi Network Firewall 8.2
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/mod_ssl-2.8.7-3.3.M82mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/SRPMS/mod_ssl-2.8.7-3.3.M82mdk.src.rpm

Mandrake Corporate Server 2.1
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/mod_ssl-2.8.10-5.3.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.3.C21mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/mod_ssl-2.8.10-5.3.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.3.C21mdk.src.rpm

OpenBSD
OpenBSD 3.4
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/025_httpd3.patch
OpenBSD 3.5
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/013_httpd.patch

Red Hat Linux

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS
apache-1.3.27-8.ent.src.rpm
mod_ssl-2.8.12-4.src.rpm
i386
apache-1.3.27-8.ent.i386.rpm
apache-devel-1.3.27-8.ent.i386.rpm
apache-manual-1.3.27-8.ent.i386.rpm
mod_ssl-2.8.12-4.i386.rpm
ia64
apache-1.3.27-8.ent.ia64.rpm
apache-devel-1.3.27-8.ent.ia64.rpm
apache-manual-1.3.27-8.ent.ia64.rpm
mod_ssl-2.8.12-4.ia64.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux ES (v. 2.1)
SRPMS
apache-1.3.27-8.ent.src.rpm
mod_ssl-2.8.12-4.src.rpm
i386
apache-1.3.27-8.ent.i386.rpm
apache-devel-1.3.27-8.ent.i386.rpm
apache-manual-1.3.27-8.ent.i386.rpm
mod_ssl-2.8.12-4.i386.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux WS (v. 2.1)
SRPMS
apache-1.3.27-8.ent.src.rpm
mod_ssl-2.8.12-4.src.rpm
i386
apache-1.3.27-8.ent.i386.rpm
apache-devel-1.3.27-8.ent.i386.rpm
apache-manual-1.3.27-8.ent.i386.rpm
mod_ssl-2.8.12-4.i386.rpm
https://rhn.redhat.com/

Red Hat Linux Advanced Workstation 2.1 Itanium Processor
SRPMS
apache-1.3.27-8.ent.src.rpm
mod_ssl-2.8.12-4.src.rpm
ia64
apache-1.3.27-8.ent.ia64.rpm
apache-devel-1.3.27-8.ent.ia64.rpm
apache-manual-1.3.27-8.ent.ia64.rpm
mod_ssl-2.8.12-4.ia64.rpm
https://rhn.redhat.com/

Red Hat Desktop (v. 3)
AMD64
httpd-2.0.46-32.ent.3.x86_64.rpm
httpd-devel-2.0.46-32.ent.3.x86_64.rpm
mod_ssl-2.0.46-32.ent.3.x86_64.rpm
SRPMS
httpd-2.0.46-32.ent.3.src.rpm
i386
httpd-2.0.46-32.ent.3.i386.rpm
httpd-devel-2.0.46-32.ent.3.i386.rpm
mod_ssl-2.0.46-32.ent.3.i386.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux AS (v. 3)
AMD64
httpd-2.0.46-32.ent.3.x86_64.rpm
httpd-devel-2.0.46-32.ent.3.x86_64.rpm
mod_ssl-2.0.46-32.ent.3.x86_64.rpm
SRPMS
httpd-2.0.46-32.ent.3.src.rpm
i386
httpd-2.0.46-32.ent.3.i386.rpm
httpd-devel-2.0.46-32.ent.3.i386.rpm
mod_ssl-2.0.46-32.ent.3.i386.rpm
ia64
httpd-2.0.46-32.ent.3.ia64.rpm
httpd-devel-2.0.46-32.ent.3.ia64.rpm
mod_ssl-2.0.46-32.ent.3.ia64.rpm
ppc
httpd-2.0.46-32.ent.3.ppc.rpm
httpd-devel-2.0.46-32.ent.3.ppc.rpm
mod_ssl-2.0.46-32.ent.3.ppc.rpm
s390
httpd-2.0.46-32.ent.3.s390.rpm
httpd-devel-2.0.46-32.ent.3.s390.rpm
mod_ssl-2.0.46-32.ent.3.s390.rpm
s390x
httpd-2.0.46-32.ent.3.s390x.rpm
httpd-devel-2.0.46-32.ent.3.s390x.rpm
mod_ssl-2.0.46-32.ent.3.s390x.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux ES (v. 3)
AMD64
httpd-2.0.46-32.ent.3.x86_64.rpm
httpd-devel-2.0.46-32.ent.3.x86_64.rpm
mod_ssl-2.0.46-32.ent.3.x86_64.rpm
SRPMS
httpd-2.0.46-32.ent.3.src.rpm
i386
httpd-2.0.46-32.ent.3.i386.rpm
httpd-devel-2.0.46-32.ent.3.i386.rpm
mod_ssl-2.0.46-32.ent.3.i386.rpm
ia64
httpd-2.0.46-32.ent.3.ia64.rpm
httpd-devel-2.0.46-32.ent.3.ia64.rpm
mod_ssl-2.0.46-32.ent.3.ia64.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux WS (v. 3)
AMD64
httpd-2.0.46-32.ent.3.x86_64.rpm
httpd-devel-2.0.46-32.ent.3.x86_64.rpm
mod_ssl-2.0.46-32.ent.3.x86_64.rpm
SRPMS
httpd-2.0.46-32.ent.3.src.rpm
i386
httpd-2.0.46-32.ent.3.i386.rpm
httpd-devel-2.0.46-32.ent.3.i386.rpm
mod_ssl-2.0.46-32.ent.3.i386.rpm
ia64
httpd-2.0.46-32.ent.3.ia64.rpm
httpd-devel-2.0.46-32.ent.3.ia64.rpm
mod_ssl-2.0.46-32.ent.3.ia64.rpm
https://rhn.redhat.com/

Debian Linux

Debian Linux 3.0
Source
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4.dsc
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4.diff.gz
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9.orig.tar.gz
Componentes independientes de arquitectura
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.9-2.4_all.deb
ARM
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_arm.deb
Intel IA-32
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_i386.deb
Intel IA-64
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_ia64.deb
HP Precision
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_hppa.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_m68k.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_mips.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_mipsel.deb
PowerPC
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_powerpc.deb
IBM S/390
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_s390.deb
Sun Sparc
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_sparc.deb

HP-UX B.11.04
Virtualvault A.04.70: instale los parches PHSS_30944 (actualización de Virtualvault 4.7 IWS) y PHSS_31058 (actualización de Virtualvault 4.7 OWS)
Virtualvault A.04.60: instale los parches PHSS_30946 (actualización de Virtualvault 4.6 IWS) y PHSS_31057 (actualización de Virtualvault 4.6 OWS)
Virtualvault A.04.50: instale los parches PHSS_30647 (actualización de Virtualvault 4.5 IWS) y PHSS_30648 (actualización de Virtualvault 4.5 OWS)
Webproxy A.02.10: instale el parche PHSS_30950 (actualización de Webproxy server 2.1)
Webproxy A.02.00: instale el parche PHSS_30949 (actualización de Webproxy server 2.0)
http://software.hp.com

Apple
Mac OS X Server 10.2.8
http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_2_8_Server).html
Mac OS X Server 10.3.4
http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_3_4_Server).html
Mac OS X Server 10.3.5
http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_3_5_Server).html

HP OpenVMS 7.2-2

CSWS 1.2 (Alpha)
CSWS 1.2 Update 8
http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html

CSWS 1.3 (Alpha)
CSWS 1.3 Update 6
http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html

CSWS 2.0 (Alpha)
CSWS 2.0 Update 1
http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html

CSWS_PHP 1.2 (Alpha)
CSWS_PHP 1.2 Update 1
http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html

Identificadores estándar

Propiedad Valor
CVE CAN-2004-0488
BID NULL

Recursos adicionales

Secunia Advisory SA11534
http://secunia.com/advisories/11534/

Mandrakesoft Security Advisories MDKSA-2004:055
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:055

Mandrakesoft Security Advisories MDKSA-2004:054
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:054

OpenBSD Security Advisories
http://www.openbsd.org/security.html

Red Hat Security Advisory RHSA-2004:245-14
https://rhn.redhat.com/errata/RHSA-2004-245.html

Red Hat Security Advisory RHSA-2004:342-10
https://rhn.redhat.com/errata/RHSA-2004-342.html

Debian Security Advisory DSA 532-1
http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00134.html

Debian Security Advisory DSA 532-2
http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00137.html

HP Security Advisory HPSBUX01064
http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01064

HP Security Advisory HPSBUX01068
http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01068

HP SECURITY BULLETIN HPSBOV01083
http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBOV01083

Apple Security Update 2004-09-07
http://docs.info.apple.com/article.html?artnum=61798

Histórico de versiones

Versión Comentario Fecha
1.0 Aviso emitido 2004-06-01
1.1 Avisos emitidos por Mandrake (MDKSA-2004:055 y MDKSA-2004:054) 2004-06-02
1.2 Aviso emitido por OpenBSD 2004-06-14
1.3 Aviso emitido por Red Hat (RHSA-2004:245-14) 2004-06-15
1.4 Publicado Apache 2.0.50 2004-07-02
1.5 Aviso emitido por Red Hat (RHSA-2004:342-10) 2004-07-06
1.6 Aviso emitido por Debian (DSA 532-1) 2004-07-23
1.7 Aviso actualizado por Debian (DSA 532-2) 2004-07-28
1.8 Avisos emitidos por HP (HPSBUX01064, HPSBUX01068) 2004-08-13
1.9 Aviso emitido por Apple (2004-09-07) 2004-09-08
1.10 Aviso emitido por HP (HPSBOV01083) 2004-10-14
Volver

Este sitio web utiliza cookies propias y de terceros para el correcto funcionamiento y visualización del sitio web por parte del usuario, así como la recogida de estadísticas. Si continúa navegando, consideramos que acepta su uso. Puede cambiar la configuración u obtener más información. Modificar configuración