LBA-Linux Advisory: httpd

LBA-Linux Security Advisory

Subject: Updated httpd package for LBA-Linux R1
Advisory ID: LBASA-2004:34
Date: Wednesday, September 15, 2004
Product: LBA-Linux R1

Problem description:

mod_ssl in Apache 2.0.50 and earlier allows remote attackers to
cause a denial of service (CPU consumption) by aborting an SSL
connection in a way that causes an Apache child process to enter an
infinite loop.

The char_buffer_read function in the mod_ssl module for Apache 2.x,
when using reverse proxying to an SSL server, allows remote
attackers to cause a denial of service (segmentation fault).

Updated packages:

LBA-Linux R1:






Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named httpd to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.




Copyright(c) 2001-2004 SOT

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis