Date: Thu, 2 Nov 2000 18:19:08 -0700 From: Kurt Seifried <seifried@SECURITYPORTAL.COM> Subject: LSLID:2000110208 - Kondara - Apache To: LINUX-SECURITY@LISTSERV.SECURITYPORTAL.COM LSLID:2000110208 apache(2000/10/28) Description The "apache" packages included in Kondara MNU/Linux 1.2 has a serious bug which may allow attackers to view files on the server which should be inaccessible by module "mod_rewrite". You should update the following software packages. RPMS/SRPMS ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/security/alpha/apa che-1.3.14-0k.alpha.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/security/alpha/apa che-devel-1.3.14-0k.alpha.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/security/alpha/apa che-manual-1.3.14-0k.alpha.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/security/i586/apac he-1.3.14-0k.i586.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/security/i586/apac he-devel-1.3.14-0k.i586.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/security/i586/apac he-manual-1.3.14-0k.i586.rpm ftp://ftp.jaist.ac.jp/os/linux/kondara/Kondara-1.2/errata/security/SRPMS/SRPMS/a pache-1.3.14-0k.nosrc.rpm