[WBEL-users] Does it affect us?
Orlando Rubino Gala
rubino@uo.edu.cu
Thu, 15 Jan 2004 10:18:48 -0500
Does it affect us?
Updated httpd packages fix minor Apache security vulnerabilities
Advisory:RHSA-2004:015-04
Last updated on:2004-01-14
Affected Products:Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org):CAN-2003-0542
back
Security Advisory
Details:
Updated httpd packages that fix two minor security issues in the Apache Web
server are now available for Red Hat Enterprise Linux 3.
The Apache HTTP Server is a powerful, full-featured, efficient, and
freely-available Web server.
An issue in the handling of regular expressions from configuration files
was discovered in releases of the Apache HTTP Server version 2.0 prior to
2.0.48. To exploit this issue an attacker would need to have the ability
to write to Apache configuration files such as .htaccess or httpd.conf. A
carefully-crafted configuration file can cause an exploitable buffer
overflow and would allow the attacker to execute arbitrary code in the
context of the server (in default configurations as the 'apache' user).
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0542 to this issue.
Users of the Apache HTTP Server should upgrade to these erratum packages,
which contain backported patches correcting these issues, and are applied
to Apache version 2.0.46. This update also includes fixes for a number of
minor bugs found in this version of the Apache HTTP Server.
Updated packages:
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
httpd-2.0.46-26.ent.src.rpm 58117555f11e34a08a4da76e04fb9e46
i386:
httpd-2.0.46-26.ent.i386.rpm 03628d122fd11afcdd4c45fcdf3c1166
httpd-devel-2.0.46-26.ent.i386.rpm 30d27b4ced5e4a7c18d84eba8db8319c
mod_ssl-2.0.46-26.ent.i386.rpm c9a7cef9d3c104cd65042ffba72a99d9
ia64:
httpd-2.0.46-26.ent.ia64.rpm 56676b41b4dc3e0cd16cbbe61ea2e764
httpd-devel-2.0.46-26.ent.ia64.rpm 5c688139dd9bd30b3d27eabcda5298fa
mod_ssl-2.0.46-26.ent.ia64.rpm 85379ceb78fdf24532dfe09594f027c8
ppc:
httpd-2.0.46-26.ent.ppc.rpm cb55c3a60c659b8bf3052629342dc056
httpd-devel-2.0.46-26.ent.ppc.rpm 594a5b47138248571b48921738492d68
mod_ssl-2.0.46-26.ent.ppc.rpm 730f9d9f2fdd082b18d281914dab20d0
s390:
httpd-2.0.46-26.ent.s390.rpm d09b4524eb58a15d47568e302d01460e
httpd-devel-2.0.46-26.ent.s390.rpm 9b1b76f2ab8565cbb876edadc11872c4
mod_ssl-2.0.46-26.ent.s390.rpm d2a32872cd55c0e242e84eb0a3eb5241
s390x:
httpd-2.0.46-26.ent.s390x.rpm 6e43b0078c515edda6d76c26f445c98d
httpd-devel-2.0.46-26.ent.s390x.rpm 58c6f61f03daa3b24fac69eae00bfd56
mod_ssl-2.0.46-26.ent.s390x.rpm e6686821bf3445b67c65f602e8cefad6
x86_64:
httpd-2.0.46-26.ent.x86_64.rpm 2e4ec3fb5654616f77f9b807b78c86b9
httpd-devel-2.0.46-26.ent.x86_64.rpm a8a293ccaa54869110d81c12d611af2a
mod_ssl-2.0.46-26.ent.x86_64.rpm fc07840c5cd826bcb16e7fa9c8aea687
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
httpd-2.0.46-26.ent.src.rpm 58117555f11e34a08a4da76e04fb9e46
i386:
httpd-2.0.46-26.ent.i386.rpm 03628d122fd11afcdd4c45fcdf3c1166
httpd-devel-2.0.46-26.ent.i386.rpm 30d27b4ced5e4a7c18d84eba8db8319c
mod_ssl-2.0.46-26.ent.i386.rpm c9a7cef9d3c104cd65042ffba72a99d9
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
httpd-2.0.46-26.ent.src.rpm 58117555f11e34a08a4da76e04fb9e46
i386:
httpd-2.0.46-26.ent.i386.rpm 03628d122fd11afcdd4c45fcdf3c1166
httpd-devel-2.0.46-26.ent.i386.rpm 30d27b4ced5e4a7c18d84eba8db8319c
mod_ssl-2.0.46-26.ent.i386.rpm c9a7cef9d3c104cd65042ffba72a99d9
ia64:
httpd-2.0.46-26.ent.ia64.rpm 56676b41b4dc3e0cd16cbbe61ea2e764
httpd-devel-2.0.46-26.ent.ia64.rpm 5c688139dd9bd30b3d27eabcda5298fa
mod_ssl-2.0.46-26.ent.ia64.rpm 85379ceb78fdf24532dfe09594f027c8
x86_64:
httpd-2.0.46-26.ent.x86_64.rpm 2e4ec3fb5654616f77f9b807b78c86b9
httpd-devel-2.0.46-26.ent.x86_64.rpm a8a293ccaa54869110d81c12d611af2a
mod_ssl-2.0.46-26.ent.x86_64.rpm fc07840c5cd826bcb16e7fa9c8aea687
--
___________________________________
Orlando Rubino Gala
Administración UONet
Email = rubino@uo.edu.cu
Phone = 643928
____________________________________