| Descripción: | Description:
The remote host is missing updates announced in
advisory CLA-2003:775.
Apache[1] is the most popular webserver in use today.
New versions of the Apache web server have been made available[2][3]
with the following security fixes:
1. Buffer overflow in mod_alias and mod_rewrite (CVE-2003-0542) [4]
A buffer overflow could occur in mod_alias and mod_rewrite when a
regular expression with more than 9 captures is configured. Users who
can create or modify configuration files (httpd.conf or .htaccess,
for example) could trigger this. This vulnerability affects Apache
1.3.x and Apache 2.0.x.
2. mod_cgid mishandling of CGI redirect paths (CVE-2003-0789) [5]
mod_cgid mishandling of CGI redirect paths could result in CGI output
going to the wrong client when a threaded MPM is used. The packages
provided with Conectiva Linux 9 are not vulnerable to this issue
because they are not compiled with that MPM, but the fix has been
included because new packages for Conectiva Linux 9 were already
being built for the suexec problem (see below).
In addition to the above security fixes, suexec has been correctly
built in the Conectiva Linux 9 packages, fixing[6] the problem where
CGI scripts could not be run from the user's home directory.
Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:775
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003
Risk factor : Critical
CVSS Score:
10.0
|
