From: tsl@trustix.com (Trustix Secure Linux Advisor) To: tsl-announce@trustix.org Subject: TSL-2002-0038 - apache Date: Fri, 1 Mar 2002 18:30:47 +0100 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Bugfix Advisory #2002-0038 Package name: apache Summary: chkconfig fix Date: 2002-03-01 Affected versions: TSL 1.5 - -------------------------------------------------------------------------- Problem description: The httpd init script in the apache-1.3.23-1tr contained a faulty chkconfig line which caused the apache web server to be started on bootup. We consider this to be an unnessecary security risk, and users that do not need to run the apache web server should disable it. This can be done with the following procedure: Run '/sbin/chkconfig httpd off', which will cause the apache webserver not to be started on bootup. Also one need to run '/etc/init.d/httpd stop', to actually stop the web server. We apologize for the inconvenience. Action: We recommend that all systems with this package installed are upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/> <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/> <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.5/> or directly at <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0038-apache.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- 4997f28fe6b4007fd686e7b1025d5ada ./1.5/SRPMS/apache-1.3.23-2tr.src.rpm 731528eb08d8c39b9f1234e9d4994c72 ./1.5/RPMS/apache-devel-1.3.23-2tr.i586.rpm bd138addf9964210ea4b8f095d33964e ./1.5/RPMS/apache-1.3.23-2tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8f6/SwRTcg4BxxS0RAqvSAJ0dr4mXTl7CUJP6leKWcXAjoHZPHwCfTnTM mfMACIllweJPeDCAa3UILN4= =mqTh -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@trustix.org http://www.trustix.org/mailman/listinfo.cgi/tsl-announce