[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities



On Thu, 22 Jul 2004 20:29:33 -0700
Matt Zimmerman <mdz@debian.org> wrote:
> ---------------------------------------------------------------------
> Debian Security Advisory DSA 532-1                    
> security@debian.org http://www.debian.org/security/                   
>          Matt Zimmerman
> July 22nd, 2004                        
> http://www.debian.org/security/faq
> ---------------------------------------------------------------------
> 
> Package        : libapache-mod-ssl
> Vulnerability  : several
> Problem-Type   : remote
> Debian-specific: no
> CVE Ids        : CAN-2004-0488 CAN-2004-0700

> 
> For the current stable distribution (woody), these problems have been
> fixed in version 2.8.9-2.3.
...

> We recommend that you update your libapache-mod-ssl package.
...
>   ARM architecture:
>   Intel IA-32 architecture:
>   Intel IA-64 architecture:
>   HP Precision architecture: 
>   Motorola 680x0 architecture:
>   Big endian MIPS architecture:
>   Little endian MIPS architecture: 
>   PowerPC architecture:
>   IBM S/390 architecture:
>   Sun Sparc architecture:

As the advisory recommended, I 'apt-get upgrade'd my stable boxen, but 
I noticed that on my alpha server the only thing that was updated where
the docs. Indeed the advisory doesn't talk about a new version
for alpha. Is there a reason why or did it just slip through? If there
is a reason maybe it would be good to mention it explicitly in the
advisory the next time it happens. That way people now if their box is
or is not vulnerable.

grts Tim 



Reply to: