fedora-legacy-list digest, Vol 1 #74 - 24 msgs

John Dalbec jpdalbec at ysu.edu
Wed Jan 28 18:26:17 UTC 2004


> Date: Tue, 27 Jan 2004 12:12:32 -0500 (EST)
> From: John Jasen <jjasen at realityfailure.org>
> To: fedora-legacy-list at redhat.com
> Subject: apache httpd and slocate
> Reply-To: fedora-legacy-list at redhat.com
> 
> 
> slocate: https://rhn.redhat.com/errata/RHSA-2004-041.html
> 
> Looks liked 7.x and above might be affected?
> 
> httpd: https://rhn.redhat.com/errata/RHSA-2003-320.html
> 
> Looks like 8 and above?

That's my take on it.  It looks like 7.3 is already fixed, anyway.

"An issue in the handling of regular expressions from configuration files
was discovered in releases of the Apache HTTP Server version 2.0 prior to
2.0.48. [...] The Common Vulnerabilities and Exposures project (cve.mitre.org) 
has assigned the name CAN-2003-0542 to this issue."

$ cat /etc/redhat-release
Red Hat Linux release 7.3 (Valhalla)
$ rpm -q apache
apache-1.3.27-4
$ rpm -q --changelog apache | head
* Thu Nov 13 2003 Joe Orton <jorton at redhat.com> 1.3.27-4

- add security fix for CVE CAN-2003-0542

* Tue Aug 26 2003 Joe Orton <jorton at redhat.com> 1.3.27-3

- add security fixes for CVE CAN-2003-0020, CERT VU#379828
- add bug fixes for #60281

* Wed Oct 23 2002 Nalin Dahyabhai <nalin at redhat.com> 1.3.27-2
$

"A bug in the CGI daemon-based 'mod_cgid' module was discovered that can
result in CGI script output being sent to the wrong client."

$ ls -l /etc/httpd/modules/mod_cgid.so
ls: /etc/httpd/modules/mod_cgid.so: No such file or directory
$ ls -l /etc/httpd/modules/mod_cgi*.so
-rwxr-xr-x    1 root     root        14940 Dec 10 05:05 
/etc/httpd/modules/mod_cgi.so
$






More information about the fedora-legacy-list mailing list