[7602] in bugtraq
SECURITY: new apache packages now available
daemon@ATHENA.MIT.EDU (twiztah)
Mon Aug 10 21:24:34 1998
Date: Mon, 10 Aug 1998 21:13:15 -0400
Reply-To: twiztah <twiztah@ANARCHY.MAXHO.COM>
From: twiztah <twiztah@ANARCHY.MAXHO.COM>
To: BUGTRAQ@NETSPACE.ORG
A denial-of-service attack against the Apache web server has been found which
lets remote sites disable your web server. This attack does not let remote
users gain any sort of access to your computer, nor does it let local users
gain any special access.
Red Hat recommends upgrading apache on systems which are functioning as
Internet servers. After installing the new apache package, be sure to
restart the apache server as follows:
/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start
A fix for the Red Hat Secure Server will be available later this week.
Red Hat 5.0 and 5.1
- -------------------
i386:
rpm -Uvh ftp://ftp.redhat.com/updates/5.1/i386/apache-1.2.6-5.i386.rpm
alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/5.1/alpha/apache-1.2.6-5.alpha.rpm
SPARC:
rpm -Uvh ftp://ftp.redhat.com/updates/5.1/sparc/apache-1.2.6-5.sparc.rpm
Red Hat 4.2
- -------------
i386:
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/apache-1.2.5-0.1.i386.rpm
alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/apache-1.2.5-0.1.alpha.rpm
SPARC:
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/sparc/apache-1.2.5-0.1.sparc.rpm
