Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability

Solution:
A patch is available from the Apache Software Foundation.

Apple has released an advisory (APPLE-SA-0024-09-07) along with fixes to address this, and many other issues. Please see the referenced advisory for further information.

Mandrake has released a security advisory (MDKSA-2004:064) to address this issue. Information on obtaining fixes and updating packages can be found in the referenced advisory.

Trustix Secure Linux has released advisories TSL-2004-0038, and TSL-2004-0039 to address this, and other issues. Please see the referenced advisories for further information.

Gentoo Linux has released advisory GLSA 200407-03 to address this issue. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following as the superuser:
emerge sync
emerge -pv ">=net-www/apache-2.0.49-r4"
emerge ">=net-www/apache-2.0.49-r4"

Red Hat has released advisory RHSA-2004:342-10 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

The Apache Software Foundation has released Apache 2.0.50 that includes a fix for this issue.

Avaya has released an updated advisory that acknowledges this vulnerability for Avaya products. Fixes are not currently available; customers are advised to contact the vendor for further details regarding fix availability. Please see the referenced Avaya advisory at the following location for further details:
http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=196012&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()

Red Hat Fedora has released advisories FEDORA-2004-203 and FEDORA-2004-204 dealing with this issue for Fedora Core 1 and Fedora Core 2 respectively. Please see the referenced advisories for more information.

Hewlett-Packard has released advisory HPSBUX01064 along with a resolution dealing with this issue. Please see the referenced advisory for more information.

Conectiva Linux has released advisory CLA-2004:868 along with fixes to address this, and other issues. Please see the referenced advisory for further information.


HP HP-UX B.11.22

HP HP-UX B.11.23

HP HP-UX B.11.11

HP HP-UX B.11.00

Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X 10.3.4

Apple Mac OS X Server 10.3.4

Apple Mac OS X Server 10.3.5

Apple Mac OS X 10.3.5

Apache Apache 2.0

Apache Apache 2.0 a9

Apache Apache 2.0.28

Apache Apache 2.0.28 Beta

Apache Apache 2.0.32

Apache Apache 2.0.35

Apache Apache 2.0.36

Apache Apache 2.0.37

Apache Apache 2.0.38

Apache Apache 2.0.39

Apache Apache 2.0.40

Apache Apache 2.0.41

IBM HTTP Server 2.0.42 .2

Apache Apache 2.0.42

Apache Apache 2.0.43

Apache Apache 2.0.44

Apache Apache 2.0.45

Apache Apache 2.0.46

Apache Apache 2.0.47

IBM HTTP Server 2.0.47 .1

Apache Apache 2.0.48

Apache Apache 2.0.49


 

Privacy Statement
Copyright 2010, SecurityFocus