Mandrake alert: Updated apache2 packages fix multiple vulnerabilities

Posted by dave on Aug 28, 2003 9:16 PM EDT
Mailing list
Mail this story
Print this story

Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes:

Hash: SHA1


                Mandrake Linux Security Update Advisory

Package name:           apache2
Advisory ID:            MDKSA-2003:075-1
Date:                   August 28th, 2003
Original Advisory Date: July 21st, 2003
Affected versions:	9.1

Problem Description:

 Several vulnerabilities were discovered in Apache 2.x versions prior to
 2.0.47.  From the Apache 2.0.47 release notes:
 Certain sequences of per-directory renegotiations and the
 SSLCipherSuite directive being used to upgrade from a weak ciphersuite
 to a strong one could result in the weak ciphersuite being used in
 place of the new one (CAN-2003-0192).
 Certain errors returned by accept() on rarely accessed ports could
 cause temporary Denial of Service due to a bug in the prefork MPM
 Denial of Service was caused when target host is IPv6 but FTP proxy
 server can't create IPv6 socket (CAN-2003-0254).
 The server would crash when going into an infinite loop due to too many
 subsequent internal redirects and nested subrequests (VU#379828).
 The Apache Software Foundation thanks Saheed Akhtar and Yoshioka Tsuneo
 for responsibly reporting these issues.
 To upgrade these apache packages, first stop Apache by issuing, as
   service httpd stop
 After the upgrade, restart Apache with:
   service httpd start

 The previously released packages had a manpage conflict between
 apache2-common and apache-1.3 that prevented both packages from being
 installed at the same time.  This update provides a fixed
 apache2-common package.


Updated Packages:
 Mandrake Linux 9.1:
 3102c711e9c801009e54cb3b1ea89c11  9.1/RPMS/apache2-common-2.0.47-1.2mdk.i586.rpm
 121bf6143709f1e6261bc041230e1b85  9.1/SRPMS/apache2-2.0.47-1.2mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 dc55704a8c82e088d95958ef31b38925  ppc/9.1/RPMS/apache2-common-2.0.47-1.2mdk.ppc.rpm
 121bf6143709f1e6261bc041230e1b85  ppc/9.1/SRPMS/apache2-2.0.47-1.2mdk.src.rpm

Bug IDs fixed (see for more information):

To upgrade automatically, use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to

You can view other update advisories for Mandrake Linux at:

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by

If you want to report vulnerabilities, please contact

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
Version: GnuPG v1.0.7 (GNU/Linux)


» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.