DSA-187 and DSA-188 apache - several vulnerabilities and testing

[Djoumé SALVETTI]

Good day,

I'm checking testing against 2002 DSAs (for woody) with Joeh Hess.

I'm not sure with DSA-187 [1] and DSA-188 [2] (sames security problems, one for
apache and another one for apache-ssl)

I know that CAN-2002-0839, CAN-2002-0840, CAN-2002-0843 are fixed in
unstable since apache 1.3.27-0.1

I believe CAN-2001-0131 and CAN-2002-1233 are fixed with the following
patches in apache debian packages :
901_security_htdigest_tempfiles
902_security_htpasswd_tempfiles

Could you confirmme this?

both DSA also mentionned buffer overflows in ApacheBench :

| NO-CAN: Several buffer overflows have been found in the ApacheBench (ab)
| utility that could be exploited by a remote server returning very long
| strings.

Do you know if theses are fixed in testing package?

Thanks for your help.

[1] http://www.debian.org/security/2002/dsa-187
[2] http://www.debian.org/security/2002/dsa-188
-- 
Djoumé SALVETTI


pgprqfAPBlvlb.pgp
Description: PGP signature

Bug#259211: magic problem solved but apache still segfault

[Djoumé SALVETTI]

Well, .. after reading /etc/apache/suggested_corrections
(I supposed this was created during upgrade) I have solved the magic
problem but apache still segfault.

Regards.
-- 
Djoumé SALVETTI

Bug#259211: apache segfault after upgrade from woody

[Djoumé SALVETTI]

Le mardi 07/13/04 Fabio Massimo Di Nitto [EMAIL PROTECTED] a écrit :
  and apache -X give me a segfault (see attached strace).
 
 Can you try to disable php4?

Indeed, if I comment :

# LoadModule php4_module /usr/lib/apache/1.3/libphp4.so

in httpd.conf, apache start fine (but without php support, of course).

-- 
Djoumé SALVETTI