` 

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          Updated apache, php, mod_perl, and auth_ldap packages available.
Advisory ID:       RHSA-2000:088-05
Issue date:        2000-10-18
Updated on:        2000-11-27
Product:           Red Hat Linux
Keywords:          apache mod_rewrite format string virtual host
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

Updated apache, php, mod_perl, and auth_ldap packages are now available for

Red Hat Linux 5.2, 6.0, 6.1, 6.2, and 7.



2000-11-27: Added packages for Red Hat Linux 7 for Alpha

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386, alpha, sparc
Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
Red Hat Linux 7.0 - i386, alpha

3. Problem description:

A vulnerability in the mod_rewrite module and vulnerabilities in the
virtual hosting facility in versions of Apache prior to 1.3.14 may allow
attackers to view files on the server which are meant to be inaccessible.
Format string vulnerabilities have been found in PHP versions 3 and 4.

Because upgrading to Apache 1.3.14 creates binary incompatibilities with
web server modules built against older versions of Apache, the remaining
RPMs listed here must be upgraded as well.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Users of Red Hat Linux 6.0 and 6.1 will need to manually install the
apache-manual-1.3.14-1.6.2 package by running:

rpm -Uvh [filename]

No vendor fixes are available for any vulnerabilities which may be present
in the phpfi package included with Red Hat Linux 5.2 and 6.x.  Users are
urged to uninstall the package by running:

rpm -e phpfi

5. Bug IDs fixed  ( for more info):

18881 - mod_rewrite bug allows access despite deny/allow filters18965 - PHP remote format string vulnerabilities
19203 - New mysql packages breaks php with apache


6. RPMs required:

Red Hat Linux 5.2:

alpha: 
 
 
 
 
 

sparc: 
 
 
 
 
 

i386: 
 
 
 
 
 

sources: 
 
 

Red Hat Linux 6.2:

alpha: 
 
 
 
 

sparc: 
 
 
 
 

i386: 
 
 
 
 

sources: 
 
 

Red Hat Linux 7.0:

alpha: 
 
 
 
 
 
 
 
 
 
 

i386: 
 
 
 
 
 
 
 
 
 
 

sources: 
 

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
df41190a206067dcb897cf08adc87b0d  5.2/SRPMS/apache-1.3.14-2.5.x.src.rpm
e4f9d3a172651de8bf51e82d0899a4f5  5.2/SRPMS/mod_perl-1.19-2.src.rpm
13e2403401812f5b4eec8ac8b7f866ff  5.2/SRPMS/php-3.0.17-1.5.x.src.rpm
517170fbf13f1f096e68da9d1e0cc4f4  5.2/alpha/apache-1.3.14-2.5.x.alpha.rpm
d402ae6a56609910c7940f3b836451df  5.2/alpha/apache-devel-1.3.14-2.5.x.alpha.rpm
68fd20e06f04131e1387314d102bae92  5.2/alpha/mod_perl-1.19-2.alpha.rpm
54bc62a008a60df77ce77f5e0cda873b  5.2/alpha/php-3.0.17-1.5.x.alpha.rpm
4cccb9bb1a76114670400401bf374a86  5.2/alpha/php-manual-3.0.17-1.5.x.alpha.rpm
3c2fdd01baa590739b1d5e71b6d02675  5.2/alpha/php-pgsql-3.0.17-1.5.x.alpha.rpm
36f489a538e44e7d2bc305807ed08405  5.2/i386/apache-1.3.14-2.5.x.i386.rpm
b83959d1952baa3bfc6b9ba07114c433  5.2/i386/apache-devel-1.3.14-2.5.x.i386.rpm
1aa083e13c19f0fae9bbd07fadae5ea5  5.2/i386/mod_perl-1.19-2.i386.rpm
ba0866d9cfd0abad21639ec969633c4c  5.2/i386/php-3.0.17-1.5.x.i386.rpm
807782b7bac638533b562f95eb0de247  5.2/i386/php-manual-3.0.17-1.5.x.i386.rpm
fedf34da25d898a31a24d25ade384650  5.2/i386/php-pgsql-3.0.17-1.5.x.i386.rpm
d77722cee125faf00fc0b82da5a4a90b  5.2/sparc/apache-1.3.14-2.5.x.sparc.rpm
7920d5a2fd684d7e3fa0bc1b2f0a7cfd  5.2/sparc/apache-devel-1.3.14-2.5.x.sparc.rpm
a8fc90d73b51006f641a355d864b361c  5.2/sparc/mod_perl-1.19-2.sparc.rpm
690d2cc9499437923a1ada5df70a0b33  5.2/sparc/php-3.0.17-1.5.x.sparc.rpm
405b9044b23c9f619f7ed8feec86efd0  5.2/sparc/php-manual-3.0.17-1.5.x.sparc.rpm
9d3097d4af4d526c716456ffdb731413  5.2/sparc/php-pgsql-3.0.17-1.5.x.sparc.rpm
a5effcd6e850154541b38e64b9ee5e4e  6.2/SRPMS/apache-1.3.14-2.6.2.src.rpm
48c4f91c4c40342a51ef378c5f64f864  6.2/SRPMS/auth_ldap-1.4.0-3.src.rpm
54b94ee28f0b82a73f689e1c13b0784c  6.2/SRPMS/mod_perl-1.23-3.src.rpm
d9afb78c66171faca081f2fdcbea261a  6.2/alpha/apache-1.3.14-2.6.2.alpha.rpm
45b1d2625571c3a566545cc4f1a863b0  6.2/alpha/apache-devel-1.3.14-2.6.2.alpha.rpm
16dc43f3fb474e60a43668ccc78c099e  6.2/alpha/apache-manual-1.3.14-2.6.2.alpha.rpm
733d9648c3a7a832f3bac28a18153594  6.2/alpha/auth_ldap-1.4.0-3.alpha.rpm
8c2419a3fd55318fb9a62edab5a91e9b  6.2/alpha/mod_perl-1.23-3.alpha.rpm
1f968d559a5ce71e429859c8b81ffdb5  6.2/i386/apache-1.3.14-2.6.2.i386.rpm
bb3c78ab90942ed4259fe6fe11bd4101  6.2/i386/apache-devel-1.3.14-2.6.2.i386.rpm
5c4b8793cf47175a54d2d51ac1ac1508  6.2/i386/apache-manual-1.3.14-2.6.2.i386.rpm
551b45464efc5c8f471993f8360040a5  6.2/i386/auth_ldap-1.4.0-3.i386.rpm
d4ba84c07ce740e8e185866dc5cee5dd  6.2/i386/mod_perl-1.23-3.i386.rpm
597bbaa612e5b07e248a2f9a62eab0a1  6.2/sparc/apache-1.3.14-2.6.2.sparc.rpm
7a1c02fbee1451b8fd73d8629f3c25a3  6.2/sparc/apache-devel-1.3.14-2.6.2.sparc.rpm
70bbeed9f84a6a730a907f26a90878a2  6.2/sparc/apache-manual-1.3.14-2.6.2.sparc.rpm
7deccfc223e8081306f99bb64ed087c3  6.2/sparc/auth_ldap-1.4.0-3.sparc.rpm
0476d641548a2369635aabb7c093b177  6.2/sparc/mod_perl-1.23-3.sparc.rpm
1066b83f9753a657222e8b962f9c4bde  7.0/SRPMS/apache-1.3.14-3.src.rpm
ea87dea6a65416332fe990ac81b6b201  7.0/SRPMS/php-4.0.3pl1-1.src.rpm
aec2c14482779fe75d1e50bbd90cd9f4  7.0/alpha/apache-1.3.14-3.alpha.rpm
180ae715371746e3b297ee874d81b51a  7.0/alpha/apache-devel-1.3.14-3.alpha.rpm
2d75a75dd886a8eed0e24a93e4ce5461  7.0/alpha/apache-manual-1.3.14-3.alpha.rpm
a6ab4c8fba2cf8d65a4a79d78a48127a  7.0/alpha/mod_php-4.0.3pl1-1.alpha.rpm
d13f857ee164be0e971c3246e4afb623  7.0/alpha/mod_ssl-2.7.1-3.alpha.rpm
c119952c9d98d126f4cf8b5d2c709736  7.0/alpha/php-4.0.3pl1-1.alpha.rpm
1b546a6f8526a494cc8bb49b51133539  7.0/alpha/php-imap-4.0.3pl1-1.alpha.rpm
ed0329c9827a4e454249564d452101e7  7.0/alpha/php-ldap-4.0.3pl1-1.alpha.rpm
0aa9d2933f961269a28ada491b300a72  7.0/alpha/php-manual-4.0.3pl1-1.alpha.rpm
8dc0f5b84c6df6fb57d1d9394a7b7ca6  7.0/alpha/php-mysql-4.0.3pl1-1.alpha.rpm
db28f5c7ea3217ec21452e330facaa97  7.0/alpha/php-pgsql-4.0.3pl1-1.alpha.rpm
683e6b5719b2b2b08e415be4cd0fcd77  7.0/i386/apache-1.3.14-3.i386.rpm
80707bdf583dafaf489df27a50abc34d  7.0/i386/apache-devel-1.3.14-3.i386.rpm
24aea071ebbdc20e5261c90be1920f86  7.0/i386/apache-manual-1.3.14-3.i386.rpm
01e7bc2e663ed4321f682f78ab6583b5  7.0/i386/mod_php-4.0.3pl1-1.i386.rpm
ef677d9bb9fde13420facd69bfa682a6  7.0/i386/mod_ssl-2.7.1-3.i386.rpm
4af5925b890178d02aa56fc739fdbf88  7.0/i386/php-4.0.3pl1-1.i386.rpm
29576298d7a54a98386a767dccb4f2df  7.0/i386/php-imap-4.0.3pl1-1.i386.rpm
68995fab457f0256852bd68e522c484c  7.0/i386/php-ldap-4.0.3pl1-1.i386.rpm
03a1cfe5665bae3f994fc08b62fe7e1b  7.0/i386/php-manual-4.0.3pl1-1.i386.rpm
1e63695b8f3b87ed72a04d1f94c3eced  7.0/i386/php-mysql-4.0.3pl1-1.i386.rpm
cd0c40cac3bdb68fae1ca596cd31f819  7.0/i386/php-pgsql-4.0.3pl1-1.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     
You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 
 


