-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- ---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200310-04
- ---------------------------------------------------------------------------

          PACKAGE : net-www/apache
          SUMMARY : buffer overflow
             DATE : Fri Oct 31 07:59:00 UTC 2003
          EXPLOIT : local
VERSIONS AFFECTED : =apache-2.0.48
       GENTOO BUG :  32271 – New ebuild needed for apache-2.0.48 which has 2 security fixes
              CVE : CAN-2003-0789 CAN-2003-0542

- ---------------------------------------------------------------------------

Quote from  < >:

    This version of Apache is principally a bug fix release. A summary of
    the bug fixes is given at the end of this document. Of particular note
    is that 2.0.48 addresses two security vulnerabilities:

    mod_cgid mishandling of CGI redirect paths could result in CGI output
    going to the wrong client when a threaded MPM is used.
    [CAN-2003-0789]
    
    A buffer overflow could occur in mod_alias and mod_rewrite when a
    regular expression with more than 9 captures is configured.
    [CAN-2003-0542]
    
    This release is compatible with modules compiled for 2.0.42 and later
    versions. We consider this release to be the best version of Apache
    available and encourage users of all prior versions to upgrade.


SOLUTION

It is recommended that all Gentoo Linux users who are running
net-misc/apache 2.x upgrade:

emerge sync
emerge '>=net-www/apache-2.0.48'
emerge clean

Please remember to update your config files in /etc/apache2
as --datadir has been changed to /var/www/localhost.

Note that a forthcoming GLSA-200310-03 will address similar issues
in Apache 1.x.


// end

Gentoo: net-www/apache Buffer overflow vulnerability

A buffer overflow could occur in mod_alias and mod_rewrite when a regular expression with more than 9 captures is configured.

Summary


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200310-04
- ---------------------------------------------------------------------------

       GENTOO BUG :  32271 – New ebuild needed for apache-2.0.48 which has 2 security fixes

- ---------------------------------------------------------------------------

Quote from  < >:

    This version of Apache is principally a bug fix release. A summary of
    the bug fixes is given at the end of this document. Of particular note
    is that 2.0.48 addresses two security vulnerabilities:

    mod_cgid mishandling of CGI redirect paths could result in CGI output
    going to the wrong client when a threaded MPM is used.
    [CAN-2003-0789]

    A buffer overflow could occur in mod_alias and mod_rewrite when a
    regular expression with more than 9 captures is configured.
    [CAN-2003-0542]

    This release is compatible with modules compiled for 2.0.42 and later
    versions. We consider this release to be the best version of Apache
    available and encourage users of all prior versions to upgrade.


SOLUTION

It is recommended that all Gentoo Linux users who are running
net-misc/apache 2.x upgrade:

emerge sync
emerge '>=net-www/apache-2.0.48'
emerge clean

Please remember to update your config files in /etc/apache2
as --datadir has been changed to /var/www/localhost.

Note that a forthcoming GLSA-200310-03 will address similar issues
in Apache 1.x.


// end



Resolution

References

Availability

Concerns

Severity
PACKAGE : net-www/apache
SUMMARY : buffer overflow
DATE : Fri Oct 31 07:59:00 UTC 2003
EXPLOIT : local
VERSIONS AFFECTED : =apache-2.0.48
CVE : CAN-2003-0789 CAN-2003-0542

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved