[Savannah-hackers] address@hidden: [SECURITY] [DSA-131-2] Apache chunk h

savannah-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] address@hidden: [SECURITY] [DSA-131-2] Apache chunk h

From:	Mark H. Weaver
Subject:	[Savannah-hackers] address@hidden: [SECURITY] [DSA-131-2] Apache chunk handling vulnerability, update]
Date:	Wed, 19 Jun 2002 14:43:30 -0400

------- Start of forwarded message -------
X-Envelope-Sender: address@hidden
Date: Wed, 19 Jun 2002 14:22:25 +0200
From: Wichert Akkerman <address@hidden>
To: address@hidden
Mail-Followup-To: address@hidden
Content-Disposition: inline
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA-131-2] Apache chunk handling vulnerability, update
Priority: urgent
Reply-To: address@hidden
X-Spam-Status: No, hits=-5.0 required=4.7 tests=PGP_SIGNATURE version=2.01
Resent-From: address@hidden
X-Mailing-List: <address@hidden> 
X-Loop: address@hidden
Resent-Sender: address@hidden
Resent-Bcc:

- -----BEGIN PGP SIGNED MESSAGE-----

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-131-2                   address@hidden
http://www.debian.org/security/                         Wichert Akkerman
June 19, 2002
- - ------------------------------------------------------------------------


Package        : apache
Problem type   : remote DoS / exploit
Debian-specific: no
CVE name       : CAN-2002-0392
CERT advisory  : VU#944335

The DSA-131-1 advisory for the Apache chunk handling vulnerability
contained an error and was missing some essential information:

* The upstream fix was for the 1.3 series was made in version 1.3.26,
  not version 1.3.16 as the advisory incorrectly stated

* The package upgrade does not restart the apache server automatically,
  this will have to be done manually. Please make sure your
  configuration is correct ("apachectl configtest" will verify that for
  you) and restart it using "/etc/init.d/apache restart"

For details on the vulnerability and the updated packages please see
the original advisory or visit the Debian security web-pages (available
at http://www.debian.org/security/).

- - -- 
- - ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: address@hidden

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBPRB3fajZR/ntlUftAQFOVwMAt2VnafXPwdKgXNfaAU/mHFa3jSOIMgZv
08v2Ul4LP1eD5FvqGl3lqmxSc9bEOwrCbUG8LWO+Jbl/YNjSuBofi5DzLGhIlD/q
UYVQn9Zvnr71d43qJ2Zwy9bltxl67Y8R
=8J1R
- -----END PGP SIGNATURE-----


- -- 
To UNSUBSCRIBE, email to address@hidden
with a subject of "unsubscribe". Trouble? Contact address@hidden
------- End of forwarded message -------

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-hackers] address@hidden: [SECURITY] [DSA-131-2] Apache chunk handling vulnerability, update], Mark H. Weaver <=

Prev by Date: [Savannah-hackers] savannah.gnu.org: submission of LinJewel
Next by Date: [Savannah-hackers] address@hidden: [SECURITY] [DSA-132-1] apache-ssl chunk handling vulnerability]
Previous by thread: [Savannah-hackers] savannah.gnu.org: submission of LinJewel
Next by thread: [Savannah-hackers] address@hidden: [SECURITY] [DSA-132-1] apache-ssl chunk handling vulnerability]
Index(es):
- Date
- Thread