MDKSA-2003:075

Package name

apache2

Date

2003-07-21

Advisory ID

MDKSA-2003:075

Affected versions

9.1 i586 , 9.1 i586

Problem description

Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes: Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the new one (CAN-2003-0192). Certain errors returned by accept() on rarely accessed ports could cause temporary Denial of Service due to a bug in the prefork MPM (CAN-2003-0253). Denial of Service was caused when target host is IPv6 but FTP proxy server can't create IPv6 socket (CAN-2003-0254). The server would crash when going into an infinite loop due to too many subsequent internal redirects and nested subrequests (VU#379828). The Apache Software Foundation thanks Saheed Akhtar and Yoshioka Tsuneo for responsibly reporting these issues. To upgrade these apache packages, first stop Apache by issuing, as root: service httpd stop After the upgrade, restart Apache with: service httpd start

Updated packages

9.1 i586

 6f1c1f3393a2517d2a6efc060986d5f6  ppc/9.1/RPMS/apache-conf-2.0.44-11.1mdk.ppc.rpm
7692cc8ceb9570d00bdcd14a31635ea8  ppc/9.1/RPMS/apache2-2.0.47-1.1mdk.ppc.rpm
4d0a1f922b53da1cad75c0ffe92b6eb6  ppc/9.1/RPMS/apache2-common-2.0.47-1.1mdk.ppc.rpm
6428efa29c215a11d16af2eb19c66df0  ppc/9.1/RPMS/apache2-devel-2.0.47-1.1mdk.ppc.rpm
4e09ede360c766be3480f26f06e898da  ppc/9.1/RPMS/apache2-manual-2.0.47-1.1mdk.ppc.rpm
d8a9778144123ed670e69efae82704df  ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.1mdk.ppc.rpm
1d11cb6e70fb41ab59fe97291c883825  ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.1mdk.ppc.rpm
c555df0597fbaf7a7600c86b77470830  ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.1mdk.ppc.rpm
870f375144db36fa7f97b4e4a220b76f  ppc/9.1/RPMS/apache2-modules-2.0.47-1.1mdk.ppc.rpm
36afbb4e44d0525a97f36a22eddc3fea  ppc/9.1/RPMS/apache2-source-2.0.47-1.1mdk.ppc.rpm
190aa752b6b00ac28d5c246d35d9cdef  ppc/9.1/RPMS/libapr0-2.0.47-1.1mdk.ppc.rpm
6ca5928088016125c0493ba42e42d8bd  ppc/9.1/SRPMS/apache-conf-2.0.44-11.1mdk.src.rpm
a649bb491709936ab8c69944d8daae9f  ppc/9.1/SRPMS/apache2-2.0.47-1.1mdk.src.rpm

9.1 i586

 6878287e750c587d3240e23f809ee9f4  9.1/RPMS/apache-conf-2.0.44-11.1mdk.i586.rpm
847ee399abf4caea566db066d725c215  9.1/RPMS/apache2-2.0.47-1.1mdk.i586.rpm
b96ec2e4ae78347e54bcdee5174268ea  9.1/RPMS/apache2-common-2.0.47-1.1mdk.i586.rpm
693fa8f4b57865352c052e6ed056f8d2  9.1/RPMS/apache2-devel-2.0.47-1.1mdk.i586.rpm
b52cc16627ecc10e75cf0064b23cdd79  9.1/RPMS/apache2-manual-2.0.47-1.1mdk.i586.rpm
5e53cb7985228e1387363b98235fbf27  9.1/RPMS/apache2-mod_dav-2.0.47-1.1mdk.i586.rpm
7bb48f701eb345b2dfbc7a2b4f5a58a1  9.1/RPMS/apache2-mod_ldap-2.0.47-1.1mdk.i586.rpm
e0b5a5df69eff6d11c1ee3d153bf4522  9.1/RPMS/apache2-mod_ssl-2.0.47-1.1mdk.i586.rpm
0d7aad34a3609bed609d0144eafe8c67  9.1/RPMS/apache2-modules-2.0.47-1.1mdk.i586.rpm
a6fe923d55c30533a257194b90175898  9.1/RPMS/apache2-source-2.0.47-1.1mdk.i586.rpm
58f60b14beda6d52843fd59c7b4ae45b  9.1/RPMS/libapr0-2.0.47-1.1mdk.i586.rpm
6ca5928088016125c0493ba42e42d8bd  9.1/SRPMS/apache-conf-2.0.44-11.1mdk.src.rpm
a649bb491709936ab8c69944d8daae9f  9.1/SRPMS/apache2-2.0.47-1.1mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0192
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0253
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0254
• http://www.cert.org/advisories/379828
• http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175