On Sat, 31 May 2003 19:18:37 -0400 JoeHill <[EMAIL PROTECTED]> wrote:
> thanks! I wonder how long it will take for a patch like this to appear
> on the MDK security updates list?
Already done.
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: apache2
Advisory ID: MDKSA-2003:063
Date: May 30th, 2003
Affected versions: 9.1
________________________________________________________________________
Problem Description:
Two vulnerabilities were discovered in the Apache web server that
affect all 2.x versions prior to 2.0.46. The first, discovered by John
Hughes, is a build system problem that allows remote attackers to
prevent access to authenticated content when a threaded server is used.
This only affects versions of Apache compiled with threaded server
"httpd.worker", which is not the default for Mandrake Linux.
The second vulnerability, discovered by iDefense, allows remote
attackers to cause a DoS (Denial of Service) condition and may also
allow the execution of arbitrary code.
The provided packages include back-ported fixes to correct these
vulnerabilities and MandrakeSoft encourages all users to upgrade
immediately.
________________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0245
________________________________________________________________________
Charles
--
A girl with a future avoids the man with a past.
-- Evan Esar, "The Humor of Humor"
-------------------------
Mandrake Linux 9.2 on PurpleDragon
Kernel-enterprise-2.4.21.0rc1.1mdk
-------------------------
pgp00000.pgp
Description: PGP signature
