-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2005-2
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date : 13 Jan 2005
Last revised : 13 Jan 2005
Package : httpd
Summary : Multiple vulnerabilities in httpd
More information :
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the Internet.
Please refer to the References section for further information.
Impact :
The vulnerabilities could allow remote attackers to cause a denial of
service and possibly execute arbitrary code.
Affected Products :
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
Solution :
Please use the turbopkg (zabom) tool to apply the update.
----------------------------------------
[Turbolinux 10 Server]
# zabom -u httpd httpd-debug httpd-devel httpd-manual mod_bwshare mod_ssl
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
# zabom -u httpd
----------------------------------------
<Turbolinux 10 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/httpd-2.0.51-8.src.rpm
6842122 6f911bda264f6b7b9989f5c1e81d4ac0
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-2.0.51-8.i586.rpm
1032135 214e7c3d1c27cd45e0791d0f85d0d087
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-debug-2.0.51-8.i586.rpm
3238970 965c8ca35632af6c9bb1360d1fa42e40
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-devel-2.0.51-8.i586.rpm
222848 dde33db66f69d76c1a87edca5298b9d7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/httpd-manual-2.0.51-8.i586.rpm
1130005 e931dda35b3bdd4261318ee1435b6f6c
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/mod_bwshare-2.0.51-8.i586.rpm
39007 9722beda50813c05b89e85d49da54e11
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/mod_ssl-2.0.51-8.i586.rpm
86975 f949a8b78974c746446467c077b6e604
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-15.src.rpm
6315957 5264ab25976140082ab5310ea8c15ec9
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-15.i586.rpm
892409 4f78d678fc9b9da1db1af6779f3627e0
Notice:
After performing the update, it is necessary to restart the httpd daemon.
To do this, run the following command as the root user.
---------------------------------------------
# /etc/init.d/httpd restart
or
# /etc/rc.d/init.d/httpd restart
---------------------------------------------
References:
www.apache.org
[CHANGES_2.0]
http://www.apache.org/dist/httpd/CHANGES_2.0
CVE
[
CAN-2004-0488]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0488
[
CAN-2004-0748]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0748
[
CAN-2004-0751]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0751
[
CAN-2004-0809]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0809
[
CAN-2004-0885]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0885
[
CAN-2004-0942]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0942
fixed points:
[Turbolinux 10 Server]
CAN-2004-0855,
CAN-2004-0942
[Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home]
CAN-2004-0488,
CAN-2004-0748,
CAN-2004-0751,
CAN-2004-0809,
CAN-2004-0885,
CAN-2004-0942
--------------------------------------------------------------------------
Revision History
13 Jan 2005 Initial release
--------------------------------------------------------------------------
Copyright(C) 2004 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFB5jOAK0LzjOqIJMwRAvVqAJ9W9P3yEslmxt3LrVRJj3wK4N8UoQCbB+oH
3iXcStwVLDheoadnIGgp1ug=
=bZRz
-----END PGP SIGNATURE-----