Fedora Legacy Test Update Notification: apache
Marc Deslauriers
marcdeslauriers at videotron.ca
Thu Sep 30 10:27:58 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-1737
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1737
2004-09-30
- ---------------------------------------------------------------------
Name : apache
Versions : 7.3: 1.3.27-5.legacy
Summary : The most widely used Web server on the Internet.
Description :
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the
Internet.
- ---------------------------------------------------------------------
Update Information:
A buffer overflow was found in the Apache proxy module, mod_proxy, which
can be triggered by receiving an invalid Content-Length header. In order
to exploit this issue, an attacker would need an Apache installation
that was configured as a proxy to connect to a malicious site. This
would
cause the Apache child processing the request to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name
CAN-2004-0492 to this issue.
- ---------------------------------------------------------------------
7.3 changelog:
* Fri Jun 11 2004 Dominic Hargreaves <dom at earth.li> 1.3.27-5.legacy
- - add security fix for CVE CAN-2004-0492
- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/redhat/
(sha1sums)
2e1f8e6bafbbbe02ac26ccc98b73631e62c889ce
7.3/updates-testing/i386/apache-1.3.27-5.legacy.i386.rpm
27a716974163c739784e09992f1d84a1996041d9
7.3/updates-testing/i386/apache-devel-1.3.27-5.legacy.i386.rpm
ab688996e12f0364a50b58c2b120d933b403ce6b
7.3/updates-testing/i386/apache-manual-1.3.27-5.legacy.i386.rpm
e2fadeb9a430a5dbda28076cd850180fbb95c2b8
7.3/updates-testing/SRPMS/apache-1.3.27-5.legacy.src.rpm
- ---------------------------------------------------------------------
Please test and comment in bugzilla.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBW9+RLMAs/0C4zNoRApSxAKCBwqQrLv3Kv5ni2Q2skeZl406LLQCeNN+d
BMxHh+A/TbDH8mw4nD25CuA=
=NdQK
-----END PGP SIGNATURE-----
More information about the fedora-legacy-list
mailing list