[Frugalware-security] [ FSA-237 ] apache

vmiklos noreply at frugalware.org
Tue Aug 7 00:52:51 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-237

Date: 2007-08-07
Package: apache
Vulnerable versions: <= 2.2.4-1
Unaffected versions: >= 2.2.4-2terminus1
Related bugreport: http://bugs.frugalware.org/task/2298
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304

Description
===========

Some vulnerabilities have been acknowledged in Apache, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks.
1) An error in the mod_status module can be exploited by malicious people to conduct cross-site scripting attacks.
2) An error in the Multi-Processing Module (MPM) can be exploited by malicious, local users to cause a DoS.
3) An error in the mod_cache module in the handling of Cache-Control headers can be exploited to crash the child process via specially crafted requests. This could lead to a DoS if using a threaded Multi-Processing Module.

Updated Packages
================

Check if you have apache installed:

	# pacman-g2 -Q apache

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy apache

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFGt6ZDZ7NElSD1VhkRAsmCAJ99duiYaH7wR1h+8oQYj5SN0h78XwCfbVBw
DSEiNOxclj38IMV6kchGfAw=
=TSTQ
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list