lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 20 Nov 2003 02:26:17 -0500
From: Rajiv Aaron Manglani <rajiv@...too.org>
To: bugtraq@...urityfocus.com
Subject: GLSA:  apache (200310-03)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- ---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200310-03
- ---------------------------------------------------------------------------

          PACKAGE : net-www/apache
          SUMMARY : buffer overflow
             DATE : Tue Oct 28 16:43:46 UTC 2003
          EXPLOIT : local
VERSIONS AFFECTED : <apache-1.3.29
    FIXED VERSION : >=apache-1.3.29
              CVE : CAN-2003-0542 (under review at time of GLSA)

- ---------------------------------------------------------------------------

Quote from <http://httpd.apache.org/dev/dist/Announcement>:

   This version of Apache is principally a bug and security fix release.
   A partial summary of the bug fixes is given at the end of this document.
   A full listing of changes can be found in the CHANGES file.  Of
   particular note is that 1.3.29 addresses and fixes 1 potential
   security issue:

     o CAN-2003-0542 (cve.mitre.org)
       Fix buffer overflows in mod_alias and mod_rewrite which occurred if
       one configured a regular expression with more than 9 captures.

   We consider Apache 1.3.29 to be the best version of Apache 1.3 available
   and we strongly recommend that users of older versions, especially of
   the 1.1.x and 1.2.x family, upgrade as soon as possible.  No further
   releases will be made in the 1.2.x family.


SOLUTION

It is recommended that all Gentoo Linux users who are running
net-misc/apache 1.x upgrade:

emerge sync
emerge -pv apache
emerge '>=net-www/apache-1.3.29'
emerge clean
/etc/init.d/apache restart


// end

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQE/vGZWnt0v0zAqOHYRAnnUAKCf7j5ZciPl2A/lfT2G6re9L0ZjugCfQGYk
RyV+5R/BFsdAzsMYZp9dT8A=
=ym4e
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists