Home page logo

bugtraq logo Bugtraq mailing list archives

[SECURITY] [DSA-131-2] Apache chunk handling vulnerability, update
From: Wichert Akkerman <wichert () wiggy net>
Date: Wed, 19 Jun 2002 14:22:25 +0200


- ------------------------------------------------------------------------
Debian Security Advisory DSA-131-2                   security () debian org
http://www.debian.org/security/                         Wichert Akkerman
June 19, 2002
- ------------------------------------------------------------------------

Package        : apache
Problem type   : remote DoS / exploit
Debian-specific: no
CVE name       : CAN-2002-0392
CERT advisory  : VU#944335

The DSA-131-1 advisory for the Apache chunk handling vulnerability
contained an error and was missing some essential information:

* The upstream fix was for the 1.3 series was made in version 1.3.26,
  not version 1.3.16 as the advisory incorrectly stated

* The package upgrade does not restart the apache server automatically,
  this will have to be done manually. Please make sure your
  configuration is correct ("apachectl configtest" will verify that for
  you) and restart it using "/etc/init.d/apache restart"

For details on the vulnerability and the updated packages please see
the original advisory or visit the Debian security web-pages (available
at http://www.debian.org/security/).

- -- 
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce () lists debian org

Version: 2.6.3ia
Charset: noconv


To UNSUBSCRIBE, email to debian-security-announce-request () lists debian org
with a subject of "unsubscribe". Trouble? Contact listmaster () lists debian org

  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA-131-2] Apache chunk handling vulnerability, update Wichert Akkerman (Jun 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]