![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: Eridani Star System <linux@eridani.co.uk> To: eridani-announce@eridani.co.uk Subject: [Eridani-Announce] ERISA-2002:012 - apache Date: Fri, 5 Apr 2002 19:49:07 +0100 (BST) ========================================================================= ERIDANI LINUX - SECURITY ANNOUNCEMENT ========================================================================= Package: apache Summary: Security fix and version upgrade Date: 2002-04-05 ID: ERISA-2002:012 ========================================================================= Problem description: Versions of apache prior to 1.3.24 sometimes put invalid client hostnames in the log file. The impact of the log file vulnerability is that a remote attacker may deliberately exploit this issue to cause spoofed information to be logged by the webserver. (There was also a Win32-specific security hole which is fixed in the source for this version, and not an issue to any Linux build.) ------------------------------------------------------------------------- Updated packages: 064293233a4cffea7bceafc45444ee70 apache-1.3.24-1.src.rpm edb61ac6fccc6e9ac43eca0affc3c0e5 apache-1.3.24-1.i386.rpm 20c2fc9e8cc6873d96928bef6871d526 apache-devel-1.3.24-1.i386.rpm 1df15ba8da3dd36263650481caff3698 apache-manual-1.3.24-1.i386.rpm aa8df5631602b84fbf6db563b2d2d239 mod_ssl-2.8.8-1.i386.rpm These packages supercede the packages released for ERISA-2002:006 (mod_ssl buffer overflow) and the older ones have been removed from the FTP server. ------------------------------------------------------------------------- References: http://www.techhc.hwgn.net/modules.php?name=News&file=article&sid=62 ========================================================================= Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/ or by HTTP from http://ftp.eridani.co.uk/ Packages are signed with our GNU GPG key, also on our FTP site. Users of releases of Eridani Linux prior to 6.3 are advised to download the source RPM and rebuild for their system. Copyright (C)2002 Eridani Star System -- Michael "Soruk" McConnell http://www.eridani.co.uk Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more... _______________________________________________ Eridani-Announce mailing list To be removed from this list email linux@eridani.co.uk requesting removal.