Security Update 2002-08-02 for OpenSSL, Sun RPC, mod_ssl

Product Security product-security at
Tue Dec 10 11:45:29 PST 2019

List-Post: <mailto:security-announce at>
List-Help: <mailto:security-announce-request at>
	<mailto:security-announce-request at>
List-Archive: <>
Date: Fri, 2 Aug 2002 15:45:34 -0700

*** Status:   Bad Signature
*** Alert:    Signature did not verify. Message has been altered.
*** Signer:   Apple Product Security <product-security at> (0x44E85F68)
*** Signed:   08/02/2002 11:44:10 PM
*** Verified: 08/03/2002 08:34:01 AM
Security Update 2002-08-02 is now available.  It contains fixes for
vulnerabilities in:

    OpenSSL:  Fixes security vulnerabilities CAN-2002-0656,
       CAN-2002-0655, and CAN-2002-0659.  Details are available via:

    mod_ssl:  Fixes CAN-2002-0653, an off-by-one buffer overflow in the
       mod_ssl Apache module.  Details are available via:

    Sun RPC:  Fixes CAN-2002-039, a buffer overflow in the Sun RPC XDR
       Details are available via:

Affected systems:  Mac OS X client and Mac OS X Server

Note:  Mac OS X client is configured by default to have these services
off, and is only vulnerable if the user has enabled network services
which rely
on the affected components.  It is still recommended for Mac OS X
client users
to apply this security update to their system.

System requirements:  Mac OS X 10.1.5

Security Update 2002-08-02 may be obtained from:

   * Software Update pane in System Preferences

   * Apple's Software Downloads web site:

       SSL server:

To help verify the integrity of Security Update 2002-08-02 from the
Software Downloads web site:

    The download file is titled:  SecurityUpd2002-08-02.dmg
    Its SHA-1 digest is:  54f6eebe0398181db8f1129403bc5e184e3b7367

Information will also be posted to the Apple Product Security web site:

This message is signed with Apple's Product Security PGP key, and
details are available at:
security-announce mailing list | security-announce at
Do not post admin requests to the list. They will be ignored.

mac_crypto mailing list
mac_crypto at

--- end forwarded text

R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list