1 |
- ----------------------------------------------------------------------- |
2 |
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT |
3 |
- ----------------------------------------------------------------------- |
4 |
PACKAGE : Apache |
5 |
SUMMARY : security vulnerability in apache |
6 |
DATE : Wed Jun 19 18:55:49 UTC 2002 |
7 |
- ----------------------------------------------------------------------- |
8 |
|
9 |
OVERVIEW |
10 |
|
11 |
An exploit in the handling of 'Chunked Encoding' can lead to DoS or |
12 |
possibly execution of arbitrary code. Functionality is enabled by default. |
13 |
|
14 |
DETAIL |
15 |
|
16 |
Most cases are caught as invalid requests and simply consume child |
17 |
processes. Only outcome is DoS (by child throttling) in those cases. |
18 |
|
19 |
http://httpd.apache.org/info/security_bulletin_20020617.txt |
20 |
|
21 |
SOLUTION |
22 |
|
23 |
It is recommended that all Gentoo Linux users who are running apache |
24 |
update their systems as follows. |
25 |
|
26 |
emerge --clean rsync |
27 |
emerge apache |
28 |
emerge clean |
29 |
|
30 |
- ------------------------------------------------------------------------ |
31 |
carpaski@g.o |
32 |
seemant@g.o |
33 |
drobbins@g.o |
34 |
- ------------------------------------------------------------------------ |