|
|
Subscribe / Log in / New account

Eridani alert ERISA-2002:024 (apache)

From:	 Eridani Star System <linux@eridani.co.uk>
To:	 eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:024 - apache
Date:	 Wed, 19 Jun 2002 19:12:10 +0100 (BST)

=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	apache
Summary:	Chunked encoding bug - possible DoS vulnerability
Date:		2002-06-19
ID:		ERISA-2002:024

=========================================================================

Problem description:

  Versions of the Apache web server up to and including 1.3.24 contain a
  bug in the routines which deal with invalid requests which are encoded
  using chunked encoding.  This bug can be triggered remotely by sending
  a carefully crafted invalid request.  This functionality is enabled by
  default.  This issue causes a stack overflow.  Due to the nature of the
  overflow on 32-bit Unix platforms this will cause a segmentation violation
  and the child will terminate. 

  64-bit Unix offers a remote exploit potential, however Eridani Linux
  is a 32-bit platform and therefore does not pose a threat. However,
  we strongly advise upgrading as this update fixes the denial-of-service
  possibility.

  This advisory supercedes ERISA-2002:012, and the old packages have been
  removed from the FTP server.

-------------------------------------------------------------------------
Updated packages:

  1a1f4cc70a94159d3fc1c9fa111672ce  apache-1.3.26-1.src.rpm

  3bbdf0eaa4839a4d50a652bc876cefc2  apache-1.3.26-1.i386.rpm
  45f532124a2a9e56f8842c286d98bcd9  apache-devel-1.3.26-1.i386.rpm
  84aaefc9d15723d530346ca639530a02  apache-manual-1.3.26-1.i386.rpm
  ac17c618170aba5773cac06bb03abc1e  mod_ssl-2.8.9-1.i386.rpm

-------------------------------------------------------------------------
References:

  http://http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392
  http://lwn.net/Articles/2762/

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download   
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...

_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds