Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Critical Advisory RHSA-2004:600-01 for Apache Buffer Overflow on RHEL 2.1

red hat
Calendar Grey December 13, 2004
Dist Redhat Esm H88
New versions of apache and mod_ssl have been rolled out for Red Hat users, addressing various vulnerabilities and improving functionality.
Updated apache and mod_ssl packages that fix various minor security issues and bugs in the Apache Web server are now available for Red Hat Enterprise Linux 2.1.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

131360 - RHEL 2.1 mod_ssl missing shmht fixes 134826 - CAN-2004-0885 SSLCipherSuite bypass 137417 - CAN-2004-0940 mod_include local escalation 137419 - CAN-2003-0987 mod_digest nonce checking flaw

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: 5e3bb05b7fd122692c703411a5d17ab9 apache-1.3.27-9.ent.src.rpm bbbc409c5a12a379f48ce0ebb85e2f01 mod_ssl-2.8.12-7.src.rpm

i386: 66d324070e1da4bd12d85ae3dec757c6 apache-1.3.27-9.ent.i386.rpm b18ee6322e54c318ea8dadbd2e9daf5a apache-devel-1.3.27-9.ent.i386.rpm 9870a429161d6e023ed6cbf15d63d37c apache-manual-1.3.27-9.ent.i386.rpm 0f4fd06fa3a1e53ed59462514a4e9756 mod_ssl-2.8.12-7.i386.rpm

ia64: 5605186178e4162ebc88f9b1f44481ab apache-1.3.27-9.ent.ia64.rpm 63bf0814fca717f6c47ee9cc24cc6e75 apache-devel-1.3.27-9.ent.ia64.rpm 3b537044378bc27844281897cb4b764d apache-manual-1.3.27-9.ent.ia64.rpm aa9a679d0ababfedc0e3916eae197be2 mod_ssl-2.8.12-7.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: 5e3bb05b7fd122692c703411a5d17ab9 apache-1.3.27-9.ent.src.rpm bbbc409c5a12a379f48ce0ebb85e2f01 mod_ssl-2.8.12-7.src.rpm

ia64: 5605186178e4162ebc88f9b1f44481ab apache-1.3.27-9.ent.ia64.rpm 63bf0814fca717f6c47ee9cc24cc6e75 apache-devel-1.3.27-9.ent.ia64.rpm 3b537044378bc27844281897cb4b764d apache-manual-1.3.27-9.ent.ia64.rpm aa9a679d0ababfedc0e3916eae197be2 mod_ssl-2.8.12-7.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: 5e3bb05b7fd122692c703411a5d17ab9 apache-1.3.27-9.ent.src.rpm bbbc409c5a12a379f48ce0ebb85e2f01 mod_ssl-2.8.12-7.src.rpm

i386: 66d324070e1da4bd12d85ae3dec757c6 apache-1.3.27-9.ent.i386.rpm b18ee6322e54c318ea8dadbd2e9daf5a apache-devel-1.3.27-9.ent.i386.rpm 9870a429161d6e023ed6cbf15d63d37c apache-manual-1.3.27-9.ent.i386.rpm 0f4fd06fa3a1e53ed59462514a4e9756 mod_ssl-2.8.12-7.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: 5e3bb05b7fd122692c703411a5d17ab9 apache-1.3.27-9.ent.src.rpm bbbc409c5a12a379f48ce0ebb85e2f01 mod_ssl-2.8.12-7.src.rpm

i386: 66d324070e1da4bd12d85ae3dec757c6 apache-1.3.27-9.ent.i386.rpm b18ee6322e54c318ea8dadbd2e9daf5a apache-devel-1.3.27-9.ent.i386.rpm 9870a429161d6e023ed6cbf15d63d37c apache-manual-1.3.27-9.ent.i386.rpm 0f4fd06fa3a1e53ed59462514a4e9756 mod_ssl-2.8.12-7.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from

Summary

Topics%20covered

Topics Covered

security advisory Red Hat buffer overflow critical apache mod_ssl replay attack

References

https://www.cve.org/CVERecord?id=CAN-2004-0885 https://www.cve.org/CVERecord?id=CAN-2004-0940 https://www.cve.org/CVERecord?id=CAN-2003-0987

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2004:600-01
Advisory URL: https://access.redhat.com/errata/RHSA-2004:600.html
Issue date: 2004-12-13
Updated on: 2004-12-13
Product: Red Hat Enterprise Linux

Topic

Topics%20covered

Topics Covered

security advisory Red Hat buffer overflow critical apache mod_ssl replay attack

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here