Copyright(c) 2000 Red Hat, Inc.
`

RedHat: Apache and other updates

A vulnerability in the mod_rewrite module and vulnerabilities in thevirtual hosting facility in versions of Apache prior to 1.3.14 may allowattackers to view files on the server wh...

Summary



Summary

A vulnerability in the mod_rewrite module and vulnerabilities in thevirtual hosting facility in versions of Apache prior to 1.3.14 may allowattackers to view files on the server which are meant to be inaccessible.Format string vulnerabilities have been found in PHP versions 3 and 4.Because upgrading to Apache 1.3.14 creates binary incompatibilities withweb server modules built against older versions of Apache, the remainingRPMs listed here must be upgraded as well.


Solution

For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
Users of Red Hat Linux 6.0 and 6.1 will need to manually install the apache-manual-1.3.14-1.6.2 package by running:
rpm -Uvh [filename]
No vendor fixes are available for any vulnerabilities which may be present in the phpfi package included with Red Hat Linux 5.2 and 6.x. Users are urged to uninstall the package by running:
rpm -e phpfi
5. Bug IDs fixed ( for more info):
18881 - mod_rewrite bug allows access despite deny/allow filters18965 - PHP remote format string vulnerabilities 19203 - New mysql packages breaks php with apache

6. RPMs required:
Red Hat Linux 5.2:
alpha:





sparc:





i386:





sources:


Red Hat Linux 6.2:
alpha:




sparc:




i386:




sources:


Red Hat Linux 7.0:
alpha:










i386:










sources:

7. Verification:
MD5 sum Package Name df41190a206067dcb897cf08adc87b0d 5.2/SRPMS/apache-1.3.14-2.5.x.src.rpm e4f9d3a172651de8bf51e82d0899a4f5 5.2/SRPMS/mod_perl-1.19-2.src.rpm 13e2403401812f5b4eec8ac8b7f866ff 5.2/SRPMS/php-3.0.17-1.5.x.src.rpm 517170fbf13f1f096e68da9d1e0cc4f4 5.2/alpha/apache-1.3.14-2.5.x.alpha.rpm d402ae6a56609910c7940f3b836451df 5.2/alpha/apache-devel-1.3.14-2.5.x.alpha.rpm 68fd20e06f04131e1387314d102bae92 5.2/alpha/mod_perl-1.19-2.alpha.rpm 54bc62a008a60df77ce77f5e0cda873b 5.2/alpha/php-3.0.17-1.5.x.alpha.rpm 4cccb9bb1a76114670400401bf374a86 5.2/alpha/php-manual-3.0.17-1.5.x.alpha.rpm 3c2fdd01baa590739b1d5e71b6d02675 5.2/alpha/php-pgsql-3.0.17-1.5.x.alpha.rpm 36f489a538e44e7d2bc305807ed08405 5.2/i386/apache-1.3.14-2.5.x.i386.rpm b83959d1952baa3bfc6b9ba07114c433 5.2/i386/apache-devel-1.3.14-2.5.x.i386.rpm 1aa083e13c19f0fae9bbd07fadae5ea5 5.2/i386/mod_perl-1.19-2.i386.rpm ba0866d9cfd0abad21639ec969633c4c 5.2/i386/php-3.0.17-1.5.x.i386.rpm 807782b7bac638533b562f95eb0de247 5.2/i386/php-manual-3.0.17-1.5.x.i386.rpm fedf34da25d898a31a24d25ade384650 5.2/i386/php-pgsql-3.0.17-1.5.x.i386.rpm d77722cee125faf00fc0b82da5a4a90b 5.2/sparc/apache-1.3.14-2.5.x.sparc.rpm 7920d5a2fd684d7e3fa0bc1b2f0a7cfd 5.2/sparc/apache-devel-1.3.14-2.5.x.sparc.rpm a8fc90d73b51006f641a355d864b361c 5.2/sparc/mod_perl-1.19-2.sparc.rpm 690d2cc9499437923a1ada5df70a0b33 5.2/sparc/php-3.0.17-1.5.x.sparc.rpm 405b9044b23c9f619f7ed8feec86efd0 5.2/sparc/php-manual-3.0.17-1.5.x.sparc.rpm 9d3097d4af4d526c716456ffdb731413 5.2/sparc/php-pgsql-3.0.17-1.5.x.sparc.rpm a5effcd6e850154541b38e64b9ee5e4e 6.2/SRPMS/apache-1.3.14-2.6.2.src.rpm 48c4f91c4c40342a51ef378c5f64f864 6.2/SRPMS/auth_ldap-1.4.0-3.src.rpm 54b94ee28f0b82a73f689e1c13b0784c 6.2/SRPMS/mod_perl-1.23-3.src.rpm d9afb78c66171faca081f2fdcbea261a 6.2/alpha/apache-1.3.14-2.6.2.alpha.rpm 45b1d2625571c3a566545cc4f1a863b0 6.2/alpha/apache-devel-1.3.14-2.6.2.alpha.rpm 16dc43f3fb474e60a43668ccc78c099e 6.2/alpha/apache-manual-1.3.14-2.6.2.alpha.rpm 733d9648c3a7a832f3bac28a18153594 6.2/alpha/auth_ldap-1.4.0-3.alpha.rpm 8c2419a3fd55318fb9a62edab5a91e9b 6.2/alpha/mod_perl-1.23-3.alpha.rpm 1f968d559a5ce71e429859c8b81ffdb5 6.2/i386/apache-1.3.14-2.6.2.i386.rpm bb3c78ab90942ed4259fe6fe11bd4101 6.2/i386/apache-devel-1.3.14-2.6.2.i386.rpm 5c4b8793cf47175a54d2d51ac1ac1508 6.2/i386/apache-manual-1.3.14-2.6.2.i386.rpm 551b45464efc5c8f471993f8360040a5 6.2/i386/auth_ldap-1.4.0-3.i386.rpm d4ba84c07ce740e8e185866dc5cee5dd 6.2/i386/mod_perl-1.23-3.i386.rpm 597bbaa612e5b07e248a2f9a62eab0a1 6.2/sparc/apache-1.3.14-2.6.2.sparc.rpm 7a1c02fbee1451b8fd73d8629f3c25a3 6.2/sparc/apache-devel-1.3.14-2.6.2.sparc.rpm 70bbeed9f84a6a730a907f26a90878a2 6.2/sparc/apache-manual-1.3.14-2.6.2.sparc.rpm 7deccfc223e8081306f99bb64ed087c3 6.2/sparc/auth_ldap-1.4.0-3.sparc.rpm 0476d641548a2369635aabb7c093b177 6.2/sparc/mod_perl-1.23-3.sparc.rpm 1066b83f9753a657222e8b962f9c4bde 7.0/SRPMS/apache-1.3.14-3.src.rpm ea87dea6a65416332fe990ac81b6b201 7.0/SRPMS/php-4.0.3pl1-1.src.rpm aec2c14482779fe75d1e50bbd90cd9f4 7.0/alpha/apache-1.3.14-3.alpha.rpm 180ae715371746e3b297ee874d81b51a 7.0/alpha/apache-devel-1.3.14-3.alpha.rpm 2d75a75dd886a8eed0e24a93e4ce5461 7.0/alpha/apache-manual-1.3.14-3.alpha.rpm a6ab4c8fba2cf8d65a4a79d78a48127a 7.0/alpha/mod_php-4.0.3pl1-1.alpha.rpm d13f857ee164be0e971c3246e4afb623 7.0/alpha/mod_ssl-2.7.1-3.alpha.rpm c119952c9d98d126f4cf8b5d2c709736 7.0/alpha/php-4.0.3pl1-1.alpha.rpm 1b546a6f8526a494cc8bb49b51133539 7.0/alpha/php-imap-4.0.3pl1-1.alpha.rpm ed0329c9827a4e454249564d452101e7 7.0/alpha/php-ldap-4.0.3pl1-1.alpha.rpm 0aa9d2933f961269a28ada491b300a72 7.0/alpha/php-manual-4.0.3pl1-1.alpha.rpm 8dc0f5b84c6df6fb57d1d9394a7b7ca6 7.0/alpha/php-mysql-4.0.3pl1-1.alpha.rpm db28f5c7ea3217ec21452e330facaa97 7.0/alpha/php-pgsql-4.0.3pl1-1.alpha.rpm 683e6b5719b2b2b08e415be4cd0fcd77 7.0/i386/apache-1.3.14-3.i386.rpm 80707bdf583dafaf489df27a50abc34d 7.0/i386/apache-devel-1.3.14-3.i386.rpm 24aea071ebbdc20e5261c90be1920f86 7.0/i386/apache-manual-1.3.14-3.i386.rpm 01e7bc2e663ed4321f682f78ab6583b5 7.0/i386/mod_php-4.0.3pl1-1.i386.rpm ef677d9bb9fde13420facd69bfa682a6 7.0/i386/mod_ssl-2.7.1-3.i386.rpm 4af5925b890178d02aa56fc739fdbf88 7.0/i386/php-4.0.3pl1-1.i386.rpm 29576298d7a54a98386a767dccb4f2df 7.0/i386/php-imap-4.0.3pl1-1.i386.rpm 68995fab457f0256852bd68e522c484c 7.0/i386/php-ldap-4.0.3pl1-1.i386.rpm 03a1cfe5665bae3f994fc08b62fe7e1b 7.0/i386/php-manual-4.0.3pl1-1.i386.rpm 1e63695b8f3b87ed72a04d1f94c3eced 7.0/i386/php-mysql-4.0.3pl1-1.i386.rpm cd0c40cac3bdb68fae1ca596cd31f819 7.0/i386/php-pgsql-4.0.3pl1-1.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

References

Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
Advisory ID: RHSA-2000:088-05
Issued Date: : 2000-10-18
Updated on: 2000-11-27
Product: Red Hat Linux
Keywords: apache mod_rewrite format string virtual host
Cross references: N/A

Topic


Topic

Updated apache, php, mod_perl, and auth_ldap packages are now available for

Red Hat Linux 5.2, 6.0, 6.1, 6.2, and 7.

2000-11-27: Added packages for Red Hat Linux 7 for Alpha


 

Relevant Releases Architectures

Red Hat Linux 5.2 - i386, alpha, sparc

Red Hat Linux 6.0 - i386, alpha, sparc

Red Hat Linux 6.1 - i386, alpha, sparc

Red Hat Linux 6.2 - i386, alpha, sparc

Red Hat Linux 7.0 - i386, alpha


Bugs Fixed


Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved