drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Fehler in der Behandlung von Chunked Encoding in Apache
| Name: |
Fehler in der Behandlung von Chunked Encoding in Apache
|
|
| ID: |
|
|
| Distribution: |
Slackware |
|
| Plattformen: |
Slackware 8.0, Slackware 8.1 |
|
| Datum: |
Fr, 21. Juni 2002, 13:00 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392 |
|
Originalnachricht |
New Apache packages for Slackware are available to fix a security issue.
>From the Apache site:
"While testing for Oracle vulnerabilities, Mark Litchfield discovered a
denial of service attack for Apache on Windows. Investigation by the
Apache Software Foundation showed that this issue has a wider scope, which
on some platforms results in a denial of service vulnerability, while on
some other platforms presents a potential a remote exploit vulnerability."
The complete text of the Apache announcement may be found here:
http://httpd.apache.org/info/security_bulletin_20020617.txt
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0392 to this issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392
SOLUTION
--------
We recommend that sites providing external Apache access upgrade to the fixed
Apache package as soon as possible. If you are using mod_ssl, you will also
require an updated mod_ssl package. Updated packages have been prepared for
Slackware 8.0 and 8.1.
WHERE TO FIND THE NEW PACKAGES:
-------------------------------
Updated Apache package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/apache.tgz
Updated Apache package for Slackware 8.1:
apache-1.3.26-i386-1.tgz
Updated mod_ssl package for Slackware 8.0:
mod_ssl.tgz
Updated mod_ssl package for Slackware 8.1:
mod_ssl-2.8.9_1.3.26-i386-1.tgz
MD5 SIGNATURE:
--------------
Here are the md5sums for the packages:
Slackware 8.0:
69de43846c84209bc274ff5c1af554d6 apache.tgz
ca09ade9fbcd66b2e6e2aa13906140d2 mod_ssl.tgz
Slackware 8.1:
d92ba4c9a8b4afd589e274f394fa0e3c apache-1.3.26-i386-1.tgz
1ac6cd008bb22db99accacc8648efbf6 mod_ssl-2.8.9_1.3.26-i386-1.tgz
INSTALLATION INSTRUCTIONS:
--------------------------
First, stop apache:
# apachectl stop
Next, upgrade the package(s):
# upgradepkg apache-1.3.26-i386-1.tgz
# upgradepkg mod_ssl-2.8.9_1.3.26-i386-1.tgz
Then, restart apache:
# apachectl start
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- Slackware Linux Security Team
http://www.slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
|
|
|
|
