Nom du paquet
apache2
Date
2003-08-28
Advisory ID
MDKSA-2003:075-1
Affected versions
9.1 i586 , 9.1 i586

Problem description

Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes: Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the new one (CAN-2003-0192). Certain errors returned by accept() on rarely accessed ports could cause temporary Denial of Service due to a bug in the prefork MPM (CAN-2003-0253). Denial of Service was caused when target host is IPv6 but FTP proxy server can't create IPv6 socket (CAN-2003-0254). The server would crash when going into an infinite loop due to too many subsequent internal redirects and nested subrequests (VU#379828). The Apache Software Foundation thanks Saheed Akhtar and Yoshioka Tsuneo for responsibly reporting these issues. To upgrade these apache packages, first stop Apache by issuing, as root: service httpd stop After the upgrade, restart Apache with: service httpd start Update: The previously released packages had a manpage conflict between apache2-common and apache-1.3 that prevented both packages from being installed at the same time. This update provides a fixed apache2-common package.

Updated packages

9.1 i586

 dc55704a8c82e088d95958ef31b38925  ppc/9.1/RPMS/apache2-common-2.0.47-1.2mdk.ppc.rpm
121bf6143709f1e6261bc041230e1b85  ppc/9.1/SRPMS/apache2-2.0.47-1.2mdk.src.rpm

9.1 i586

 3102c711e9c801009e54cb3b1ea89c11  9.1/RPMS/apache2-common-2.0.47-1.2mdk.i586.rpm
121bf6143709f1e6261bc041230e1b85  9.1/SRPMS/apache2-2.0.47-1.2mdk.src.rpm

References