[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040923142117.GA4208@tsunami.trustix.net>
Date: Thu, 23 Sep 2004 16:21:17 +0200
From: Trustix Security Advisor <tsl@...stix.org>
To: bugtraq@...urityfocus.com
Subject: TSLSA-2004-0049 - apache
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0049
Package name: apache
Summary: authentication bypass
Date: 2004-09-23
Affected versions: Trustix Secure Linux 2.0
Trustix Secure Linux 2.1
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
Apache is a full featured web server that is freely available, and also
happens to be the most widely used.
Problem description:
An error with the merging of the Satisfy directive in apache 2.0.51 could
allow protected pages to be viewed without requiring authentication.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0811 to this issue.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.0/> and
<URI:http://www.trustix.org/errata/trustix-2.1/>
or directly at
<URI:http://www.trustix.org/errata/2004/0049/>
MD5sums of the packages:
- --------------------------------------------------------------------------
392f114b84556c4cbaeb5beda3020fc4 2.0/rpms/apache-2.0.51-0.2tr.i586.rpm
f1e7c48e8a2f478579f74e4592d9cb12 2.0/rpms/apache-devel-2.0.51-0.2tr.i586.rpm
4877783d9c9bd4ee8950a2062dd896dc 2.0/rpms/apache-manual-2.0.51-0.2tr.i586.rpm
71ec09e634bfe5e384e480775b52c60e 2.1/rpms/apache-2.0.51-2tr.i586.rpm
4eba9c306a8199dd5db61a7965763feb 2.1/rpms/apache-dbm-2.0.51-2tr.i586.rpm
8fb2b4c69ec7b5a748e6b65b3c74c81a 2.1/rpms/apache-devel-2.0.51-2tr.i586.rpm
5367c5b99520b10af9362b4fb97ec90f 2.1/rpms/apache-manual-2.0.51-2tr.i586.rpm
d11c89fe15f044bc0a01d62b6866401c e-2/apache-2.0.51-2tr.i586.rpm
94455cc43cbb38f98d23c2a1a97ec2a7 e-2/apache-dbm-2.0.51-2tr.i586.rpm
34adefed998ef4be116f46366889de0e e-2/apache-devel-2.0.51-2tr.i586.rpm
8ca73789cde55011eb89bab7b5100709 e-2/apache-manual-2.0.51-2tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFBUtnEi8CEzsK9IksRAvdXAKC0lcZ2BaKcGnS/eibd3KF4LJ0USwCffc8M
HW/K9gowB9NPRhsCyHiTbIk=
=yQ9B
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists