Gentoo Archives: gentoo-announce

From: Seemant Kulleen <seemant@g.o>
To: gentoo-announce@g.o, lwn@×××.net
Subject: [gentoo-announce] GLSA: Apache
Date: Wed, 19 Jun 2002 17:31:35
Message-Id: 20020619153134.62c37891.seemant@gentoo.org
1 - -----------------------------------------------------------------------
2 GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
3 - -----------------------------------------------------------------------
4 PACKAGE : Apache
5 SUMMARY : security vulnerability in apache
6 DATE : Wed Jun 19 18:55:49 UTC 2002
7 - -----------------------------------------------------------------------
8
9 OVERVIEW
10
11 An exploit in the handling of 'Chunked Encoding' can lead to DoS or
12 possibly execution of arbitrary code. Functionality is enabled by default.
13
14 DETAIL
15
16 Most cases are caught as invalid requests and simply consume child
17 processes. Only outcome is DoS (by child throttling) in those cases.
18
19 http://httpd.apache.org/info/security_bulletin_20020617.txt
20
21 SOLUTION
22
23 It is recommended that all Gentoo Linux users who are running apache
24 update their systems as follows.
25
26 emerge --clean rsync
27 emerge apache
28 emerge clean
29
30 - ------------------------------------------------------------------------
31 carpaski@g.o
32 seemant@g.o
33 drobbins@g.o
34 - ------------------------------------------------------------------------