Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability

Solution:
Apache has released version 2.0.48 to address this issue. Users are advised to upgrade as soon as possible.

Conectiva have released an advisory (CLA-2003:775) and fixes to address this issue for Conectiva Linux. Affected users are advised to apply upgrades as soon as possible. Further information regarding obtaining and applying these upgrades is available in the referenced advisory.

Gentoo has released an advisory (200310-04) to address this issue. Affected users are advised to upgrade using the following procedure:
emerge sync
emerge '>=net-www/apache-2.0.48'
emerge clean

Mandrake has released an advisory (MDKSA-2003:103) to address this issue.
Please see the attached advisory for details on obtaining and applying fixes.

Further information regarding the application of this upgrade can be found in the referenced advisory.

Trustix has released security advisory 2003-0041 with fixes to address this issue.

HP has released security advisory HPSBUX0311-301 with fixes to address this issue. Affected users are advised to apply upgrades as soon as possible. Further information regarding obtaining and applying these upgrades is available in the referenced advisory.

Revised HP advisory has been released to address this issue.

Red Hat has released advisory RHSA-2003:320-01 to address this issue.

Apple has released advisory 2004-01-26 to address this issue.


Apache Apache 2.0

Apache Apache 2.0.28

Apache Apache 2.0.32

Apache Apache 2.0.35

Apache Apache 2.0.36

Apache Apache 2.0.37

Apache Apache 2.0.38

Apache Apache 2.0.39

Apache Apache 2.0.40

Apache Apache 2.0.41

Apache Apache 2.0.42

Apache Apache 2.0.43

Apache Apache 2.0.44

Apache Apache 2.0.45

Apache Apache 2.0.46

Apache Apache 2.0.47


 

Privacy Statement
Copyright 2010, SecurityFocus