---

LBA-Linux Advisory: httpd


LBA-Linux Security Advisory

Subject: Updated httpd package for LBA-Linux R1
Advisory ID: LBASA-2004:34
Date: Wednesday, September 15, 2004
Product: LBA-Linux R1


Problem description:

CAN-2004-0748
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to
cause a denial of service (CPU consumption) by aborting an SSL
connection in a way that causes an Apache child process to enter an
infinite loop.

CAN-2004-0751
The char_buffer_read function in the mod_ssl module for Apache 2.x,
when using reverse proxying to an SSL server, allows remote
attackers to cause a denial of service (segmentation fault).

Updated packages:

LBA-Linux R1:

i386:

ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/httpd-2.0.48-16.lba.9.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/httpd-devel-2.0.48-16.lba.9.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/httpd-manual-2.0.48-16.lba.9.i386.rpm


ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/mod_ssl-2.0.48-16.lba.9.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named httpd to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751

Copyright(c) 2001-2004 SOT

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis