Date: Tue, 27 Jan 2004 12:12:32 -0500 (EST) From: John Jasen <jjasen@xxxxxxxxxxxxxxxxxx> To: fedora-legacy-list@xxxxxxxxxx Subject: apache httpd and slocate Reply-To: fedora-legacy-list@xxxxxxxxxx
slocate: https://rhn.redhat.com/errata/RHSA-2004-041.html
Looks liked 7.x and above might be affected?
httpd: https://rhn.redhat.com/errata/RHSA-2003-320.html
Looks like 8 and above?
That's my take on it. It looks like 7.3 is already fixed, anyway.
"An issue in the handling of regular expressions from configuration files
was discovered in releases of the Apache HTTP Server version 2.0 prior to
2.0.48. [...] The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0542 to this issue."
$ cat /etc/redhat-release Red Hat Linux release 7.3 (Valhalla) $ rpm -q apache apache-1.3.27-4 $ rpm -q --changelog apache | head * Thu Nov 13 2003 Joe Orton <jorton@xxxxxxxxxx> 1.3.27-4
- add security fix for CVE CAN-2003-0542
* Tue Aug 26 2003 Joe Orton <jorton@xxxxxxxxxx> 1.3.27-3
- add security fixes for CVE CAN-2003-0020, CERT VU#379828 - add bug fixes for #60281
* Wed Oct 23 2002 Nalin Dahyabhai <nalin@xxxxxxxxxx> 1.3.27-2 $
"A bug in the CGI daemon-based 'mod_cgid' module was discovered that can result in CGI script output being sent to the wrong client."
$ ls -l /etc/httpd/modules/mod_cgid.so
ls: /etc/httpd/modules/mod_cgid.so: No such file or directory
$ ls -l /etc/httpd/modules/mod_cgi*.so
-rwxr-xr-x 1 root root 14940 Dec 10 05:05 /etc/httpd/modules/mod_cgi.so
$