Yellow Dog Linux Security Advisory: YDU-20030603-1
Terra Soft Security Team
yellowdog-updates@lists.terrasoftsolutions.com
Tue, 03 Jun 2003 19:00:25 -0600
Yellow Dog Linux Security Announcement
--------------------------------------
Package: httpd
Issue Date: Jun 03,2003
Priority: medium
Advisory ID: YDU-20030603-1
1. Topic:
Updated httpd packages are available.
2. Problem:
"A build system problem in Apache 2.0 through 2.0.45 allows remote
attackers
to cause a denial of access to authenticated content when a threaded
server is used. The Common Vulnerabilities and Exposures project
(cve.mitre.org)
has assigned the name CAN-2003-0189 to this issue.
All users of the Apache HTTP Web Server are advised to upgrade to the
applicable errata packages, which contain back-ported fixes correcting
these issues, and applied to Apache version 2.0.40.
After the errata packages are installed, restart the Web service by running
the following command:
/sbin/service httpd restart"
(From Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install httpd
b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
Yellow Dog Linux 3.0
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
ppc/httpd-2.0.40-21.3a.ppc.rpm
ppc/httpd-devel-2.0.40-21.3a.ppc.rpm
ppc/httpd-manual-2.0.40-21.3a.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
[Yellow Dog Linux 3.0]
341a114b02e856c12180a02b936803b4 SRPMS/httpd-2.0.40-21.3a.src.rpm
1219aa78fb6923f12af18401abd24ece ppc/httpd-2.0.40-21.3a.ppc.rpm
dc92d3c6efe89ece6d59d216b08a1af5 ppc/httpd-devel-2.0.40-21.3a.ppc.rpm
5a241f99fca2aa35d7d8253d0f102523 ppc/httpd-manual-2.0.40-21.3a.ppc.rpm
0326e81e2fbd21a779756947d4e1b9fc ppc/mod_ssl-2.0.40-21.3a.ppc.rpm
If you wish to verify that each package has not been corrupted or
tampered with,
examine the md5sum with the following command: md5sum <filename>
5. Misc.
Terra Soft has setup a moderated mailing list where these security,
bugfix, and package
enhancement announcements will be posted. See
http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml