• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness

Solution:
Conectiva has released advisory CLA-2003:698 to address this issue. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Trustix has released advisory 2003-0025 to address this issue.

Mandrake has released advisory MDKSA-2003:075 to address this issue. See referenced advisory for additional details.

Red Hat has released advisory RHSA-2003:240-01 to address this issue.

HP has released advisory HPSBUX0309-278 to address this issue.

Red Hat has released an updated advisory RHSA-2003:243-01 to address this issue.

Red Hat has released an updated advisory RHSA-2003:244-01 to address this issue.

SCO has released security advisory CSSA-2003-SCO.28 with fixes to address this issue in OpenServer 5.0.5 through 5.0.7.

Sun has released fixes for Sun Linux 5.0.7 and RaQ systems.

This issue is addressed with the release of Apache 2.0.47. Users are advised to upgrade.

SCO has released security advisory SCOSA-2004.6 with fixes to address this issue in UnixWare 7.1.3, Open UNIX 8.0.0 and UnixWare 7.1.1. Please see the advisory for more information.


Sun Cobalt Qube 3

• Sun Qube3-All-Security-4.0.1-16622.pkg
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16622.pkg

Sun Cobalt RaQ 4

• Sun RaQ4-All-Security-2.0.1-16622.pkg
  http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0. 1-16622.pkg

Sun Cobalt RaQ XTR

• Sun RaQXTR-All-Security-1.0.1-16622.pkg
  http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-16622.pkg

Apache Software Foundation Apache 2.0

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 2.0.28

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 2.0.32

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 2.0.35

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 2.0.36

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 2.0.37

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 2.0.38

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 2.0.39

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 2.0.40

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi


• Red Hat httpd-2.0.40-11.7.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/httpd-2.0.40-11.7.i386.rpm


• Red Hat httpd-2.0.40-21.5.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/httpd-2.0.40-21.5.i386.rpm


• Red Hat httpd-devel-2.0.40-11.7.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/httpd-devel-2.0.40-11.7.i386.r pm


• Red Hat httpd-devel-2.0.40-21.5.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/httpd-devel-2.0.40-21.5.i386.rpm


• Red Hat httpd-manual-2.0.40-11.7.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/httpd-manual-2.0.40-11.7.i386. rpm


• Red Hat httpd-manual-2.0.40-21.5.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/httpd-manual-2.0.40-21.5.i386.rp m


• Red Hat mod_ssl-2.0.40-11.7.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mod_ssl-2.0.40-11.7.i386.rpm


• Red Hat mod_ssl-2.0.40-21.5.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mod_ssl-2.0.40-21.5.i386.rpm

Apache Software Foundation Apache 2.0.41

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 2.0.42

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 2.0.43

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 2.0.44

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 2.0.45

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi


• Conectiva apache-2.0.45-28790U90_3cl.i386.rpm
  Conectiva Linux 9
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_3cl. i386.rpm


• Conectiva apache-2.0.45-28790U90_3cl.src.rpm
  Conectiva Linux 9
  ftp://atualizacoes.conectiva.com.br/9/SRPMS/apache-2.0.45-28790U90_3cl .src.rpm


• Conectiva apache-devel-2.0.45-28790U90_3cl.i386.rpm
  Conectiva Linux 9
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U9 0_3cl.i386.rpm


• Conectiva apache-doc-2.0.45-28790U90_3cl.i386.rpm
  Conectiva Linux 9
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_ 3cl.i386.rpm


• Conectiva apache-htpasswd-2.0.45-28790U90_3cl.i386.rpm
  Conectiva Linux 9
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-2879 0U90_3cl.i386.rpm


• Conectiva libapr-devel-2.0.45-28790U90_3cl.i386.rpm
  Conectiva Linux 9
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U9 0_3cl.i386.rpm


• Conectiva libapr-devel-static-2.0.45-28790U90_3cl.i386.rpm
  Conectiva Linux 9
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45- 28790U90_3cl.i386.rpm


• Conectiva libapr0-2.0.45-28790U90_3cl.i386.rpm
  Conectiva Linux 9
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_3cl .i386.rpm


• Conectiva mod_auth_ldap-2.0.45-28790U90_3cl.i386.rpm
  Conectiva Linux 9
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U 90_3cl.i386.rpm

Apache Software Foundation Apache 2.0.46

• Apache Software Foundation Apache httpd 2.0.47
  http://httpd.apache.org/download.cgi


• Trustix apache-2.0.47-2tr.i586.rpm
  ftp://ftp.trustix.net/pub/Trustix/updates/2.0/RPMS/apache-2.0.47-2tr.i 586.rpm


• Trustix apache-devel-2.0.47-2tr.i586.rpm
  ftp://ftp.trustix.net/pub/Trustix/updates/2.0/RPMS/apache-devel-2.0.47 -2tr.i586.rpm


• Trustix apache-manual-2.0.47-2tr.i586.rpm
  ftp://ftp.trustix.net/pub/Trustix/updates/2.0/RPMS/apache-manual-2.0.4 7-2tr.i586.rpm

Sun Linux 5.0.7

• Sun apache-1.3.27-2.7.2.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/apache-1.3.27-2.7.2.i386.rpm


• Sun apache-devel-1.3.27-2.7.2.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/apache-devel-1.3.27-2.7.2.i386.rpm


• Sun apache-manual-1.3.27-2.7.2.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/apache-manual-1.3.27-2.7.2.i386.rpm


• Sun mod_ssl-2.8.12-3.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/mod_ssl-2.8.12-3.i386.rpm

SCO Unixware 7.1.1

• SCO apache.pkg
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/

SCO Unixware 7.1.3

• SCO apache.pkg
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/

SCO Open UNIX 8.0

• SCO apache.pkg
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/