Slackware Advisory SSA:2004-154-01 mod_ssl

The remote host is missing an update as announced via advisory SSA:2004-154-01.
New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. The packages were upgraded to mod_ssl-2.8.18-1.3.31 fixing a buffer overflow that may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN, if mod_ssl is configured to trust the issuing CA. Web sites running mod_ssl should upgrade to the new set of apache and mod_ssl packages. There are new PHP packages as well to fix a Slackware-specific local denial-of-service issue (an additional Slackware advisory SSA:2004-154-02 has been issued for PHP). More details about the mod_ssl issue may be found in the Common Vulnerabilities and Exposures (CVE) database: