Fedora Update Notification
FEDORA-2004-117
2004-05-25
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : httpd
Version     : 2.0.49                      
Release     : 1.1                  
Summary     : Apache HTTP Server
Description :
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the
Internet.

---------------------------------------------------------------------
Update Information:

This update includes the latest stable release of Apache httpd 2.0,
including a security fix for a memory leak in mod_ssl which can be
triggered remotely (CVE CAN-2004-0113), and a fix for escaping of error
log output (CVE CAN-2003-0020).

This update also includes an enhanced version of the mod_cgi module
which fixes a long-standing bug in the handling of stderr output during
CGI script execution.
--------------------------------------------------------------------- 

* Fri May 07 2004 Joe Orton <jorton@redhat.com> 2.0.49-1.1

- fix 2.0.48's httpd loading 2.0.49's mod_expires.so

* Fri May 07 2004 Joe Orton <jorton@redhat.com> 2.0.49-1.0

- update to 2.0.49 (thanks to Robert Scheck, #118798)
- make "noindex" page valid XHTML 1.1 (Pascal Volk, #122020)
- restore /etc/httpd/build/libtool symlink (#113720)
- mod_cgi: backport fixes for stderr handling (upstream #22030)
- mod_dav: misc improvements
- add rgetline NUL-termination fixes (Tsurutani Naoki, upstream #28376)

---------------------------------------------------------------------
This update can be downloaded from:
    

b008b66b5af9ce253a53a805919a6814  SRPMS/httpd-2.0.49-1.1.src.rpm
f047f09af00b168af1b67ce4ff377c39  i386/httpd-2.0.49-1.1.i386.rpm
52befed28d29860131a578615c2a4ff1  i386/httpd-devel-2.0.49-1.1.i386.rpm
2915df9769773493e82472ce5dfe84dc  i386/httpd-manual-2.0.49-1.1.i386.rpm
d943e6a34e9dbf1df956f9b98faf9e36  i386/mod_ssl-2.0.49-1.1.i386.rpm
7a59a2e8e05ae55d188c6eeaa2b57e3d  i386/debug/httpd-debuginfo-2.0.49-1.1.i386.rpm
89d28478a3a3fa06872aa5a5c4738d08  x86_64/httpd-2.0.49-1.1.x86_64.rpm
4b08a98a31db3e9b4b7482d63b107e18  x86_64/httpd-devel-2.0.49-1.1.x86_64.rpm
d553b52be3170277f528289ea1fc8eef  x86_64/httpd-manual-2.0.49-1.1.x86_64.rpm
b0a67133622538b4d3137114dba3ad04  x86_64/mod_ssl-2.0.49-1.1.x86_64.rpm
479c2ccc1fada2efde2ba409c9058d75  x86_64/debug/httpd-debuginfo-2.0.49-1.1.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

Fedora: 1: httpd Multiple vulnerabilities

May 25, 2004
Fixes an exploitable memory leak and escapable error-log output.

Summary

Apache is a powerful, full-featured, efficient, and freely-available

Web server. Apache is also the most popular Web server on the

Internet.

Update Information:

This update includes the latest stable release of Apache httpd 2.0, including a security fix for a memory leak in mod_ssl which can be triggered remotely (CVE CAN-2004-0113), and a fix for escaping of error log output (CVE CAN-2003-0020).

This update also includes an enhanced version of the mod_cgi module which fixes a long-standing bug in the handling of stderr output during CGI script execution.

* Fri May 07 2004 Joe Orton <jorton@redhat.com> 2.0.49-1.1

- fix 2.0.48's httpd loading 2.0.49's mod_expires.so

* Fri May 07 2004 Joe Orton <jorton@redhat.com> 2.0.49-1.0

- update to 2.0.49 (thanks to Robert Scheck, #118798) - make "noindex" page valid XHTML 1.1 (Pascal Volk, #122020) - restore /etc/httpd/build/libtool symlink (#113720) - mod_cgi: backport fixes for stderr handling (upstream #22030) - mod_dav: misc improvements - add rgetline NUL-termination fixes (Tsurutani Naoki, upstream #28376)

This update can be downloaded from:


b008b66b5af9ce253a53a805919a6814 SRPMS/http...

Read the Full Advisory

Change Log

References

Fedora Update Notification FEDORA-2004-117 2004-05-25 Product : Fedora Core 1 Name : httpd Version : 2.0.49 Release : 1.1 Summary : Apache HTTP Server Description : Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet.

Update Instructions

Severity
Product : Fedora Core 1
Name : httpd
Version : 2.0.49
Release : 1.1
Summary : Apache HTTP Server

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved