Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability

Solution:
The vendor has addressed this issue, the fix is available through CVS at the following location:
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.117&r2=1.118

This issue is also addressed in Apache 2.0.49.

Red Hat has released an advisory (RHSA-2004:182-01) and fixes to address this issue in Red Hat Linux 9. Red Hat Linux users are advised to see the referenced advisory for further details regarding obtaining and applying appropriate fixes.

Turbolinux have released a security advisory (TLSA-2004-11), and updates to address this issue in Turbolinux products. Users are advised to apply these updates as soon as possible, further details regarding obtaining and installing these updates can be found in the referenced advisory.

Gentoo has released advisory GLSA200403-04 to address this issue. Gentoo updates may be applied with the following commands:
emerge sync
emerge -pv ">=net-www/apache-2.0.49"
emerge ">=net-www/apache-2.0.49"

Additional details are included in the Gentoo advisory for users who are migrating from 2.0.48-r1 or earlier releases.

Netwosix Linux has released an advisory dealing with this issue. Please see the reference section for more details.

Trustix has released an advisory that includes updates for this issue.

Conectiva Linux has released an advisory CLSA-2004:839 with fixes to address this issue. Please see the referenced advisory for more information.

SUSE has released an advisory SuSE-SA:2004:009 to address this and other issues. Please see the advisory for more information.

HP has released security bulletin HPSBUX01022 dealing with this issue as well as fixes for their HP-UX architecture. Please see the referenced advisory for more information and details on obtaining fixes.

Apple has released security advisory APPLE-SA-2004-05-03 dealing with this and other issues. Please see the referenced advisory for more information.

Mandrakelinux has released an advisory MDKSA-2004:043 to address this issue. Please see the referenced advisory for more information.

RedHat has released an advisory FEDORA-2004-117 to address this issue in Fedora Core 1. Please see the referenced advisory for more information.

HP has released advisory HPSBTU01049 - SSRT4717 dealing with this and other issues. Please see the referenced advisory for more information.

SGI has released an advisory (20040506-01-U) with Patch 10075 for SGI ProPack 3 to address this and other issues. Please see the referenced advisory for more information.


Redhat httpd-manual-2.0.40-21.i386.rpm

Redhat httpd-2.0.40-21.i386.rpm

Redhat httpd-devel-2.0.40-21.i386.rpm

Redhat mod_ssl-2.0.40-21.i386.rpm

Turbolinux Turbolinux Desktop 10.0

Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X Server 10.3.3

Apple Mac OS X 10.3.3

Apache Apache 2.0.35

Apache Apache 2.0.36

Apache Apache 2.0.37

Apache Apache 2.0.38

Apache Apache 2.0.39

Apache Apache 2.0.40

Apache Apache 2.0.41

Apache Apache 2.0.42

Apache Apache 2.0.43

Apache Apache 2.0.44

Apache Apache 2.0.45

Apache Apache 2.0.46

Apache Apache 2.0.47

Apache Apache 2.0.48

SGI ProPack 3.0


 

Privacy Statement
Copyright 2010, SecurityFocus