OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 28-Oct-2003 16:14:14
Branch: HEAD Handle: 2003102815141300
Modified files:
openpkg-web/security OpenPKG-SA-2003.046-apache.txt
Log:
final polishing and signing
Summary:
Revision Changes Path
1.2 +23 -11 openpkg-web/security/OpenPKG-SA-2003.046-apache.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2003.046-apache.txt
============================================================================
$ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2003.046-apache.txt
--- openpkg-web/security/OpenPKG-SA-2003.046-apache.txt 28 Oct 2003 14:46:56
-0000 1.1
+++ openpkg-web/security/OpenPKG-SA-2003.046-apache.txt 28 Oct 2003 15:14:13
-0000 1.2
@@ -1,28 +1,33 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
-OpenPKG-SA-2003.046 29-Oct-2003
+OpenPKG-SA-2003.046 28-Oct-2003
________________________________________________________________________
Package: apache
-Vulnerability: local regex backreference overflow
+Vulnerability: local buffer overflow
OpenPKG Specific: no
-Affected Releases: Affected Packages: Corrected Packages:
-OpenPKG CURRENT <= apache-1.3.28-20031009 >= apache-1.3.29-20031028
-OpenPKG 1.3 <= apache-1.3.28-1.3.0 >= apache-1.3.28-1.3.1
-OpenPKG 1.2 <= apache-1.3.27-1.2.2 >= apache-1.3.27-1.2.3
+Affected Releases: Affected Packages: Corrected Packages:
+OpenPKG CURRENT <= apache-1.3.28-20031009 >= apache-1.3.29-20031028
+OpenPKG 1.3 <= apache-1.3.28-1.3.0 >= apache-1.3.28-1.3.1
+OpenPKG 1.2 <= apache-1.3.27-1.2.2 >= apache-1.3.27-1.2.3
Dependent Packages: none
Description:
- Andre Malo fixed problems [0] in the mod_alias and mod_rewrite
- modules of the Apache [1] webserver. Buffer overflows occurred if a
- regular expression with more than 9 captures were configured. The
- Common Vulnerabilities and Exposures (CVE) project assigned the id
- CAN-2003-0542 [2] to the problem.
+ Andr� Malo discovered buffer overflows [0] in the mod_alias and
+ mod_rewrite modules of the Apache [1] webserver. These occurred if
+ a regular expression with more than 9 capturing parenthesis was
+ configured. To exploit this, an attacker would need to be able to
+ locally create a carefully crafted configuration file (.htaccess or
+ httpd.conf). The Common Vulnerabilities and Exposures (CVE) project
+ assigned the id CAN-2003-0542 [2] to the problem.
Please check whether you are affected by running "<prefix>/bin/rpm -q
apache". If you have the "apache" package installed and its version
@@ -69,3 +74,10 @@
for details on how to verify the integrity of this advisory.
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQE/noeSgHWT4GPEy58RAoXAAJ4v/EYluJUzbQueyCI8VncYhnhoPgCfRg5v
+VHLblOpScHN9zU9rrXFwMIo=
+=kWUY
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
