|
Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
Solution: It has been reported that Apache version 1.3.29 is not prone to this issue. Users are advised to download the fixed version of the software. Sun has released an updated advisory 57496 to address this issue in Solaris. Fixes have been made available. Please see the referenced advisory for further details regarding obtaining and applying appropriate patches. Turbolinux have released a security advisory (TLSA-2004-10), and updates to address this issue in Turbolinux products. Users are advised to apply these updates as soon as possible, further details regarding obtaining and installing these updates can be found in the referenced advisory. Sun have released a security update to address this issue in the RAQ XTR. Please see references section for further details. A fix is linked below. Conectiva have released an advisory (CLA-2003:775) and fixes to address this issue for Conectiva Linux. Affected users are advised to apply upgrades as soon as possible. Further information regarding obtaining and applying these upgrades is available in the referenced advisory. Slackware has released an advisory (SSA:2003-308-01) that includes fixes to address this issue. Please see the attached advisory for details on applying fixes. Fixes are linked below. Gentoo has released an advisory (200310-04) to address this issue. Affected users are advised to upgrade using the following procedure: emerge sync emerge '>=net-www/apache-2.0.48' emerge clean Gentoo also released an advisory (200310-04) for Apache 1.3.x to address this issue. Fixes may be applied with the following commands: emerge sync emerge -pv apache emerge '>=net-www/apache-1.3.29' emerge clean /etc/init.d/apache restart Further information regarding the application of this upgrade can be found in the referenced advisory. OpenPKG has released an advisory with fixes to address this issue. Please see the referenced advisory for more information. An advisory for Immunix OS 7+ was released that provides Apache updates to address this issue. OpenBSD has released patches to address this issue in released 3.3 and 3.4. Users are advised to upgrade as soon as possible. Mandrake has released an advisory (MDKSA-2003:103) to address this issue. Please see the attached advisory for details on obtaining and applying fixes. Guardian Digital has released an advisory (ESA-20031105-030) to address this issue for EnGarde Secure Linux. Fixes may be obtained via the Guardian Digital WebTool. Please see the attached advisory for further details. SCO has released security advisory CSSA-2003-SCO.28 with fixes to address this issue in OpenServer 5.0.5 through 5.0.7. Apache has released version 2.0.48 which addresses these issues. Users are advised to upgrade as soon as possible. Trustix has released security advisory 2003-0041 with fixes to address this issue. HP has released security advisory HPSBUX0311-301 with fixes to address this issue. Affected users are advised to apply upgrades as soon as possible. Further information regarding obtaining and applying these upgrades is available in the referenced advisory. Revised HP advisory has been released to address this issue. RedHat has released advisories RHSA-2003:360-08, RHSA-2003:320-01, and RHSA-2003:405-00 with fixes to address this issue. Please see the referenced advisory for more information. SGI has released advisory 20031203-01-U to address this issue. HP has issued fixes for VirtualVault 4.5, 4.6 and 4.7 as well as Webproxy 2.0 and 2.1 on VVOS 11.04. See advisory HPSBUX0401-305 in the reference section. RedHat has released an advisory FEDORA-2003-004 to fix this issue in Fedora. Please see the attached advisory for more details. Sun has released a fixes for Qube3 and RaQ4 systems. Apple has released advisory 2004-01-26 to fix this issue in Mac OS X 10.1.x-10.3.x client and server. Sun has released advisory 57496 to address this issue in Solaris. Fixes have been made available. SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below: RedHat has released an advisory RHSA-2004:139-05 to address this and other issues. Please see the advisory in web references for more information. IBM has released PQ85834 cumulative fix to address this issue in IBM HTTP Server 2.0.42.2 and IBM HTTP Server 2.0.47. Please see the referenced site in web references for more information. SCO has released security advisory SCOSA-2004.6 with fixes to address these issues in UnixWare 7.1.3, Open UNIX 8.0.0 and UnixWare 7.1.1. Please see the referenced advisory for more information. HP has released security advisory HPSBUX01098 along with fix information regarding this issue. Please see the referenced advisory for more information. RedHat has released advisory RHSA-2005:816-10 to address this issue for RedHat Stronghold for Enterprise Linux. Please see the referenced advisory for further information on obtaining fixes. Slackware Linux -current
Sun Solaris 8 RedHat Fedora Core1
Sun Cobalt RaQ XTR
Sun Solaris 8_x86 Apache Software Foundation Apache 1.3
Apache Software Foundation Apache 1.3.1
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.12
Apache Software Foundation Apache 1.3.14
Apache Software Foundation Apache 1.3.17
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.19
Apache Software Foundation Apache 1.3.20
Apache Software Foundation Apache 1.3.22
Apache Software Foundation Apache 1.3.23
Apache Software Foundation Apache 1.3.24
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.26
Apache Software Foundation Apache 1.3.27
Apache Software Foundation Apache 1.3.28
Apache Software Foundation Apache 1.3.3
Apache Software Foundation Apache 1.3.4
Apache Software Foundation Apache 1.3.6
Apache Software Foundation Apache 1.3.9
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.40
Apache Software Foundation Apache 2.0.41
IBM HTTP Server 2.0.42 .2 Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.47
IBM HTTP Server 2.0.47 SGI ProPack 2.3
SGI ProPack 2.4
Turbolinux Turbolinux Advanced Server 6.0
Turbolinux Turbolinux Workstation 6.0
Turbolinux Turbolinux Server 6.1
Turbolinux Turbolinux Server 6.5
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Workstation 7.0
SCO Unixware 7.1.1
SCO Unixware 7.1.3
Turbolinux Turbolinux Workstation 8.0
SCO Open UNIX 8.0
Turbolinux Turbolinux Server 8.0
Slackware Linux 8.1
Slackware Linux 9.0
Slackware Linux 9.1
|
|
 Privacy Statement |
