From greg@WIREX.COM Thu Oct 26 14:55:55 2000 From: Greg KH To: BUGTRAQ@SECURITYFOCUS.COM Date: Wed, 25 Oct 2000 16:43:46 -0700 Subject: [BUGTRAQ] [IMNX-2000-042-01] Immunix OS Security Update for apache and php ----------------------------------------------------------------------- Immunix OS Security Advisory Packages updated: apache, apache-devel, apache-manual, auth_ldap, mod_perl, php-3, php-imap-3, php-ldap-3, php-manual-3, php-pgsql-3 Date: October 25, 2000 Advisory ID: IMNX-2000-042-01 Author: Greg Kroah-Hartman ----------------------------------------------------------------------- Description: Redhat has put out an update to the apache package that fixes some vulnerabilities in the mod_rewrite module, and a problem in the virtual hosting facilities. They have also released an update to the php3 package, fixing a potential exploit with a format string problem in that package. See http://www.redhat.com/support/errata/RHSA-2000-088-04.html for more information. Immunix has released the following packages for Immunix OS 6.2 (StackGuarded versions of the RedHat packages.) Note, this advisory supersedes the previous Immunix OS advisory for apache that was also released on October 25, 2000. No advisory id was given for that release, as this is the first numbered advisory (thanks to Kurt Seifried of securityportal.com for getting me to change this behavior.) Package names and locations: Precompiled binary packages for Immunix 6.2 are available at: http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/apache-1.3.14-2.6.2_StackGuard.i386.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/apache-devel-1.3.14-2.6.2_StackGuard.i386.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/apache-manual-1.3.14-2.6.2_StackGuard.i386.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/auth_ldap-1.4.0-3_StackGuard.i386.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/mod_perl-1.23-3_StackGuard.i386.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-3.0.17-1.6.2_StackGuard.i386.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-imap-3.0.17-1.6.2_StackGuard.i386.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-ldap-3.0.17-1.6.2_StackGuard.i386.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-manual-3.0.17-1.6.2_StackGuard.i386.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/php-pgsql-3.0.17-1.6.2_StackGuard.i386.rpm Source packages for Immunix 6.2 are available at: http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/apache-1.3.14-2.6.2_StackGuard.src.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/auth_ldap-1.4.0-3_StackGuard.src.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/mod_perl-1.23-3_StackGuard.src.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/php-3.0.17-1.6.2_StackGuard.src.rpm md5sums of the packages: 705d663b8138deb44683e5fc09a33352 apache-1.3.14-2.6.2_StackGuard.i386.rpm bb57ef75304f86b94ef8dcc3c19e53d1 apache-devel-1.3.14-2.6.2_StackGuard.i386.rpm c38c180f0a4b8654c982d9b55a6c955e apache-manual-1.3.14-2.6.2_StackGuard.i386.rpm fea5e8cf5fe1141fa6edb0061a4faa32 auth_ldap-1.4.0-3_StackGuard.i386.rpm 464e5dd88e2dca51183f3c45f574372e mod_perl-1.23-3_StackGuard.i386.rpm 2159fc9100ecafe5e42c61dfe65bb426 php-3.0.17-1.6.2_StackGuard.i386.rpm 646d80c45e12ad615a1823a5c8226c7c php-imap-3.0.17-1.6.2_StackGuard.i386.rpm e17818313e2a8b4fe86470b829fb189c php-ldap-3.0.17-1.6.2_StackGuard.i386.rpm 4c553b0a437e8ccc5ca420332c71017e php-manual-3.0.17-1.6.2_StackGuard.i386.rpm 57cf12777a542017d952bdf558a14733 php-pgsql-3.0.17-1.6.2_StackGuard.i386.rpm 7715fa21cfae8fc7360d5543427ba729 apache-1.3.14-2.6.2_StackGuard.src.rpm f718507913ed320d14fa166f1192ddc9 auth_ldap-1.4.0-3_StackGuard.src.rpm 8fe49a8a67092698cc5c74839a087acb mod_perl-1.23-3_StackGuard.src.rpm cbe4a2c0f40e84776895f80276a51dc2 php-3.0.17-1.6.2_StackGuard.src.rpm [Part 2, Application/PGP-SIGNATURE 240bytes] [Unable to print this part]