aru Posted July 21, 2003 Report Share Posted July 21, 2003 MandrakeSoft Security Advisory MDKSA-2003:075 : apache2 July 21st, 2003 Updated apache2 packages fix multiple vulnerabilities Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes: Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the new one (CAN-2003-0192). Certain errors returned by accept() on rarely accessed ports could cause temporary Denial of Service due to a bug in the prefork MPM (CAN-2003-0253). Denial of Service was caused when target host is IPv6 but FTP proxy server can't create IPv6 socket (CAN-2003-0254). The server would crash when going into an infinite loop due to too many subsequent internal redirects and nested subrequests (VU#379828). The Apache Software Foundation thanks Saheed Akhtar and Yoshioka Tsuneo for responsibly reporting these issues. To upgrade these apache packages, first stop Apache by issuing, as root: service httpd stop After the upgrade, restart Apache with: service httpd start The released versions of Mandrake GNU/Linux affected are: Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:075 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0192 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0253 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0254 http://www.kb.cert.org/vuls/id/379828 http://marc.theaimsgroup.com/?l=bugtraq&m=...105259038503175 Posted automatically by aru (mdksec2mub v0.0.6) Link to comment Share on other sites More sharing options...
Recommended Posts