MDKSA-2003:050

Package name

apache2

Date

2003-04-22

Advisory ID

MDKSA-2003:050

Affected versions

9.1 i586 , 9.1 i586

Problem description

A memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server. As well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences. After upgrading these packages, be sure to restart the httpd server by executing: service httpd restart

Updated packages

9.1 i586

 b9db2f91c7937244acb2d32f34ae9241  ppc/9.1/RPMS/apache2-2.0.45-4.2mdk.ppc.rpm
3bc96cd24d6bd3b307222d81fce9f4ca  ppc/9.1/RPMS/apache2-common-2.0.45-4.2mdk.ppc.rpm
60e4187ec0b293f25a9008c13c527c1a  ppc/9.1/RPMS/apache2-devel-2.0.45-4.2mdk.ppc.rpm
a3c3322b834790fc1da3c8e7f0901168  ppc/9.1/RPMS/apache2-manual-2.0.45-4.2mdk.ppc.rpm
352b82414ec0362eaa9c7ea451261a60  ppc/9.1/RPMS/apache2-mod_dav-2.0.45-4.2mdk.ppc.rpm
a537dc5489a82099cb87b24f3718e11c  ppc/9.1/RPMS/apache2-mod_ldap-2.0.45-4.2mdk.ppc.rpm
e6736e2c450bc76382cceaf7116e1616  ppc/9.1/RPMS/apache2-mod_ssl-2.0.45-4.2mdk.ppc.rpm
f5b6f2d90cb73845987624c7ffd514a3  ppc/9.1/RPMS/apache2-modules-2.0.45-4.2mdk.ppc.rpm
dca30abc0adead3a22c5fd3a82df8d20  ppc/9.1/RPMS/apache2-source-2.0.45-4.2mdk.ppc.rpm
f33cdee67bd82884bd6d77c551320961  ppc/9.1/RPMS/libapr0-2.0.45-4.2mdk.ppc.rpm
ab454d8e8e1d9c3f51a98ad2aaa4cffc  ppc/9.1/SRPMS/apache-conf-2.0.45-2.1mdk.src.rpm
c11d11afb80fba23925632089a70bc00  ppc/9.1/SRPMS/apache2-2.0.45-4.2mdk.src.rpm

9.1 i586

 ad53df84893a5cc1114c3de55cc91658  9.1/RPMS/apache2-2.0.45-4.2mdk.i586.rpm
60d8447552d758bc3565450f08b79bfe  9.1/RPMS/apache2-common-2.0.45-4.2mdk.i586.rpm
3060613a3a072d9fffc9bbfd0a994581  9.1/RPMS/apache2-devel-2.0.45-4.2mdk.i586.rpm
36504391b61565e9607a70c2d42a3b6a  9.1/RPMS/apache2-manual-2.0.45-4.2mdk.i586.rpm
b1778fe2310da4c8c94fcdefb6856ccd  9.1/RPMS/apache2-mod_dav-2.0.45-4.2mdk.i586.rpm
f7b614162bad34d2778b8621d7878641  9.1/RPMS/apache2-mod_ldap-2.0.45-4.2mdk.i586.rpm
e8c3e2db532f8c2c94b5ef05bab0ce85  9.1/RPMS/apache2-mod_ssl-2.0.45-4.2mdk.i586.rpm
2f56e31ce758a96a1c9fd8060eba4d1a  9.1/RPMS/apache2-modules-2.0.45-4.2mdk.i586.rpm
69029f8e2bda1254c6f469df9eace7f7  9.1/RPMS/apache2-source-2.0.45-4.2mdk.i586.rpm
43999a817273e73e901f8bf8ff05389f  9.1/RPMS/libapr0-2.0.45-4.2mdk.i586.rpm
ab454d8e8e1d9c3f51a98ad2aaa4cffc  9.1/SRPMS/apache-conf-2.0.45-2.1mdk.src.rpm
c11d11afb80fba23925632089a70bc00  9.1/SRPMS/apache2-2.0.45-4.2mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0083
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0132