Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Slackware: 2005-251-02 Moderate: mod_ssl Configuration Issue Fix

slackware
Calendar Grey September 8, 2005
Scroller Slackware
Updated mod_ssl packages for Slackware released to address security vulnerabilities related to SSLVerifyClient settings.
New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue

Summary

Here are the details from the Slackware 10.1 ChangeLog: patches/packages/mod_ssl-2.8.24_1.3.33-i486-1.tgz: Upgraded to mod_ssl-2.8.24-1.3.33. From the CHANGES file: Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require" was not enforced in per-location context if "SSLVerifyClient optional" was configured in the global virtual host configuration. For more information, see: https://www.cve.org/CVERecord?id=CAN-2005-2700 (* Security fix *)

Where Find New Packages

Updated package for Slackware 8.1:
Updated package for Slackware 9.0:
Updated package for Slackware 9.1:
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware -current:

MD5 Signatures

Slackware 8.1 package: 469f8428c07cd2e737e5937ec15d5493 mod_ssl-2.8.24_1.3.33-i386-1.tgz
Slackware 9.0 package: 3aec2d3362e320655801d3c96b6e0a65 mod_ssl-2.8.24_1.3.33-i386-1.tgz
Slackware 9.1 package: d6e3e52c94a07720804f11a8b6ae637f mod_ssl-2.8.24_1.3.33-i486-1.tgz
Slackware 10.0 package: cc304adec35e4fe0aa998dfb4033c480 mod_ssl-2.8.24_1.3.33-i486-1.tgz
Slackware 10.1 package: 4c2da461e7fec6fac6a392b18ca67717 mod_ssl-2.8.24_1.3.33-i486-1.tgz
Slackware -current package: 588e2f479a46fcb149b964d4fc747a78 mod_ssl-2.8.24_1.3.33-i486-1.tgz

Severity
important
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: First, stop apache: # apachectl stop The upgrade will should save the important config files for mod_ssl, nevertheless it's a good idea to backup any keys/certificates you wish to save for mod_ssl (in /etc/apache/ssl.*), then upgrade mod_ssl: # upgradepkg mod_ssl-2.8.24_1.3.33-i486-1.tgz If necessary, restore any mod_ssl config files. Finally, restart apache: # apachectl startssl