1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
- --------------------------------------------------------------------------- |
6 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200310-04 |
7 |
- --------------------------------------------------------------------------- |
8 |
|
9 |
PACKAGE : net-www/apache |
10 |
SUMMARY : buffer overflow |
11 |
DATE : Fri Oct 31 07:59:00 UTC 2003 |
12 |
EXPLOIT : local |
13 |
VERSIONS AFFECTED : <apache-2.0.48 |
14 |
FIXED VERSION : >=apache-2.0.48 |
15 |
GENTOO BUG : http://bugs.gentoo.org/show_bug.cgi?id=32271 |
16 |
CVE : CAN-2003-0789 CAN-2003-0542 |
17 |
|
18 |
- --------------------------------------------------------------------------- |
19 |
|
20 |
Quote from <http://www.apache.org/dist/httpd/Announcement2.html>: |
21 |
|
22 |
This version of Apache is principally a bug fix release. A summary of |
23 |
the bug fixes is given at the end of this document. Of particular note |
24 |
is that 2.0.48 addresses two security vulnerabilities: |
25 |
|
26 |
mod_cgid mishandling of CGI redirect paths could result in CGI output |
27 |
going to the wrong client when a threaded MPM is used. |
28 |
[CAN-2003-0789] |
29 |
|
30 |
A buffer overflow could occur in mod_alias and mod_rewrite when a |
31 |
regular expression with more than 9 captures is configured. |
32 |
[CAN-2003-0542] |
33 |
|
34 |
This release is compatible with modules compiled for 2.0.42 and later |
35 |
versions. We consider this release to be the best version of Apache |
36 |
available and encourage users of all prior versions to upgrade. |
37 |
|
38 |
|
39 |
SOLUTION |
40 |
|
41 |
It is recommended that all Gentoo Linux users who are running |
42 |
net-misc/apache 2.x upgrade: |
43 |
|
44 |
emerge sync |
45 |
emerge '>=net-www/apache-2.0.48' |
46 |
emerge clean |
47 |
|
48 |
Please remember to update your config files in /etc/apache2 |
49 |
as --datadir has been changed to /var/www/localhost. |
50 |
|
51 |
Note that a forthcoming GLSA-200310-03 will address similar issues |
52 |
in Apache 1.x. |
53 |
|
54 |
|
55 |
// end |
56 |
|
57 |
-----BEGIN PGP SIGNATURE----- |
58 |
Version: GnuPG v1.2.3 (Darwin) |
59 |
|
60 |
iD8DBQE/ohjbnt0v0zAqOHYRAlmaAJ0cLO512mWAXfUP5I/2HZGx0FI3dgCgmPlv |
61 |
KSJYnPXDC4WjlleSR+mo2Go= |
62 |
=oy6h |
63 |
-----END PGP SIGNATURE----- |