Yellow Dog Linux Security Advisory: YDU-20030603-1

Terra Soft Security Team yellowdog-updates@lists.terrasoftsolutions.com
Tue, 03 Jun 2003 19:00:25 -0600 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	httpd
Issue Date:	Jun 03,2003
Priority:	medium
Advisory ID: 	YDU-20030603-1


1. 	Topic:

	Updated httpd packages are available.


2. 	Problem:
	
	"A build system problem in Apache 2.0 through 2.0.45 allows remote 
attackers
	to cause a denial of access to authenticated content when a threaded
	server is used. The Common Vulnerabilities and Exposures project 
(cve.mitre.org)
	has assigned the name CAN-2003-0189 to this issue.

	All users of the Apache HTTP Web Server are advised to upgrade to the
	applicable errata packages, which contain back-ported fixes correcting
	these issues, and applied to Apache version 2.0.40.

	After the errata packages are installed, restart the Web service by running
	the following command:

	/sbin/service httpd restart"
	
	(From Red Hat Advisory)
	

3. 	Solution:

    	a) Updating via apt...
    	We suggest that you use the apt-get program to keep your
    	system up-to-date. The following command(s) will retrieve
    	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install httpd

    	b) Updating manually...
	Download the updates below and then run the following rpm command.
    	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/httpd-2.0.40-21.3a.ppc.rpm
			ppc/httpd-devel-2.0.40-21.3a.ppc.rpm
			ppc/httpd-manual-2.0.40-21.3a.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
341a114b02e856c12180a02b936803b4  SRPMS/httpd-2.0.40-21.3a.src.rpm
1219aa78fb6923f12af18401abd24ece  ppc/httpd-2.0.40-21.3a.ppc.rpm
dc92d3c6efe89ece6d59d216b08a1af5  ppc/httpd-devel-2.0.40-21.3a.ppc.rpm
5a241f99fca2aa35d7d8253d0f102523  ppc/httpd-manual-2.0.40-21.3a.ppc.rpm
0326e81e2fbd21a779756947d4e1b9fc  ppc/mod_ssl-2.0.40-21.3a.ppc.rpm

If you wish to verify that each package has not been corrupted or 
tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, 
bugfix, and package
enhancement announcements will be posted. See 
http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml