User: Password:
Subscribe / Log in / New account

Yellow Dog alert YDU-20030603-1 (apache2)

From:  Terra Soft Security Team <>
Subject:  Yellow Dog Linux Security Advisory: YDU-20030603-1
Date:  Tue, 03 Jun 2003 19:00:25 -0600

Yellow Dog Linux Security Announcement -------------------------------------- Package: httpd Issue Date: Jun 03,2003 Priority: medium Advisory ID: YDU-20030603-1 1. Topic: Updated httpd packages are available. 2. Problem: "A build system problem in Apache 2.0 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2003-0189 to this issue. All users of the Apache HTTP Web Server are advised to upgrade to the applicable errata packages, which contain back-ported fixes correcting these issues, and applied to Apache version 2.0.40. After the errata packages are installed, restart the Web service by running the following command: /sbin/service httpd restart" (From Red Hat Advisory) 3. Solution: a) Updating via apt... We suggest that you use the apt-get program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: apt-get update apt-get install httpd b) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] Yellow Dog Linux 3.0 ppc/httpd-2.0.40-21.3a.ppc.rpm ppc/httpd-devel-2.0.40-21.3a.ppc.rpm ppc/httpd-manual-2.0.40-21.3a.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- [Yellow Dog Linux 3.0] 341a114b02e856c12180a02b936803b4 SRPMS/httpd-2.0.40-21.3a.src.rpm 1219aa78fb6923f12af18401abd24ece ppc/httpd-2.0.40-21.3a.ppc.rpm dc92d3c6efe89ece6d59d216b08a1af5 ppc/httpd-devel-2.0.40-21.3a.ppc.rpm 5a241f99fca2aa35d7d8253d0f102523 ppc/httpd-manual-2.0.40-21.3a.ppc.rpm 0326e81e2fbd21a779756947d4e1b9fc ppc/mod_ssl-2.0.40-21.3a.ppc.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: md5sum <filename> 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See for more information. For information regarding the usage of apt-get, see: _______________________________________________ yellowdog-updates mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds