<<< Date Index >>>     <<< Thread Index >>>

TSSA-2004-012 - apache



 ===========================================================================
                                             _     
                         |_ .  _      _  _  (_  _  
                         |_ | | ) \/ _) (_) |  (_| 
                                  /                


                       Security  Advisory  #2004-012

 Package name:      apache / httpd
 Summary:           Denial Of Service
 Advisory ID:       TSSA-2004-012
 Date:              2004-06-29
 Affected versions: tinysofa enterprise server 1.0
                    tinysofa enterprise server 1.0-U1
                    tinysofa enterprise server 1.0-U2
                    tinysofa enterprise server 2.0-pre1

 ===========================================================================

 Security Fixes
 ============== 

 Description
 -----------

  apache:
  * A remote exploit has been discovered in the Apache HTTP server [0] 
    which allows an attacker to cause the server to allocate increasing
    amounts of memory until system memory is exhausted or until process
    limits are reached.

    This problem has been assigned the name CAN-2004-0493 [1] by the 
    Common Vulnerabilities and Exposures (CVE) project.

 References
 ----------
  [0] http://httpd.apache.org/
  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493

 Recommended Action
 ==================

  We recommend that all systems with these packages installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


 Location
 ========

  All tinysofa updates are available from
  <URI:http://http.tinysofa.org/pub/tinysofa/updates/>
  <URI:ftp://ftp.tinysofa.org/pub/tinysofa/updates/>


 Automatic Updates
 =================

  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Users of the APT tool may use the 'apt-get upgrade' command.

 Questions?
 ==========

  Check out our mailing lists:
  <URI:http://www.tinysofa.org/support/>


 Verification
 ============

  This advisory is signed with the tinysofa security sign key.
  This key is available from:
  <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAEDCBB4B>

  All tinysofa packages are signed with the tinysofa stable sign key.
  This key is available from:
  <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0F1240A2>

  The advisory is available from the tinysofa errata database at
  <URI:http://www.tinysofa.org/support/errata/>
  or directly at
  <URI:http://www.tinysofa.org/support/errata/2004/012.html>


 MD5sums Of The Packages
 =======================

 [server-1.0]

  ebc6032e2b8581955df97921bd194fda  apache-2.0.49-14ts.i586.rpm
  581dfd444acf8e5d22bd1f2ce34a7213  apache-dbm-2.0.49-14ts.i586.rpm
  079c2e42a23afbe60f8f8b98b9287410  apache-devel-2.0.49-14ts.i586.rpm
  4956d084928e6f3591cf112d211496a5  apache-manual-2.0.49-14ts.i586.rpm
  e36c1e88e598907e7ec44b13eca9d64b  apr-0.9.5-14ts.i586.rpm
  acdac3d099decb442e271febc18696d9  apr-devel-0.9.5-14ts.i586.rpm
  b45a7a65fe3cc2bc435bdabb79535373  apr-util-0.9.5-14ts.i586.rpm
  5110e06e4d7bf2b24e8298cc2c0b54f4  apr-util-devel-0.9.5-14ts.i586.rpm

 [server-2.0]

  dc3bf12c0df7ea363da38382e11ed5d4  httpd-2.0.49-8ts.i386.rpm
  0cb2829c70eed23a3a839ee0e3cb755a  httpd-devel-2.0.49-8ts.i386.rpm
  6f4915a3221629c2a56b4ccc517509f4  httpd-manual-2.0.49-8ts.i386.rpm
  62df1e70370c41795e6abff6950e925b  mod_ssl-2.0.49-8ts.i386.rpm

 --
 tinysofa Security Team <security at tinysofa dot org>

Attachment: pgpZMDFf9WxpO.pgp
Description: PGP signature