:tinysofa Advisory: apache/httpd
tinysofa Advisory: apache/httpd 0 Talkback[s]
Package name: apache / httpd
Security Fixes
apache:
A remote exploit has been discovered in the Apache HTTP server [0]=20
which allows an attacker to cause the server to allocate increasing
amounts of memory until system memory is exhausted or until process
limits are reached.
This problem has been assigned the name CAN-2004-0493 [1] by the=20
Common Vulnerabilities and Exposures (CVE) project.
[0] http://httpd.apache.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0493
Recommended Action
We recommend that all systems with these packages installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location
All tinysofa updates are available from
<URI:http://http.tinysofa.org/pub/tinysofa/updates/ >ftp://ftp.tinysofa.org/pub/tinysofa/updates/ >
Automatic Updates
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Users of the APT tool may use the 'apt-get upgrade' command.
Questions?
Check out our mailing lists:http://www.tinysofa.org/support/ >
Verification
This advisory is signed with the tinysofa security sign key.
This key is available from:http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xAEDCBB4B >
All tinysofa packages are signed with the tinysofa stable sign key.
This key is available from:http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0x0F1240A2 >
The advisory is available from the tinysofa errata database athttp://www.tinysofa.org/support/errata/ >http://www.tinysofa.org/support/errata/2004/012.html >
MD5sums Of The Packages
[server-1.0]
ebc6032e2b8581955df97921bd194fda apache-2.0.49-14ts.i586.rpm
[server-2.0]
dc3bf12c0df7ea363da38382e11ed5d4 httpd-2.0.49-8ts.i386.rpm
--
