OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 15-Oct-2004 17:39:54 Branch: HEAD Handle: 2004101516395300 Modified files: openpkg-web/security OpenPKG-SA-2004.044-modssl.txt Log: apply michael's feedback Summary: Revision Changes Path 1.2 +8 -8 openpkg-web/security/OpenPKG-SA-2004.044-modssl.txt ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2004.044-modssl.txt ============================================================================ $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2004.044-modssl.txt --- openpkg-web/security/OpenPKG-SA-2004.044-modssl.txt 15 Oct 2004 14:42:25 -0000 1.1 +++ openpkg-web/security/OpenPKG-SA-2004.044-modssl.txt 15 Oct 2004 15:39:53 -0000 1.2 @@ -6,7 +6,7 @@ OpenPKG-SA-2004.044 15-Oct-2003 ________________________________________________________________________ -Package: apache (option "with_mod_ssl" only) +Package: apache (option "with_mod_ssl yes" only) Vulnerability: information disclosure OpenPKG Specific: no @@ -19,14 +19,14 @@ Description: Hartmut Keil discovered [0] an information disclosure vulnerability - in mod_ssl [1], the SSL/TLS module of the Apache [2] webserver. After a - renegotiation mod_ssl failed to ensure that the requested cipher suite - has been actually negotiated. Hence, in some configurations a client - may be able to retrieve content using a cipher suite the administrator - does not consider strong enough. The Common Vulnerabilities and - Exposures (CVE) project assigned the id CAN-2004-0885 [3] to the + in mod_ssl [1], the SSL/TLS module of the Apache [2] webserver. After + a renegotiation, affected versions of mod_ssl fail to ensure that the + requested cipher suite is actually negotiated. In some configurations + a client may be able to retrieve content using a cipher suite the + server does not consider strong enough. The Common Vulnerabilities + and Exposures (CVE) project assigned the id CAN-2004-0885 [3] to the problem. - + Please check whether you are affected by running "<prefix>/bin/rpm -q apache" and "<prefix>/bin/rpm -qi apache | grep with_mod_ssl". If you have the "apache" package with option "with_mod_ssl" installed and its @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]