The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


TSLSA-2004-0049 - apache


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 23 Sep 2004 16:21:17 +0200
From: Trustix Security Advisor <[email protected]>
To: [email protected]
Subject: TSLSA-2004-0049 - apache

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0049

Package name:      apache
Summary:           authentication bypass
Date:              2004-09-23
Affected versions: Trustix Secure Linux 2.0
                   Trustix Secure Linux 2.1
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  Apache is a full featured web server that is freely available, and also
  happens to be the most widely used.


Problem description:
  An error with the merging of the Satisfy directive in apache 2.0.51 could
  allow protected pages to be viewed without requiring authentication.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2004-0811 to this issue.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>;
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>;


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>;


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>;

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.0/>; and
  <URI:http://www.trustix.org/errata/trustix-2.1/>;
  or directly at
  <URI:http://www.trustix.org/errata/2004/0049/>;


MD5sums of the packages:
- --------------------------------------------------------------------------
392f114b84556c4cbaeb5beda3020fc4  2.0/rpms/apache-2.0.51-0.2tr.i586.rpm
f1e7c48e8a2f478579f74e4592d9cb12  2.0/rpms/apache-devel-2.0.51-0.2tr.i586.rpm
4877783d9c9bd4ee8950a2062dd896dc  2.0/rpms/apache-manual-2.0.51-0.2tr.i586.rpm

71ec09e634bfe5e384e480775b52c60e  2.1/rpms/apache-2.0.51-2tr.i586.rpm
4eba9c306a8199dd5db61a7965763feb  2.1/rpms/apache-dbm-2.0.51-2tr.i586.rpm
8fb2b4c69ec7b5a748e6b65b3c74c81a  2.1/rpms/apache-devel-2.0.51-2tr.i586.rpm
5367c5b99520b10af9362b4fb97ec90f  2.1/rpms/apache-manual-2.0.51-2tr.i586.rpm

d11c89fe15f044bc0a01d62b6866401c  e-2/apache-2.0.51-2tr.i586.rpm
94455cc43cbb38f98d23c2a1a97ec2a7  e-2/apache-dbm-2.0.51-2tr.i586.rpm
34adefed998ef4be116f46366889de0e  e-2/apache-devel-2.0.51-2tr.i586.rpm
8ca73789cde55011eb89bab7b5100709  e-2/apache-manual-2.0.51-2tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBUtnEi8CEzsK9IksRAvdXAKC0lcZ2BaKcGnS/eibd3KF4LJ0USwCffc8M
HW/K9gowB9NPRhsCyHiTbIk=
=yQ9B
-----END PGP SIGNATURE-----

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру