MDKSA-2003:075-1
- Package name
- apache2
- Date
- 2003-08-28
- Advisory ID
- MDKSA-2003:075-1
- Affected versions
- 9.1 i586 , 9.1 i586
Problem description
Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes: Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the new one (CAN-2003-0192). Certain errors returned by accept() on rarely accessed ports could cause temporary Denial of Service due to a bug in the prefork MPM (CAN-2003-0253). Denial of Service was caused when target host is IPv6 but FTP proxy server can't create IPv6 socket (CAN-2003-0254). The server would crash when going into an infinite loop due to too many subsequent internal redirects and nested subrequests (VU#379828). The Apache Software Foundation thanks Saheed Akhtar and Yoshioka Tsuneo for responsibly reporting these issues. To upgrade these apache packages, first stop Apache by issuing, as root: service httpd stop After the upgrade, restart Apache with: service httpd start Update: The previously released packages had a manpage conflict between apache2-common and apache-1.3 that prevented both packages from being installed at the same time. This update provides a fixed apache2-common package.
Updated packages
9.1 i586
dc55704a8c82e088d95958ef31b38925 ppc/9.1/RPMS/apache2-common-2.0.47-1.2mdk.ppc.rpm 121bf6143709f1e6261bc041230e1b85 ppc/9.1/SRPMS/apache2-2.0.47-1.2mdk.src.rpm
9.1 i586
3102c711e9c801009e54cb3b1ea89c11 9.1/RPMS/apache2-common-2.0.47-1.2mdk.i586.rpm 121bf6143709f1e6261bc041230e1b85 9.1/SRPMS/apache2-2.0.47-1.2mdk.src.rpm