From:	 Eridani Star System <linux@eridani.co.uk>
To:	 eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:012 - apache
Date:	 Fri, 5 Apr 2002 19:49:07 +0100 (BST)

=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	apache
Summary:	Security fix and version upgrade
Date:		2002-04-05
ID:		ERISA-2002:012

=========================================================================

Problem description:

  Versions of apache prior to 1.3.24 sometimes put invalid client
  hostnames in the log file. The impact of the log file vulnerability is
  that a remote attacker may deliberately exploit this issue to cause
  spoofed information to be logged by the webserver.

  (There was also a Win32-specific security hole which is fixed in the
  source for this version, and not an issue to any Linux build.)

-------------------------------------------------------------------------
Updated packages:

  064293233a4cffea7bceafc45444ee70  apache-1.3.24-1.src.rpm

  edb61ac6fccc6e9ac43eca0affc3c0e5  apache-1.3.24-1.i386.rpm
  20c2fc9e8cc6873d96928bef6871d526  apache-devel-1.3.24-1.i386.rpm
  1df15ba8da3dd36263650481caff3698  apache-manual-1.3.24-1.i386.rpm
  aa8df5631602b84fbf6db563b2d2d239  mod_ssl-2.8.8-1.i386.rpm

  These packages supercede the packages released for ERISA-2002:006
  (mod_ssl buffer overflow) and the older ones have been removed from the
  FTP server.

-------------------------------------------------------------------------
References:

  http://www.techhc.hwgn.net/modules.php?name=News&file=article&sid=62

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download   
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...

_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.