Bug 152708 - Apache 2.0 httpd/mod_ssl DoS CAN-2004-0113 and CGI CAN-2003-0789
Apache 2.0 httpd/mod_ssl DoS CAN-2004-0113 and CGI CAN-2003-0789
Status: CLOSED WONTFIX
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
https://rhn.redhat.com/errata/RHSA-20...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-30 15:07 EDT by Barry K. Nathan
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:24:45 EST
Discussed in RHSA-2004-182, a.k.a RHSA-2004:182-03 (linked from this bug).
AFAICT this needs to be fixed for Red Hat 8.0.



------- Additional Comments From jkeating@j2solutions.net 2004-05-06 20:04:43 ----

9 rpm does not rebuild cleanly for 8, needs an updated xmlto.  Not sure what
else xmlto uses, will look into just bringing back the patch.



------- Additional Comments From jkeating@j2solutions.net 2004-05-06 20:09:27 ----

Seems to be missing patch for CAN-2003-0789 as well.



------- Additional Comments From marcdeslauriers@videotron.ca 2004-05-24 07:36:14 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are 8.0 packages with CAN-2004-0113 applied.
8.0 Apache is not vulnerable to CAN-2003-0789 as it is not compiled with MPM.

a632837e493c55206b2792c58c20263d66833221  httpd-2.0.40-11.10.legacy.i386.rpm
cfa0495550f88c0a2772d3a072ed946ec8b1a0da  httpd-2.0.40-11.10.legacy.src.rpm
b9c87c52fcdfeced18517572d71d6115ec1a2865  httpd-devel-2.0.40-11.10.legacy.i386.rpm
44332b2000b61895b1cbaf3e05043c07b04d91f9  httpd-manual-2.0.40-11.10.legacy.i386.rpm
609f3fb8c1f54b4fb8548212b0129bc08dcbaf0f  mod_ssl-2.0.40-11.10.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/httpd-2.0.40-11.10.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/httpd-2.0.40-11.10.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/httpd-devel-2.0.40-11.10.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/httpd-manual-2.0.40-11.10.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/mod_ssl-2.0.40-11.10.legacy.i386.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAsjJmLMAs/0C4zNoRAhfuAJ9JZPd7oOy1htMPHQYAs4wNYbxYAACeJ5GZ
Lgme5Sgzv13vMExK+dH2a1o=
=QBlb
-----END PGP SIGNATURE-----




------- Additional Comments From jkeating@j2solutions.net 2004-05-31 08:49:27 ----

Support for 8.0 dropped.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:24 -------

This bug previously known as bug 1551 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1551
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.


Note You need to log in before you can comment on or make changes to this bug.