Debian Security Advisory DSA 532-2 (libapache-mod-ssl)

The remote host is missing an update to libapache-mod-ssl announced via advisory DSA 532-2.

Two vulnerabilities were discovered in libapache-mod-ssl: CVE-2004-0488 - Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. CVE-2004-0700 - Format string vulnerability in the ssl_log function in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS. This is a revision to DSA 531-1, due to a problem with a documentation symlink in the previous version of the i386 binary package. For the current stable distribution (woody), these problems have been fixed in version 2.8.9-2.4. For the unstable distribution (sid), CVE-2004-0488 was fixed in version 2.8.18, and CVE-2004-0700 will be fixed soon. We recommend that you update your libapache-mod-ssl package.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20532-2