Bug 152708

Summary: Apache 2.0 httpd/mod_ssl DoS CAN-2004-0113 and CGI CAN-2003-0789
Product: [Retired] Fedora Legacy Reporter: Barry K. Nathan <barryn>
Component: Package requestAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: barryn
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://rhn.redhat.com/errata/RHSA-2004-182.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Lawrence 2005-03-30 23:24:45 UTC 
Discussed in RHSA-2004-182, a.k.a RHSA-2004:182-03 (linked from this bug).
AFAICT this needs to be fixed for Red Hat 8.0.



------- Additional Comments From jkeating 2004-05-06 20:04:43 ----

9 rpm does not rebuild cleanly for 8, needs an updated xmlto.  Not sure what
else xmlto uses, will look into just bringing back the patch.



------- Additional Comments From jkeating 2004-05-06 20:09:27 ----

Seems to be missing patch for CAN-2003-0789 as well.



------- Additional Comments From marcdeslauriers 2004-05-24 07:36:14 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are 8.0 packages with CAN-2004-0113 applied.
8.0 Apache is not vulnerable to CAN-2003-0789 as it is not compiled with MPM.

a632837e493c55206b2792c58c20263d66833221  httpd-2.0.40-11.10.legacy.i386.rpm
cfa0495550f88c0a2772d3a072ed946ec8b1a0da  httpd-2.0.40-11.10.legacy.src.rpm
b9c87c52fcdfeced18517572d71d6115ec1a2865  httpd-devel-2.0.40-11.10.legacy.i386.rpm
44332b2000b61895b1cbaf3e05043c07b04d91f9  httpd-manual-2.0.40-11.10.legacy.i386.rpm
609f3fb8c1f54b4fb8548212b0129bc08dcbaf0f  mod_ssl-2.0.40-11.10.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/httpd-2.0.40-11.10.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/httpd-2.0.40-11.10.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/httpd-devel-2.0.40-11.10.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/httpd-manual-2.0.40-11.10.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/mod_ssl-2.0.40-11.10.legacy.i386.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAsjJmLMAs/0C4zNoRAhfuAJ9JZPd7oOy1htMPHQYAs4wNYbxYAACeJ5GZ
Lgme5Sgzv13vMExK+dH2a1o=
=QBlb
-----END PGP SIGNATURE-----




------- Additional Comments From jkeating 2004-05-31 08:49:27 ----

Support for 8.0 dropped.



------- Bug moved to this database by dkl 2005-03-30 18:24 -------

This bug previously known as bug 1551 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1551
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.