===================================================================== CERT-Renater Note d'Information No. 2004/VULN467 _____________________________________________________________________ DATE : 03/11/2004 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running mod_ssl/apache2-mod_ssl. ====================================================================== _______________________________________________________________________ Mandrakelinux Security Update Advisory Package name: mod_ssl/apache2-mod_ssl Advisory ID: MDKSA-2004:122 Date: November 1st, 2004 Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Problem Description: A vulnerability in mod_ssl was discovered by Hartmut Keil. After a renegotiation, mod_ssl would fail to ensure that the requested cipher suite is actually negotiated. The provided packages have been patched to prevent this problem. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 429d438717b8bfdd0ac366da8f3e7e89 10.0/RPMS/apache2-2.0.48-6.7.100mdk.i586.rpm 6edd259a81c690a6a1299271a10de8ab 10.0/RPMS/apache2-common-2.0.48-6.7.100mdk.i586.rpm ddbbe0d19ccdcbcf7a4a4d823676faea 10.0/RPMS/apache2-devel-2.0.48-6.7.100mdk.i586.rpm 9a1425b21544ff9bd81dcc3386c81631 10.0/RPMS/apache2-manual-2.0.48-6.7.100mdk.i586.rpm 27cd57beaf5db175693d01366046691b 10.0/RPMS/apache2-mod_cache-2.0.48-6.7.100mdk.i586.rpm 6141d95d82f2c2f38838b72c3ac7806a 10.0/RPMS/apache2-mod_dav-2.0.48-6.7.100mdk.i586.rpm 48ac206a447c0c25fa9e617639474c77 10.0/RPMS/apache2-mod_deflate-2.0.48-6.7.100mdk.i586.rpm c6f94930e3b5055ad1073ee949110f57 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.7.100mdk.i586.rpm 56746abbceb15245aef8573bfa1b7a54 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.7.100mdk.i586.rpm 69bad52d4f96fccb86631a656f50f4eb 10.0/RPMS/apache2-mod_ldap-2.0.48-6.7.100mdk.i586.rpm e325fadb04ae542e22ae363ce496eb18 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.7.100mdk.i586.rpm 9d717c63ca90fd26cac4a3cf61cf269f 10.0/RPMS/apache2-mod_proxy-2.0.48-6.7.100mdk.i586.rpm d9f0228462bd4b7f041dbd94aae68125 10.0/RPMS/apache2-mod_ssl-2.0.48-6.7.100mdk.i586.rpm 7193c375c5dcccc1e51637ec318aea7e 10.0/RPMS/apache2-modules-2.0.48-6.7.100mdk.i586.rpm 38c0cb64d7c75e071c08832c7fd49c3a 10.0/RPMS/apache2-source-2.0.48-6.7.100mdk.i586.rpm 20194ed8af9f9a691b23732058a739b9 10.0/RPMS/libapr0-2.0.48-6.7.100mdk.i586.rpm e53dbfcd27032f209a1d60a7cd5b5cbf 10.0/RPMS/mod_ssl-2.8.16-1.3.100mdk.i586.rpm ea8e6ebb5defc2e6465356bccb9d6678 10.0/SRPMS/apache2-2.0.48-6.7.100mdk.src.rpm 8074914686563633c3948fd4143f7b09 10.0/SRPMS/mod_ssl-2.8.16-1.3.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 146b8d20ad0fec83efbf0a09a3a0dbe0 amd64/10.0/RPMS/apache2-2.0.48-6.7.100mdk.amd64.rpm 936e446e2416dddbb4b189e35aa72279 amd64/10.0/RPMS/apache2-common-2.0.48-6.7.100mdk.amd64.rpm b62c10d878316695bcd8cb6209a85224 amd64/10.0/RPMS/apache2-devel-2.0.48-6.7.100mdk.amd64.rpm 390b1b48fc06b57951521037835cd804 amd64/10.0/RPMS/apache2-manual-2.0.48-6.7.100mdk.amd64.rpm 7a5affc7e9672730518d1f53982d1db5 amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.7.100mdk.amd64.rpm 0e9243c8847f717e9f59954f23c571da amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.7.100mdk.amd64.rpm cc345abfdea330abda80f2bb85288cc9 amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.7.100mdk.amd64.rpm 2a22ea878c5741dd375ad394bc87f1f5 amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.7.100mdk.amd64.rpm babacc68efe1bc11a221013fc0910ba0 amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.7.100mdk.amd64.rpm 122f0049f13e32db6a499c1ba937cd31 amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.7.100mdk.amd64.rpm 4a92da61ce77dc5a28e6315068687537 amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.7.100mdk.amd64.rpm 78996c9106336896f83c3f882afa8640 amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.7.100mdk.amd64.rpm 4edb7510fa7225422933db88968890cd amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.7.100mdk.amd64.rpm b109c1ac9ca2f0fe66e42944b543ccaa amd64/10.0/RPMS/apache2-modules-2.0.48-6.7.100mdk.amd64.rpm 46169f035e89af16def0ad29b1c7b327 amd64/10.0/RPMS/apache2-source-2.0.48-6.7.100mdk.amd64.rpm c358fa7df7e0b50818e25f2f8f7866a2 amd64/10.0/RPMS/lib64apr0-2.0.48-6.7.100mdk.amd64.rpm 951ddb8c42310629b23d9eabb188c6b5 amd64/10.0/RPMS/mod_ssl-2.8.16-1.3.100mdk.amd64.rpm ea8e6ebb5defc2e6465356bccb9d6678 amd64/10.0/SRPMS/apache2-2.0.48-6.7.100mdk.src.rpm 8074914686563633c3948fd4143f7b09 amd64/10.0/SRPMS/mod_ssl-2.8.16-1.3.100mdk.src.rpm Mandrakelinux 10.1: e714fa9784281c66b72817bb5deecf6b 10.1/RPMS/apache2-2.0.50-7.1.101mdk.i586.rpm efcbecb46dabc550023ad708e5b5356d 10.1/RPMS/apache2-common-2.0.50-7.1.101mdk.i586.rpm dea9db9c1c01e0983faf48f07472e19f 10.1/RPMS/apache2-devel-2.0.50-7.1.101mdk.i586.rpm d9b7e5a6031fbf5267c2049248fef0c7 10.1/RPMS/apache2-manual-2.0.50-7.1.101mdk.i586.rpm 3f920325b94a6ebebca013340eb8e04a 10.1/RPMS/apache2-mod_cache-2.0.50-7.1.101mdk.i586.rpm 592da78980d07502c3624f796ae6fbe8 10.1/RPMS/apache2-mod_dav-2.0.50-7.1.101mdk.i586.rpm 5e98d536e68aeeec4478883c5cddd2c4 10.1/RPMS/apache2-mod_deflate-2.0.50-7.1.101mdk.i586.rpm ddf6aedfdd0e69201d96d370a75bcba5 10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.1.101mdk.i586.rpm 6d4607217579d55ba1b6e16c34b21531 10.1/RPMS/apache2-mod_file_cache-2.0.50-7.1.101mdk.i586.rpm 58edbcd2e6a6303596f61b6fceaf631e 10.1/RPMS/apache2-mod_ldap-2.0.50-7.1.101mdk.i586.rpm 84ce3ae0a05d5511195b675a52ee3d99 10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.1.101mdk.i586.rpm e98c611a98dae2a92591fec63979a363 10.1/RPMS/apache2-mod_proxy-2.0.50-7.1.101mdk.i586.rpm 66c51a72f1933c5146715dcf95c2a3c6 10.1/RPMS/apache2-mod_ssl-2.0.50-4.1.101mdk.i586.rpm df78cfe3bde7549a7e140baa297d0960 10.1/RPMS/apache2-modules-2.0.50-7.1.101mdk.i586.rpm 06161835b5ef8166608d446e1e5adbb9 10.1/RPMS/apache2-source-2.0.50-7.1.101mdk.i586.rpm 5efa55982a850f076b9b59716d32f0c4 10.1/RPMS/apache2-worker-2.0.50-7.1.101mdk.i586.rpm 5b57e055e2d7b527f1319ca8f9f1f634 10.1/RPMS/mod_ssl-2.8.19-1.1.101mdk.i586.rpm 1e7f77b7dfda5fffcadc105983f8d057 10.1/SRPMS/apache2-2.0.50-7.1.101mdk.src.rpm f570d037a621f96459b1277a751321f0 10.1/SRPMS/apache2-mod_ssl-2.0.50-4.1.101mdk.src.rpm 7d747fde6e998c9493280925420bab7d 10.1/SRPMS/mod_ssl-2.8.19-1.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: af7afd1cd53cb0f6f21e00dbb05af085 x86_64/10.1/RPMS/apache2-2.0.50-7.1.101mdk.x86_64.rpm bc53536922c2faa9a05186e2329c0051 x86_64/10.1/RPMS/apache2-common-2.0.50-7.1.101mdk.x86_64.rpm e7ab3c9911988c2c7c7d7907c61e82c3 x86_64/10.1/RPMS/apache2-devel-2.0.50-7.1.101mdk.x86_64.rpm 1d4a7e7283de77ff88b34c2f63e107de x86_64/10.1/RPMS/apache2-manual-2.0.50-7.1.101mdk.x86_64.rpm abe578e53cd5b8ef6455049469018300 x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.1.101mdk.x86_64.rpm 286510a60cdb51e587bb52a1a9fb1540 x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.1.101mdk.x86_64.rpm abf36d8698ff3380a7df6823655f6084 x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.1.101mdk.x86_64.rpm 87f875b72cb4c0781d4a5dba06d3ac1c x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.1.101mdk.x86_64.rpm 16ade85a7672e70db7e64fd22031dad9 x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.1.101mdk.x86_64.rpm 98fcd424d243b2e67caa9525c1ef2bbb x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.1.101mdk.x86_64.rpm a8b126818e61e244b264af9af4a0300c x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.1.101mdk.x86_64.rpm e0b056b71173248fe4dda59b8e369179 x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.1.101mdk.x86_64.rpm deb6381ca4d8b3f661e23189b3147c0b x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.1.101mdk.x86_64.rpm ee24aeecfa66282cfdddf36868289d66 x86_64/10.1/RPMS/apache2-modules-2.0.50-7.1.101mdk.x86_64.rpm 3787cc810380a875b017c5dd61dfa753 x86_64/10.1/RPMS/apache2-source-2.0.50-7.1.101mdk.x86_64.rpm 85d018473eccf002f3952aa373ad011b x86_64/10.1/RPMS/apache2-worker-2.0.50-7.1.101mdk.x86_64.rpm ec2086cc14f5d8dfe69d7d3997839dc3 x86_64/10.1/RPMS/mod_ssl-2.8.19-1.1.101mdk.x86_64.rpm 1e7f77b7dfda5fffcadc105983f8d057 x86_64/10.1/SRPMS/apache2-2.0.50-7.1.101mdk.src.rpm f570d037a621f96459b1277a751321f0 x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.1.101mdk.src.rpm 7d747fde6e998c9493280925420bab7d x86_64/10.1/SRPMS/mod_ssl-2.8.19-1.1.101mdk.src.rpm Corporate Server 2.1: bbb22f7a803e1e8576c01b1625b9fe59 corporate/2.1/RPMS/mod_ssl-2.8.10-5.5.C21mdk.i586.rpm 35924170ec84967c32030c56085ba4c9 corporate/2.1/SRPMS/mod_ssl-2.8.10-5.5.C21mdk.src.rpm Corporate Server 2.1/x86_64: 0fb53bcb355dcf8c3b0a6ef7f9b77c73 x86_64/corporate/2.1/RPMS/mod_ssl-2.8.10-5.5.C21mdk.x86_64.rpm 35924170ec84967c32030c56085ba4c9 x86_64/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.5.C21mdk.src.rpm Mandrakelinux 9.2: b312c6619e75753289727e7f54e99cd6 9.2/RPMS/apache2-2.0.47-6.10.92mdk.i586.rpm f06a2e2d1eb60941b2ff4d01d85318da 9.2/RPMS/apache2-common-2.0.47-6.10.92mdk.i586.rpm 51ea641f34b2f69942ad7721c03bcd5e 9.2/RPMS/apache2-devel-2.0.47-6.10.92mdk.i586.rpm d76190eb798cee44c4310ceae6b3bb4c 9.2/RPMS/apache2-manual-2.0.47-6.10.92mdk.i586.rpm fad309f79c12f0d596ad0fb00dcca2f1 9.2/RPMS/apache2-mod_cache-2.0.47-6.10.92mdk.i586.rpm 4785ab184520460d1a97c3655cd18d92 9.2/RPMS/apache2-mod_dav-2.0.47-6.10.92mdk.i586.rpm 29844a272f63fe05b339efba4fa56fbe 9.2/RPMS/apache2-mod_deflate-2.0.47-6.10.92mdk.i586.rpm 51f8fcede09e49a3d4d674368c900adc 9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.10.92mdk.i586.rpm ce9fab1d93818c2f14bca5202b215b53 9.2/RPMS/apache2-mod_file_cache-2.0.47-6.10.92mdk.i586.rpm 5c28f8dc9e753f8d11a6870e4ec0877a 9.2/RPMS/apache2-mod_ldap-2.0.47-6.10.92mdk.i586.rpm 87a1c68f6c5294343aeadf53737f7b90 9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.10.92mdk.i586.rpm 9f114f43426e496f63abb49e3697121c 9.2/RPMS/apache2-mod_proxy-2.0.47-6.10.92mdk.i586.rpm 900730bdc0e7c427c8566d3549a25854 9.2/RPMS/apache2-mod_ssl-2.0.47-6.10.92mdk.i586.rpm de5b05c49ad0e05d0894594014c1196a 9.2/RPMS/apache2-modules-2.0.47-6.10.92mdk.i586.rpm 45cc0029100e385f54474f0aa9e7223c 9.2/RPMS/apache2-source-2.0.47-6.10.92mdk.i586.rpm 4e1957d8592e62098ff4be7e2b1006c2 9.2/RPMS/libapr0-2.0.47-6.10.92mdk.i586.rpm 8fc7c6d3324a88309a6fd3dcc53f5495 9.2/RPMS/mod_ssl-2.8.15-1.3.92mdk.i586.rpm 9d7c85949ee82104c2e9aa3f8c7eeb5a 9.2/SRPMS/apache2-2.0.47-6.10.92mdk.src.rpm 1b1ca90dfaad56a8e9b72996e7326eee 9.2/SRPMS/mod_ssl-2.8.15-1.3.92mdk.src.rpm Mandrakelinux 9.2/AMD64: 543d639dacd77a9120ce5d18ab8182d6 amd64/9.2/RPMS/apache2-2.0.47-6.10.92mdk.amd64.rpm d0eafc19c3cfbdb8eead634b5af006e7 amd64/9.2/RPMS/apache2-common-2.0.47-6.10.92mdk.amd64.rpm ca61c7be7085ea9c27cb67e4406ce0be amd64/9.2/RPMS/apache2-devel-2.0.47-6.10.92mdk.amd64.rpm b986b2fc9d5ae3e3926c7fcf521866e4 amd64/9.2/RPMS/apache2-manual-2.0.47-6.10.92mdk.amd64.rpm d423e61363e56cd7557ce0a7bf4ff4f9 amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.10.92mdk.amd64.rpm cdfc95e2f7d1f62e8941a660a1890832 amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.10.92mdk.amd64.rpm 53ca615e3fd661236bc517e4fa34ecfc amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.10.92mdk.amd64.rpm f55acf23c9f4d390f416be8a1b056494 amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.10.92mdk.amd64.rpm e5f68ec4b8c51b1b505baad44601fd87 amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.10.92mdk.amd64.rpm e0ab7918f345fca17d9da8ac3f6b07bd amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.10.92mdk.amd64.rpm 999e91d7acc4203c577f6a6314231a9b amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.10.92mdk.amd64.rpm 8a0b12128fc41bfa487ba4587f075545 amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.10.92mdk.amd64.rpm 83724c0485d7fea735b8b7a7a64cb33d amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.10.92mdk.amd64.rpm 25fb5ebb5493ef1ba22bd66dc244999d amd64/9.2/RPMS/apache2-modules-2.0.47-6.10.92mdk.amd64.rpm 80baf78003f6a137704c3c3675d9292c amd64/9.2/RPMS/apache2-source-2.0.47-6.10.92mdk.amd64.rpm 6a58f3643d9406be341b797af29e509b amd64/9.2/RPMS/lib64apr0-2.0.47-6.10.92mdk.amd64.rpm c7fc3129993f2832d57004b80d614925 amd64/9.2/RPMS/mod_ssl-2.8.15-1.3.92mdk.amd64.rpm 9d7c85949ee82104c2e9aa3f8c7eeb5a amd64/9.2/SRPMS/apache2-2.0.47-6.10.92mdk.src.rpm 1b1ca90dfaad56a8e9b72996e7326eee amd64/9.2/SRPMS/mod_ssl-2.8.15-1.3.92mdk.src.rpm Multi Network Firewall 8.2: 5f789e741db0885e7d73fccd4022b387 mnf8.2/RPMS/mod_ssl-2.8.7-3.5.M82mdk.i586.rpm 5b471a15f2d5b9b70f85c561d75226f8 mnf8.2/SRPMS/mod_ssl-2.8.7-3.5.M82mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================