Date: Tue, 30 Mar 2004 16:24:59 +0200
From: Trustix Security Advisor <[email protected]>
To: [email protected]Subject: TSLSA-2004-0017 - apache
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0017
Package name: apache
Summary: new upstream
Date: 2004-03-30
Affected versions: Trustix 2.1
- --------------------------------------------------------------------------
Package description:
Apache is a full featured web server that is freely available, and also
happens to be the most widely used.Built with loadable modules (all standard
modules enabled). This verion is intended as a replacement for a standard
apache, the configuration files provided with apache and apache-ssl are
unchanged.
Problem description:
The new upstream version of apache addresses several security issues:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Public testing:
Most updates for Trustix are made available for public testing some time
before release.
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree is located at
<URI:http://tsldev.trustix.org/horizon/>
You may also use swup for public testing of updates:
site {
class = 0
location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf"
regexp = ".*"
}
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.0/> and
<URI:http://www.trustix.org/errata/trustix-2.1/>
or directly at
<URI:http://www.trustix.org/errata/misc/2004/TSL-2004-0017-apache.asc.txt>
MD5sums of the packages:
- --------------------------------------------------------------------------
2f8cb6185125538096f5294dd73fcfdf 2.1/rpms/apache-2.0.49-2tr.i586.rpm
d4a92784e59270f8213b10ec47150ec4 2.1/rpms/apache-dbm-2.0.49-2tr.i586.rpm
1f0cba7667cbd4c0e235f056aff03df2 2.1/rpms/apache-devel-2.0.49-2tr.i586.rpm
65c9b7530f0d7e9ba38e7a0d8d106083 2.1/rpms/apache-manual-2.0.49-2tr.i586.rpm
3f1efb8f665de116a06b9ebb780e81cb 2.0/rpms/apache-2.0.49-1tr.i586.rpm
64ab42919cdef6ede9d4efc9c82df2e5 2.0/rpms/apache-devel-2.0.49-1tr.i586.rpm
f40a03994d7140311cf2e5fe714bc410 2.0/rpms/apache-manual-2.0.49-1tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFAaXuvi8CEzsK9IksRAq5CAKCp6Wnz4BmOLfwSqYFU5BDedt5d1wCgo8mn
ZYNT+qxDVYQ4vOZvo/pQ040=
=hqpX
-----END PGP SIGNATURE-----