From tsl@trustix.org Wed Mar 31 23:42:54 2004 From: Trustix Security Advisor To: bugtraq@securityfocus.com Date: Tue, 30 Mar 2004 16:24:59 +0200 Subject: TSLSA-2004-0017 - apache -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2004-0017 Package name: apache Summary: new upstream Date: 2004-03-30 Affected versions: Trustix 2.1 - -------------------------------------------------------------------------- Package description: Apache is a full featured web server that is freely available, and also happens to be the most widely used.Built with loadable modules (all standard modules enabled). This verion is intended as a replacement for a standard apache, the configuration files provided with apache and apache-ssl are unchanged. Problem description: The new upstream version of apache addresses several security issues: - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix updates are available from About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Public testing: Most updates for Trustix are made available for public testing some time before release. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at You may also use swup for public testing of updates: site { class = 0 location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf" regexp = ".*" } Questions? Check out our mailing lists: Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: The advisory itself is available from the errata pages at and or directly at MD5sums of the packages: - -------------------------------------------------------------------------- 2f8cb6185125538096f5294dd73fcfdf 2.1/rpms/apache-2.0.49-2tr.i586.rpm d4a92784e59270f8213b10ec47150ec4 2.1/rpms/apache-dbm-2.0.49-2tr.i586.rpm 1f0cba7667cbd4c0e235f056aff03df2 2.1/rpms/apache-devel-2.0.49-2tr.i586.rpm 65c9b7530f0d7e9ba38e7a0d8d106083 2.1/rpms/apache-manual-2.0.49-2tr.i586.rpm 3f1efb8f665de116a06b9ebb780e81cb 2.0/rpms/apache-2.0.49-1tr.i586.rpm 64ab42919cdef6ede9d4efc9c82df2e5 2.0/rpms/apache-devel-2.0.49-1tr.i586.rpm f40a03994d7140311cf2e5fe714bc410 2.0/rpms/apache-manual-2.0.49-1tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAaXuvi8CEzsK9IksRAq5CAKCp6Wnz4BmOLfwSqYFU5BDedt5d1wCgo8mn ZYNT+qxDVYQ4vOZvo/pQ040= =hqpX -----END PGP SIGNATURE-----