Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

Apache Error Log Escape Sequence Injection Vulnerability

Solution:
The vendor has released an upgrade dealing with this issue.

Turbolinux have released a security advisory (TLSA-2004-11), and updates to address this issue in Turbolinux products. Users are advised to apply these updates as soon as possible, further details regarding obtaining and installing these updates can be found in the referenced advisory.

Gentoo has released advisory GLSA200403-04 to address this issue. Gentoo updates may be applied with the following commands:
emerge sync
emerge -pv ">=net-www/apache-2.0.49"
emerge ">=net-www/apache-2.0.49"

Additional details are included in the Gentoo advisory for users who are migrating from 2.0.48-r1 or earlier releases.

Netwosix Linux has released an advisory dealing with this issue. Please see the reference section for more details.

Trustix has released an advisory that includes updates for this issue.

Conectiva Linux has released an advisory CLSA-2004:839 with fixes to address this issue. Please see the referenced advisory for more information.

SUSE has released an advisory SuSE-SA:2004:009 to address this and other issues. Please see the advisory for more information.

HP has released security bulletin HPSBUX01022 dealing with this issue as well as fixes for their HP-UX architecture. Please see the referenced advisory for more information and details on obtaining fixes.

Apple has released security advisory APPLE-SA-2004-05-03 dealing with this and other issues. Please see the referenced advisory for more information.

OpenPKG has released an advisory OpenPKG-SA-2004.021 to address this and other issues in Apache. Please see the referenced advisory for more information.

Slackware has released an advisory SSA:2004-133-01 to address this and other issues in Apache. Please see the referenced advisory for more information.

Trustix has released an advisory TSLSA-2004-0027 to address this and other issues in Apache. Please see the referenced advisory for more information.

Mandrake has issued an advisory and fixes. See advisory MDKSA-2004:046 in the reference section for more information.

Mandrake has issued a revised advisory and fixes. See advisory MDKSA-2004:046-1 in the reference section for more information.

RedHat has released an advisory FEDORA-2004-117 to address this issue in Fedora Core 1. Please see the referenced advisory for more information.

Turbolinux has issued an advisory and fixes. See advisory TLSA-2004-17 in the reference section for more information.

OpenBSD has released patches for OpenBSD 3.4 and 3.5. Please see the patch files for instructions on applying and rebuilding the affected binaries. New snapshots and OpenBSD-current as of 12 June 2004 contain the fixes as well.

HP has released advisory HPSBTU01049 - SSRT4717 dealing with this and other issues. Please see the referenced advisory for more information.

Apache Server version 1.3.31 has been released to address this and other issues.

HP has released an advisory (HPSBUX01069) to address this and other issues. Please see the referenced advisory for more information.

Sun has released an alert (Alert ID: 57628) containing preliminary T-patches to address this and other issues in Apache. Please see the advisory in web references for more information.

Sun has released an update to Sun Alert ID: 57628. Patches for Solaris 9.0 have been made available. Patches for Solaris 8.0 are still pending.

Sun has released an update to Sun Alert ID: 57628. T-Patches (T116973-01, T116974-01) are available through normal support channels for Solaris 8 SPARC platform and Solaris 8 x86 platform. Please see the referenced Sun alert for more information.

Apple has released an advisory (APPLE-SA-2004-12-02) dealing with this and other issues. This security update resolves this issue by installing Apache version 1.3.33, which has been fixed against this issue. Please see the referenced advisory for more information.


OpenBSD OpenBSD 3.5

OpenBSD OpenBSD 3.4

Sun Solaris 9

Sun Solaris 9_x86

Apache Software Foundation Apache 1.3

Apache Software Foundation Apache 1.3.1

Apache Software Foundation Apache 1.3.11

Apache Software Foundation Apache 1.3.12

Apache Software Foundation Apache 1.3.14

Apache Software Foundation Apache 1.3.17

Apache Software Foundation Apache 1.3.18

Apache Software Foundation Apache 1.3.19

Apache Software Foundation Apache 1.3.20

Apache Software Foundation Apache 1.3.22

Apache Software Foundation Apache 1.3.23

Apache Software Foundation Apache 1.3.24

Apache Software Foundation Apache 1.3.25

Apache Software Foundation Apache 1.3.26

Apache Software Foundation Apache 1.3.27

Apache Software Foundation Apache 1.3.28

Apache Software Foundation Apache 1.3.29

Apache Software Foundation Apache 1.3.3

Apache Software Foundation Apache 1.3.4

Apache Software Foundation Apache 1.3.6

Apache Software Foundation Apache 1.3.7 -dev

Apache Software Foundation Apache 1.3.9

Turbolinux Turbolinux Desktop 10.0

Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X 10.3.3

Apple Mac OS X Server 10.3.3

Apache Software Foundation Apache 2.0

Apache Software Foundation Apache 2.0 a9

Apache Software Foundation Apache 2.0.28

Apache Software Foundation Apache 2.0.28 Beta

Apache Software Foundation Apache 2.0.32

Apache Software Foundation Apache 2.0.35

Apache Software Foundation Apache 2.0.36

Apache Software Foundation Apache 2.0.37

Apache Software Foundation Apache 2.0.38

Apache Software Foundation Apache 2.0.39

Apache Software Foundation Apache 2.0.40

Apache Software Foundation Apache 2.0.41

Apache Software Foundation Apache 2.0.42

Apache Software Foundation Apache 2.0.43

Apache Software Foundation Apache 2.0.44

Apache Software Foundation Apache 2.0.45

Apache Software Foundation Apache 2.0.46

Apache Software Foundation Apache 2.0.47

Apache Software Foundation Apache 2.0.48







 

Privacy Statement
Copyright 2009, SecurityFocus