On Sunday 01 June 2003 06:49 am, Charles A Edwards wrote: > On Sat, 31 May 2003 19:18:37 -0400 > > JoeHill <[EMAIL PROTECTED]> wrote: > > thanks! I wonder how long it will take for a patch like this to appear > > on the MDK security updates list? > > Already done. > > > Mandrake Linux Security Update Advisory > ________________________________________________________________________ > > Package name: apache2 > Advisory ID: MDKSA-2003:063 > Date: May 30th, 2003 > > Affected versions: 9.1 > ________________________________________________________________________ > > Problem Description: > > Two vulnerabilities were discovered in the Apache web server that > affect all 2.x versions prior to 2.0.46. The first, discovered by John > Hughes, is a build system problem that allows remote attackers to > prevent access to authenticated content when a threaded server is used. > This only affects versions of Apache compiled with threaded server > "httpd.worker", which is not the default for Mandrake Linux. > > The second vulnerability, discovered by iDefense, allows remote > attackers to cause a DoS (Denial of Service) condition and may also > allow the execution of arbitrary code. > > The provided packages include back-ported fixes to correct these > vulnerabilities and MandrakeSoft encourages all users to upgrade > immediately. > ________________________________________________________________________ > > References: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0189 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0245 > ________________________________________________________________________ > > > Charles Thankyou, and I have already patched. Hope everyone else has. You guys are quick. -- Dennis M. linux user #180842
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com