Apache APR_PSPrintf Memory Corruption Vulnerability

Solution:
This issue has been addressed in Apache 2.0.46. Users are advised to upgrade.

Red Hat has released an advisory (RHSA-2003:186-01) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo Linux users who are running net-www/apache-2.x may upgrade to apache-2.0.46 with the following commands:

emerge sync
emerge apache
emerge clean

Apple has released a security update to address this issue. Users are advised to upgrade as soon as possible. The fix can be downloaded or can be automatically applied by using Software Update pane in the System Preferences.

HP has released advisory HPSBUX0307-269 to address this issue.

Fixes are available:


Redhat httpd-2.0.40-8.i386.rpm

Redhat httpd-2.0.40-21.i386.rpm

Redhat httpd-devel-2.0.40-21.i386.rpm

Redhat mod_ssl-2.0.40-8.i386.rpm

Redhat mod_ssl-2.0.40-21.i386.rpm

Redhat httpd-devel-2.0.40-8.i386.rpm

Redhat httpd-manual-2.0.40-21.i386.rpm

Redhat httpd-manual-2.0.40-8.i386.rpm

HP HP-UX Apache-Based Web Server 1.0 .01

HP HP-UX Apache-Based Web Server 1.0 .02.01

HP HP-UX Apache-Based Web Server 1.0 .05.01

HP HP-UX Apache-Based Web Server 1.0 .04.01

HP HP-UX Apache-Based Web Server 1.0 .03.01

HP HP-UX Apache-Based Web Server 1.0.1 .01

HP Apache-Based Web Server 1.3.27 .00

HP Apache-Based Web Server 1.3.27 .01

HP Apache-Based Web Server 1.3.27 .02

Apache Apache 2.0.35

Apache Apache 2.0.36

Apache Apache 2.0.37

Apache Apache 2.0.38

Apache Apache 2.0.39

Apache Apache 2.0.40

Apache Apache 2.0.41

Apache Apache 2.0.42

HP Apache-Based Web Server 2.0.43 .04

HP Apache-Based Web Server 2.0.43 .00

Apache Apache 2.0.43

Apache Apache 2.0.44

Apache Apache 2.0.45


 

Privacy Statement
Copyright 2010, SecurityFocus