1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - -------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-002 |
6 |
- - -------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE : apache |
9 |
SUMMARY : shared memory scoreboard vulnerabilities |
10 |
EXPLOIT : local |
11 |
DATE : 2002-10-15 08:25 UTC |
12 |
|
13 |
- - -------------------------------------------------------------------- |
14 |
|
15 |
Apache HTTP Server contains a vulnerability in its shared memory |
16 |
scoreboard. Attackers who can execute commands under the Apache |
17 |
UID can either send a (SIGUSR1) signal to any process as root, in |
18 |
most cases killing the process, or launch a local denial of service (DoS) |
19 |
attack. |
20 |
|
21 |
Read the full advisory at |
22 |
http://www.idefense.com/advisory/10.03.02.txt |
23 |
|
24 |
SOLUTION |
25 |
|
26 |
It is recommended that all Gentoo Linux users who are running |
27 |
net-www/apache-1.3.26-r4 and earlier update their systems |
28 |
as follows: |
29 |
|
30 |
emerge rsync |
31 |
emerge apache |
32 |
emerge clean |
33 |
|
34 |
- - -------------------------------------------------------------------- |
35 |
aliz@g.o - GnuPG key is available at www.gentoo.org/~aliz |
36 |
- - -------------------------------------------------------------------- |
37 |
-----BEGIN PGP SIGNATURE----- |
38 |
Version: GnuPG v1.0.7 (GNU/Linux) |
39 |
|
40 |
iD8DBQE9q9EifT7nyhUpoZMRAvMAAKC5uldCFmTfBWUELQUjdPUB63IX4ACeOIZi |
41 |
kXGG6Si1xe2JA+hdpT/TRSo= |
42 |
=Hawy |
43 |
-----END PGP SIGNATURE----- |
44 |
_______________________________________________ |
45 |
gentoo-announce mailing list |
46 |
gentoo-announce@g.o |
47 |
http://lists.gentoo.org/mailman/listinfo/gentoo-announce |