[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.044-modssl.txt

Fri, 15 Oct 2004 08:39:47 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   15-Oct-2004 17:39:54
  Branch: HEAD                             Handle: 2004101516395300

  Modified files:
    openpkg-web/security    OpenPKG-SA-2004.044-modssl.txt

  Log:
    apply michael's feedback

  Summary:
    Revision    Changes     Path
    1.2         +8  -8      openpkg-web/security/OpenPKG-SA-2004.044-modssl.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2004.044-modssl.txt
  ============================================================================
  $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2004.044-modssl.txt
  --- openpkg-web/security/OpenPKG-SA-2004.044-modssl.txt       15 Oct 2004 14:42:25 
-0000      1.1
  +++ openpkg-web/security/OpenPKG-SA-2004.044-modssl.txt       15 Oct 2004 15:39:53 
-0000      1.2
  @@ -6,7 +6,7 @@
   OpenPKG-SA-2004.044                                          15-Oct-2003
   ________________________________________________________________________
   
  -Package:             apache (option "with_mod_ssl" only)
  +Package:             apache (option "with_mod_ssl yes" only)
   Vulnerability:       information disclosure
   OpenPKG Specific:    no
   
  @@ -19,14 +19,14 @@
   
   Description:
     Hartmut Keil discovered [0] an information disclosure vulnerability
  -  in mod_ssl [1], the SSL/TLS module of the Apache [2] webserver. After a
  -  renegotiation mod_ssl failed to ensure that the requested cipher suite
  -  has been actually negotiated. Hence, in some configurations a client
  -  may be able to retrieve content using a cipher suite the administrator
  -  does not consider strong enough. The Common Vulnerabilities and
  -  Exposures (CVE) project assigned the id CAN-2004-0885 [3] to the
  +  in mod_ssl [1], the SSL/TLS module of the Apache [2] webserver. After
  +  a renegotiation, affected versions of mod_ssl fail to ensure that the
  +  requested cipher suite is actually negotiated. In some configurations
  +  a client may be able to retrieve content using a cipher suite the
  +  server does not consider strong enough. The Common Vulnerabilities
  +  and Exposures (CVE) project assigned the id CAN-2004-0885 [3] to the
     problem.
  -  
  +
     Please check whether you are affected by running "<prefix>/bin/rpm -q
     apache" and "<prefix>/bin/rpm -qi apache | grep with_mod_ssl". If you
     have the "apache" package with option "with_mod_ssl" installed and its
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to