From: Eridani Star System <linux@eridani.co.uk>
To: eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:012 - apache
Date: Fri, 5 Apr 2002 19:49:07 +0100 (BST)
=========================================================================
ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================
Package: apache
Summary: Security fix and version upgrade
Date: 2002-04-05
ID: ERISA-2002:012
=========================================================================
Problem description:
Versions of apache prior to 1.3.24 sometimes put invalid client
hostnames in the log file. The impact of the log file vulnerability is
that a remote attacker may deliberately exploit this issue to cause
spoofed information to be logged by the webserver.
(There was also a Win32-specific security hole which is fixed in the
source for this version, and not an issue to any Linux build.)
-------------------------------------------------------------------------
Updated packages:
064293233a4cffea7bceafc45444ee70 apache-1.3.24-1.src.rpm
edb61ac6fccc6e9ac43eca0affc3c0e5 apache-1.3.24-1.i386.rpm
20c2fc9e8cc6873d96928bef6871d526 apache-devel-1.3.24-1.i386.rpm
1df15ba8da3dd36263650481caff3698 apache-manual-1.3.24-1.i386.rpm
aa8df5631602b84fbf6db563b2d2d239 mod_ssl-2.8.8-1.i386.rpm
These packages supercede the packages released for ERISA-2002:006
(mod_ssl buffer overflow) and the older ones have been removed from the
FTP server.
-------------------------------------------------------------------------
References:
http://www.techhc.hwgn.net/modules.php?name=News&file=article&sid=62
=========================================================================
Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/
Packages are signed with our GNU GPG key, also on our FTP site.
Users of releases of Eridani Linux prior to 6.3 are advised to download
the source RPM and rebuild for their system.
Copyright (C)2002 Eridani Star System
-- Michael "Soruk" McConnell http://www.eridani.co.uk
Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...
_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.