Support / Security / Advisories / Single Network Firewall 7.2 / MDKSA-2002:039

Package name: apache
Date: 2002-06-20
Advisory ID: MDKSA-2002:039
Affected versions: SNF7.2 i586

Problem description

A Denial of Service attack was discovered by Mark Litchfield in the Apache webserver. As well, while investigating this problem, the Apache Software Foundation discovered that the code for handling invalid requests that use chunked encoding may also allow arbitrary code to be executed on 64bit architectures. All versions of Apache prior to 1.3.26 and 2.0.37 are vulnerable to this problem. A patched version of Apache is currently available for Single Network Firewall 7.2, with patched versions of Apache soon to be available for the other supported Mandrake Linux versions.

Updated packages

SNF7.2 i586

 24f79880c17c12b1a0106c210e46ec9e  snf7.2/RPMS/apache-1.3.20-5.1mdk.i586.rpm
2b8d3b2b0430b78a49fe172e72e7b5a1  snf7.2/RPMS/apache-common-1.3.20-5.1mdk.i586.rpm
d104f95454b1d28035db97df19a6460b  snf7.2/RPMS/apache-devel-1.3.20-5.1mdk.i586.rpm
7180b8f52e477f89a68bc27a220d3ab2  snf7.2/RPMS/apache-manual-1.3.20-5.1mdk.i586.rpm
d9768de21cd57c828deaa36c63839ba0  snf7.2/RPMS/apache-mod_perl-1.3.20_1.24-5.1mdk.i586.rpm
44f05723dc7d10eb6e5590e34b21ce9a  snf7.2/RPMS/apache-mod_perl-devel-1.3.20_1.24-5.1mdk.i586.rpm
dc20b172adaa53806cc055b1f8ffe50a  snf7.2/RPMS/apache-suexec-1.3.20-5.1mdk.i586.rpm
49e9f481c8cc83fff20309e0f24add2e  snf7.2/RPMS/HTML-Embperl-1.3b6-5.1mdk.i586.rpm
5be9ae334cabbd773f43719f2d54853f  snf7.2/SRPMS/apache-1.3.20-5.1mdk.src.rpm

References

http://httpd.apache.org/info/security_bulletin_20020617.txt