Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Gentoo: 200310-04 Moderate: Apache Buffer Overflow Exploit

gentoo
Calendar Grey October 31, 2003
Dist Gentoo Esm H88
Gentoo Linux users should update net-www/apache to resolve buffer overflow issues in mod_alias and mod_rewrite modules.
A buffer overflow could occur in mod_alias and mod_rewrite when a regular expression with more than 9 captures is configured.

Summary


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200310-04 - ---------------------------------------------------------------------------
GENTOO BUG : 32271 – New ebuild needed for apache-2.0.48 which has 2 security fixes
- ---------------------------------------------------------------------------
Quote from < >:
This version of Apache is principally a bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.48 addresses two security vulnerabilities:
mod_cgid mishandling of CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used. [CAN-2003-0789]
A buffer overflow could occur in mod_alias and mod_rewrite when a regular expression with more than 9 captures is configured. [CAN-2003-0542]
This release is compatible with mo...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

PACKAGE : net-www/apache
SUMMARY : buffer overflow
DATE : Fri Oct 31 07:59:00 UTC 2003
EXPLOIT : local
VERSIONS AFFECTED : =apache-2.0.48
CVE : CAN-2003-0789 CAN-2003-0542

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround