Re: fedora-legacy-list digest, Vol 1 #74 - 24 msgs

[John Dalbec <jpdalbec ysu edu>]

> Date: Tue, 27 Jan 2004 12:12:32 -0500 (EST)
> From: John Jasen <jjasen realityfailure org>
> To: fedora-legacy-list redhat com
> Subject: apache httpd and slocate
> Reply-To: fedora-legacy-list redhat com
>
>
> slocate: https://rhn.redhat.com/errata/RHSA-2004-041.html
>
> Looks liked 7.x and above might be affected?
>
> httpd: https://rhn.redhat.com/errata/RHSA-2003-320.html
>
> Looks like 8 and above?

That's my take on it.  It looks like 7.3 is already fixed, anyway.

"An issue in the handling of regular expressions from configuration files
was discovered in releases of the Apache HTTP Server version 2.0 prior to
2.0.48. [...] The Common Vulnerabilities and Exposures project (cve.mitre.org) 
has assigned the name CAN-2003-0542 to this issue."

$ cat /etc/redhat-release
Red Hat Linux release 7.3 (Valhalla)
$ rpm -q apache
apache-1.3.27-4
$ rpm -q --changelog apache | head
* Thu Nov 13 2003 Joe Orton <jorton redhat com> 1.3.27-4

- add security fix for CVE CAN-2003-0542

* Tue Aug 26 2003 Joe Orton <jorton redhat com> 1.3.27-3

- add security fixes for CVE CAN-2003-0020, CERT VU#379828
- add bug fixes for #60281

* Wed Oct 23 2002 Nalin Dahyabhai <nalin redhat com> 1.3.27-2
$

"A bug in the CGI daemon-based 'mod_cgid' module was discovered that can
result in CGI script output being sent to the wrong client."

$ ls -l /etc/httpd/modules/mod_cgid.so
ls: /etc/httpd/modules/mod_cgid.so: No such file or directory
$ ls -l /etc/httpd/modules/mod_cgi*.so
-rwxr-xr-x    1 root     root        14940 Dec 10 05:05 
/etc/httpd/modules/mod_cgi.so
$