Date: 16 July 2007
References: AA-2007.0078 ESB-2007.0773 ESB-2007.0784 ESB-2007.1047 ESB-2008.0553 ESB-2008.0656 ESB-2009.1211 ESB-2010.0692
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0468 -- [Win][UNIX/Linux][RedHat]
Moderate: apache security update
16 July 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: apache
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux
UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Cross-site Scripting
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2007-3304 CVE-2007-1863 CVE-2006-5752
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0532.html
https://rhn.redhat.com/errata/RHSA-2007-0533.html
https://rhn.redhat.com/errata/RHSA-2007-0534.html
https://rhn.redhat.com/errata/RHSA-2007-0556.html
https://rhn.redhat.com/errata/RHSA-2007-0557.html
https://rhn.redhat.com/errata/RHSA-2007-0662.html
Comment: This bulletin contains four Red Hat advisories.
This advisory references vulnerabilities in products which run on
platforms other than Red Hat. It is recommended that administrators
running Apache check for an updated version of the software for
their operating system.
Revision History: July 16 2007: Patches Released for Red Hat Enterprise
Linux 3 and 4
June 28 2007: Added advisory RHSA-2007-05.
June 27 2007: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: apache security update
Advisory ID: RHSA-2007:0532-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0532.html
Issue date: 2007-06-26
Updated on: 2007-06-26
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-3304 CVE-2006-5752
- - ---------------------------------------------------------------------
1. Summary:
Updated Apache httpd packages that correct two security issues are now
available for Red Hat Enterprise Linux 2.1.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
3. Problem description:
The Apache HTTP Server is a popular Web server.
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with
the server-status page publicly accessible and ExtendedStatus enabled were
vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux
the server-status page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752)
Users of Apache should upgrade to these updated packages, which contain
backported patches to correct these issues. Users should restart Apache
after installing this update.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
245111 - CVE-2007-3304 httpd scoreboard lack of PID protection
245112 - CVE-2006-5752 httpd mod_status XSS
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/apache-1.3.27-12.ent.src.rpm
737514615921dc02ea4309ad12f91f80 apache-1.3.27-12.ent.src.rpm
i386:
4661f8345564a7b429a0c6b84df699a9 apache-1.3.27-12.ent.i386.rpm
cf02487246160118259738e8ec6b112d apache-devel-1.3.27-12.ent.i386.rpm
1c3d08027ffb5cdab74af4daa37d7058 apache-manual-1.3.27-12.ent.i386.rpm
ia64:
4981b35e225ad4b660e910c831776305 apache-1.3.27-12.ent.ia64.rpm
42d858d5d916dbed7c550db5c5b0d07b apache-devel-1.3.27-12.ent.ia64.rpm
7b25f3454a76869ca91cbb6ed319e75f apache-manual-1.3.27-12.ent.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/apache-1.3.27-12.ent.src.rpm
737514615921dc02ea4309ad12f91f80 apache-1.3.27-12.ent.src.rpm
ia64:
4981b35e225ad4b660e910c831776305 apache-1.3.27-12.ent.ia64.rpm
42d858d5d916dbed7c550db5c5b0d07b apache-devel-1.3.27-12.ent.ia64.rpm
7b25f3454a76869ca91cbb6ed319e75f apache-manual-1.3.27-12.ent.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/apache-1.3.27-12.ent.src.rpm
737514615921dc02ea4309ad12f91f80 apache-1.3.27-12.ent.src.rpm
i386:
4661f8345564a7b429a0c6b84df699a9 apache-1.3.27-12.ent.i386.rpm
cf02487246160118259738e8ec6b112d apache-devel-1.3.27-12.ent.i386.rpm
1c3d08027ffb5cdab74af4daa37d7058 apache-manual-1.3.27-12.ent.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/apache-1.3.27-12.ent.src.rpm
737514615921dc02ea4309ad12f91f80 apache-1.3.27-12.ent.src.rpm
i386:
4661f8345564a7b429a0c6b84df699a9 apache-1.3.27-12.ent.i386.rpm
cf02487246160118259738e8ec6b112d apache-devel-1.3.27-12.ent.i386.rpm
1c3d08027ffb5cdab74af4daa37d7058 apache-manual-1.3.27-12.ent.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGgS9vXlSAg2UNWIIRAuCEAJ9mGgFcVfh/VjLW7XP95hXHrYAyfwCfToIG
d/AzwjkRot+a9S5XtoO7Nhw=
=tFoH
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: httpd security update
Advisory ID: RHSA-2007:0534-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0534.html
Issue date: 2007-06-26
Updated on: 2007-06-26
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-5752 CVE-2007-1863
- - ---------------------------------------------------------------------
1. Summary:
Updated Apache httpd packages that correct two security issues are now
available for Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The Apache HTTP Server is a popular Web server.
A flaw was found in the Apache HTTP Server mod_status module. On sites
where the server-status page is publicly accessible and ExtendedStatus is
enabled this could lead to a cross-site scripting attack. On Red Hat
Enterprise Linux the server-status page is not enabled by default and it is
best practice to not make this publicly available. (CVE-2006-5752)
A bug was found in the Apache HTTP Server mod_cache module. On sites where
caching is enabled, a remote attacker could send a carefully crafted
request that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)
Users of httpd should upgrade to these updated packages, which contain
backported patches to correct these issues. Users should restart Apache
after installing this update.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
244658 - CVE-2007-1863 httpd mod_cache segfault
245112 - CVE-2006-5752 httpd mod_status XSS
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-32.2.ent.src.rpm
e19b6b381b001d6a03479e084173a619 httpd-2.0.52-32.2.ent.src.rpm
i386:
f0582489efd46c9c59863195707d00d0 httpd-2.0.52-32.2.ent.i386.rpm
2d08feb9b8233c16e80d213f8f962360 httpd-debuginfo-2.0.52-32.2.ent.i386.rpm
340f2feebe9a79e42a767335336675f5 httpd-devel-2.0.52-32.2.ent.i386.rpm
2b490d14e2d09eb8cbafd88fe9467312 httpd-manual-2.0.52-32.2.ent.i386.rpm
115487cace183f2caf4aac73a5149c9f httpd-suexec-2.0.52-32.2.ent.i386.rpm
d86d6d290b95fc85e3de832dae45ba7f mod_ssl-2.0.52-32.2.ent.i386.rpm
ia64:
43280ea7ada5d21c98a4d9d0738ef341 httpd-2.0.52-32.2.ent.ia64.rpm
3d84b352d9686dd518b48e13a0c02ddd httpd-debuginfo-2.0.52-32.2.ent.ia64.rpm
8cb1a7fb6dcf3b6c8bba764574a4f46b httpd-devel-2.0.52-32.2.ent.ia64.rpm
7f3a1353272854c8446d83f80333443c httpd-manual-2.0.52-32.2.ent.ia64.rpm
309413e6ae60a2dc263e6ed963a3e4be httpd-suexec-2.0.52-32.2.ent.ia64.rpm
56749924b8239b7343ab30975376cd82 mod_ssl-2.0.52-32.2.ent.ia64.rpm
ppc:
127729c579cbca6fcd60a2f8e8b76f6c httpd-2.0.52-32.2.ent.ppc.rpm
8bcdba1da6bf29c52fa39b3cdfe935c0 httpd-debuginfo-2.0.52-32.2.ent.ppc.rpm
0911772998e00a4a09536b2240de07e4 httpd-devel-2.0.52-32.2.ent.ppc.rpm
209a157b1cae1e4454d90590f3df6500 httpd-manual-2.0.52-32.2.ent.ppc.rpm
975f553c1ce8616f5cce71f511903a53 httpd-suexec-2.0.52-32.2.ent.ppc.rpm
40cab07e07fb43a436e80bca5b928413 mod_ssl-2.0.52-32.2.ent.ppc.rpm
s390:
9770d5a8918fdd97d74ddedf2a1f686e httpd-2.0.52-32.2.ent.s390.rpm
c7f7aa04d925c7152ba038cf84148d2b httpd-debuginfo-2.0.52-32.2.ent.s390.rpm
980920e38a008e2333e70bc0f794b2db httpd-devel-2.0.52-32.2.ent.s390.rpm
9e49e23e2266faa6b25bf4e5b2f89c7b httpd-manual-2.0.52-32.2.ent.s390.rpm
dd3da0029f6d267011e0d673c077ceab httpd-suexec-2.0.52-32.2.ent.s390.rpm
ea1047ac976b43b5be3cb1dfb4e8c26d mod_ssl-2.0.52-32.2.ent.s390.rpm
s390x:
eb4f61a04aa54984ba1a09726bca13b7 httpd-2.0.52-32.2.ent.s390x.rpm
ed6bb4f7ae935462595396c99b33c205 httpd-debuginfo-2.0.52-32.2.ent.s390x.rpm
417868bf22d1669436695452c7f49ad2 httpd-devel-2.0.52-32.2.ent.s390x.rpm
d16a5308fd622d2790a0a6c777872ae7 httpd-manual-2.0.52-32.2.ent.s390x.rpm
ed840994b9f16962d3c2d773f1416004 httpd-suexec-2.0.52-32.2.ent.s390x.rpm
b717d806bbeb703cb4988c3c9c093a36 mod_ssl-2.0.52-32.2.ent.s390x.rpm
x86_64:
208ead4487bdc36a3eb0c45af2dac4d0 httpd-2.0.52-32.2.ent.x86_64.rpm
11aff2230fabb33344afbbe8cf31ebc7 httpd-debuginfo-2.0.52-32.2.ent.x86_64.rpm
2926a123b3645ea8c79e2057d572c5ab httpd-devel-2.0.52-32.2.ent.x86_64.rpm
c048d1098d04d7d6e6f552270c97fa33 httpd-manual-2.0.52-32.2.ent.x86_64.rpm
6217e605a53ac2b4476ca842e027a8b5 httpd-suexec-2.0.52-32.2.ent.x86_64.rpm
5b2613e647bfd5ff5459d8daee1177e5 mod_ssl-2.0.52-32.2.ent.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-32.2.ent.src.rpm
e19b6b381b001d6a03479e084173a619 httpd-2.0.52-32.2.ent.src.rpm
i386:
f0582489efd46c9c59863195707d00d0 httpd-2.0.52-32.2.ent.i386.rpm
2d08feb9b8233c16e80d213f8f962360 httpd-debuginfo-2.0.52-32.2.ent.i386.rpm
340f2feebe9a79e42a767335336675f5 httpd-devel-2.0.52-32.2.ent.i386.rpm
2b490d14e2d09eb8cbafd88fe9467312 httpd-manual-2.0.52-32.2.ent.i386.rpm
115487cace183f2caf4aac73a5149c9f httpd-suexec-2.0.52-32.2.ent.i386.rpm
d86d6d290b95fc85e3de832dae45ba7f mod_ssl-2.0.52-32.2.ent.i386.rpm
x86_64:
208ead4487bdc36a3eb0c45af2dac4d0 httpd-2.0.52-32.2.ent.x86_64.rpm
11aff2230fabb33344afbbe8cf31ebc7 httpd-debuginfo-2.0.52-32.2.ent.x86_64.rpm
2926a123b3645ea8c79e2057d572c5ab httpd-devel-2.0.52-32.2.ent.x86_64.rpm
c048d1098d04d7d6e6f552270c97fa33 httpd-manual-2.0.52-32.2.ent.x86_64.rpm
6217e605a53ac2b4476ca842e027a8b5 httpd-suexec-2.0.52-32.2.ent.x86_64.rpm
5b2613e647bfd5ff5459d8daee1177e5 mod_ssl-2.0.52-32.2.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-32.2.ent.src.rpm
e19b6b381b001d6a03479e084173a619 httpd-2.0.52-32.2.ent.src.rpm
i386:
f0582489efd46c9c59863195707d00d0 httpd-2.0.52-32.2.ent.i386.rpm
2d08feb9b8233c16e80d213f8f962360 httpd-debuginfo-2.0.52-32.2.ent.i386.rpm
340f2feebe9a79e42a767335336675f5 httpd-devel-2.0.52-32.2.ent.i386.rpm
2b490d14e2d09eb8cbafd88fe9467312 httpd-manual-2.0.52-32.2.ent.i386.rpm
115487cace183f2caf4aac73a5149c9f httpd-suexec-2.0.52-32.2.ent.i386.rpm
d86d6d290b95fc85e3de832dae45ba7f mod_ssl-2.0.52-32.2.ent.i386.rpm
ia64:
43280ea7ada5d21c98a4d9d0738ef341 httpd-2.0.52-32.2.ent.ia64.rpm
3d84b352d9686dd518b48e13a0c02ddd httpd-debuginfo-2.0.52-32.2.ent.ia64.rpm
8cb1a7fb6dcf3b6c8bba764574a4f46b httpd-devel-2.0.52-32.2.ent.ia64.rpm
7f3a1353272854c8446d83f80333443c httpd-manual-2.0.52-32.2.ent.ia64.rpm
309413e6ae60a2dc263e6ed963a3e4be httpd-suexec-2.0.52-32.2.ent.ia64.rpm
56749924b8239b7343ab30975376cd82 mod_ssl-2.0.52-32.2.ent.ia64.rpm
x86_64:
208ead4487bdc36a3eb0c45af2dac4d0 httpd-2.0.52-32.2.ent.x86_64.rpm
11aff2230fabb33344afbbe8cf31ebc7 httpd-debuginfo-2.0.52-32.2.ent.x86_64.rpm
2926a123b3645ea8c79e2057d572c5ab httpd-devel-2.0.52-32.2.ent.x86_64.rpm
c048d1098d04d7d6e6f552270c97fa33 httpd-manual-2.0.52-32.2.ent.x86_64.rpm
6217e605a53ac2b4476ca842e027a8b5 httpd-suexec-2.0.52-32.2.ent.x86_64.rpm
5b2613e647bfd5ff5459d8daee1177e5 mod_ssl-2.0.52-32.2.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-32.2.ent.src.rpm
e19b6b381b001d6a03479e084173a619 httpd-2.0.52-32.2.ent.src.rpm
i386:
f0582489efd46c9c59863195707d00d0 httpd-2.0.52-32.2.ent.i386.rpm
2d08feb9b8233c16e80d213f8f962360 httpd-debuginfo-2.0.52-32.2.ent.i386.rpm
340f2feebe9a79e42a767335336675f5 httpd-devel-2.0.52-32.2.ent.i386.rpm
2b490d14e2d09eb8cbafd88fe9467312 httpd-manual-2.0.52-32.2.ent.i386.rpm
115487cace183f2caf4aac73a5149c9f httpd-suexec-2.0.52-32.2.ent.i386.rpm
d86d6d290b95fc85e3de832dae45ba7f mod_ssl-2.0.52-32.2.ent.i386.rpm
ia64:
43280ea7ada5d21c98a4d9d0738ef341 httpd-2.0.52-32.2.ent.ia64.rpm
3d84b352d9686dd518b48e13a0c02ddd httpd-debuginfo-2.0.52-32.2.ent.ia64.rpm
8cb1a7fb6dcf3b6c8bba764574a4f46b httpd-devel-2.0.52-32.2.ent.ia64.rpm
7f3a1353272854c8446d83f80333443c httpd-manual-2.0.52-32.2.ent.ia64.rpm
309413e6ae60a2dc263e6ed963a3e4be httpd-suexec-2.0.52-32.2.ent.ia64.rpm
56749924b8239b7343ab30975376cd82 mod_ssl-2.0.52-32.2.ent.ia64.rpm
x86_64:
208ead4487bdc36a3eb0c45af2dac4d0 httpd-2.0.52-32.2.ent.x86_64.rpm
11aff2230fabb33344afbbe8cf31ebc7 httpd-debuginfo-2.0.52-32.2.ent.x86_64.rpm
2926a123b3645ea8c79e2057d572c5ab httpd-devel-2.0.52-32.2.ent.x86_64.rpm
c048d1098d04d7d6e6f552270c97fa33 httpd-manual-2.0.52-32.2.ent.x86_64.rpm
6217e605a53ac2b4476ca842e027a8b5 httpd-suexec-2.0.52-32.2.ent.x86_64.rpm
5b2613e647bfd5ff5459d8daee1177e5 mod_ssl-2.0.52-32.2.ent.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGgS95XlSAg2UNWIIRAtMFAJ9CgYtzdKopf7tErwg+tAX6flE8+ACgjsEx
hDsWsJFnRRF2tTykfAuit5o=
=tNNN
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: httpd security update
Advisory ID: RHSA-2007:0556-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0556.html
Issue date: 2007-06-26
Updated on: 2007-06-26
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-5752 CVE-2007-1863 CVE-2007-3304
- - ---------------------------------------------------------------------
1. Summary:
Updated Apache httpd packages that correct three security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
The Apache HTTP Server is a popular Web server.
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to run
scripts on the Apache HTTP Server could manipulate the scoreboard and cause
arbitrary processes to be terminated which could lead to a denial of
service (CVE-2007-3304). This issue is not exploitable on Red Hat
Enterprise Linux 5 if using the default SELinux targeted policy.
A flaw was found in the Apache HTTP Server mod_status module. On sites
where the server-status page is publicly accessible and ExtendedStatus is
enabled this could lead to a cross-site scripting attack. On Red Hat
Enterprise Linux the server-status page is not enabled by default and it is
best practice to not make this publicly available. (CVE-2006-5752)
A bug was found in the Apache HTTP Server mod_cache module. On sites where
caching is enabled, a remote attacker could send a carefully crafted
request that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)
Users of httpd should upgrade to these updated packages, which contain
backported patches to correct these issues. Users should restart Apache
after installing this update.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
244658 - CVE-2007-1863 httpd mod_cache segfault
245111 - CVE-2007-3304 httpd scoreboard lack of PID protection
245112 - CVE-2006-5752 httpd mod_status XSS
6. RPMs required:
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-7.el5.src.rpm
ad994b03f478915b23379e3e341ee9ee httpd-2.2.3-7.el5.src.rpm
i386:
74ee3f1249eb3d86fba24c83279b3445 httpd-2.2.3-7.el5.i386.rpm
7324a7f15396905aa4f652abd6ae8997 httpd-debuginfo-2.2.3-7.el5.i386.rpm
0c8fa982385e4b9588afc1070aece01f mod_ssl-2.2.3-7.el5.i386.rpm
x86_64:
710457b901c4a0c06a6c976facbb415a httpd-2.2.3-7.el5.x86_64.rpm
2c7da4cff9c7a6cd29b15f53a4bbc9d1 httpd-debuginfo-2.2.3-7.el5.x86_64.rpm
362d89be0fca8a6b1be5b46568dee0ff mod_ssl-2.2.3-7.el5.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-7.el5.src.rpm
ad994b03f478915b23379e3e341ee9ee httpd-2.2.3-7.el5.src.rpm
i386:
7324a7f15396905aa4f652abd6ae8997 httpd-debuginfo-2.2.3-7.el5.i386.rpm
4d771ee9d3cdd6d76cdb5d20ce4affde httpd-devel-2.2.3-7.el5.i386.rpm
78a2181238e9385797030f7fcb320f2f httpd-manual-2.2.3-7.el5.i386.rpm
x86_64:
7324a7f15396905aa4f652abd6ae8997 httpd-debuginfo-2.2.3-7.el5.i386.rpm
2c7da4cff9c7a6cd29b15f53a4bbc9d1 httpd-debuginfo-2.2.3-7.el5.x86_64.rpm
4d771ee9d3cdd6d76cdb5d20ce4affde httpd-devel-2.2.3-7.el5.i386.rpm
6d7976d018d99369fa452f55c8e36e16 httpd-devel-2.2.3-7.el5.x86_64.rpm
0881f41d5413aedce4e0d70b15d642a3 httpd-manual-2.2.3-7.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-7.el5.src.rpm
ad994b03f478915b23379e3e341ee9ee httpd-2.2.3-7.el5.src.rpm
i386:
74ee3f1249eb3d86fba24c83279b3445 httpd-2.2.3-7.el5.i386.rpm
7324a7f15396905aa4f652abd6ae8997 httpd-debuginfo-2.2.3-7.el5.i386.rpm
4d771ee9d3cdd6d76cdb5d20ce4affde httpd-devel-2.2.3-7.el5.i386.rpm
78a2181238e9385797030f7fcb320f2f httpd-manual-2.2.3-7.el5.i386.rpm
0c8fa982385e4b9588afc1070aece01f mod_ssl-2.2.3-7.el5.i386.rpm
ia64:
248a7a7327a1d08f178cc0db02a0477b httpd-2.2.3-7.el5.ia64.rpm
e1eaf23af2f3d28bbf249cdab8754219 httpd-debuginfo-2.2.3-7.el5.ia64.rpm
621cce79561aae4978f3332b48229e1d httpd-devel-2.2.3-7.el5.ia64.rpm
fece7006a9de5f39bafae7e39204f9ff httpd-manual-2.2.3-7.el5.ia64.rpm
d900b71ead1aa45770aa2da8a3d8f28f mod_ssl-2.2.3-7.el5.ia64.rpm
ppc:
19236403d523300c53abdfa46d84bd7b httpd-2.2.3-7.el5.ppc.rpm
48e8abf813d477093f52a92b9d59f2af httpd-debuginfo-2.2.3-7.el5.ppc.rpm
f0380ded67510e411ee68fee763bae71 httpd-debuginfo-2.2.3-7.el5.ppc64.rpm
c1d40be71634c12acbae45f45b2f5f40 httpd-devel-2.2.3-7.el5.ppc.rpm
02f42d084e9d2c55fd14a38970539367 httpd-devel-2.2.3-7.el5.ppc64.rpm
83caccb359054de19d8771e5f777d00b httpd-manual-2.2.3-7.el5.ppc.rpm
428fe3736e2e020b098564f3dca46b23 mod_ssl-2.2.3-7.el5.ppc.rpm
s390x:
71ff846b806df174796d7e04c52f6dc2 httpd-2.2.3-7.el5.s390x.rpm
dde4ea9a9d2f7ad8a00c948d54deae46 httpd-debuginfo-2.2.3-7.el5.s390.rpm
2bba5ffdfbd137d166e17abc950482fa httpd-debuginfo-2.2.3-7.el5.s390x.rpm
277d59988d338a6034ed6777aeac5457 httpd-devel-2.2.3-7.el5.s390.rpm
88fbf78dc487fd3c9f938709a6f65d48 httpd-devel-2.2.3-7.el5.s390x.rpm
737206e9ef81ebb8c931a24bd041d301 httpd-manual-2.2.3-7.el5.s390x.rpm
5fb8005049ed072357daefe5888a211a mod_ssl-2.2.3-7.el5.s390x.rpm
x86_64:
710457b901c4a0c06a6c976facbb415a httpd-2.2.3-7.el5.x86_64.rpm
7324a7f15396905aa4f652abd6ae8997 httpd-debuginfo-2.2.3-7.el5.i386.rpm
2c7da4cff9c7a6cd29b15f53a4bbc9d1 httpd-debuginfo-2.2.3-7.el5.x86_64.rpm
4d771ee9d3cdd6d76cdb5d20ce4affde httpd-devel-2.2.3-7.el5.i386.rpm
6d7976d018d99369fa452f55c8e36e16 httpd-devel-2.2.3-7.el5.x86_64.rpm
0881f41d5413aedce4e0d70b15d642a3 httpd-manual-2.2.3-7.el5.x86_64.rpm
362d89be0fca8a6b1be5b46568dee0ff mod_ssl-2.2.3-7.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGgS+AXlSAg2UNWIIRAt8qAKCdmBSfirMsEsXYAqvY19PfOy23rgCfTB1i
0gQRDxP6N0LBv4punjMehs4=
=lT7f
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: httpd security update
Advisory ID: RHSA-2007:0533-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0533.html
Issue date: 2007-06-27
Updated on: 2007-06-27
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-5752 CVE-2007-1863
- - ---------------------------------------------------------------------
1. Summary:
Updated Apache httpd packages that correct two security issues and two bugs
are now available for Red Hat Enterprise Linux 3.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
The Apache HTTP Server is a popular Web server.
A flaw was found in the Apache HTTP Server mod_status module. On sites
where the server-status page is publicly accessible and ExtendedStatus is
enabled this could lead to a cross-site scripting attack. On Red Hat
Enterprise Linux the server-status page is not enabled by default and it is
best practice to not make this publicly available. (CVE-2006-5752)
A flaw was found in the Apache HTTP Server mod_cache module. On sites where
caching is enabled, a remote attacker could send a carefully crafted
request that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)
In addition, two bugs were fixed:
* when the ProxyErrorOverride directive was enabled, responses with 3xx
status-codes would be overriden at the proxy. This has been changed so that
only 4xx and 5xx responses are overriden.
* the "ProxyTimeout" directive was not inherited across virtual host
definitions.
Users of httpd should upgrade to these updated packages, which contain
backported patches to correct these issues. Users should restart Apache
after installing this update.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
244638 - Reverse Proxy Unexpected Timeout
244639 - Mod_proxy_http ProxyErrorOverride eating cookies
244658 - CVE-2007-1863 httpd mod_cache segfault
245112 - CVE-2006-5752 httpd mod_status XSS
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-67.ent.src.rpm
752cf35caf437b66bce278f3dbe965ec httpd-2.0.46-67.ent.src.rpm
i386:
cf26962d30fb80724d4327189f480d03 httpd-2.0.46-67.ent.i386.rpm
0c43b31934bae94e23d6a0305d8c3cfa httpd-debuginfo-2.0.46-67.ent.i386.rpm
53383509096013b40eab93a493ca0677 httpd-devel-2.0.46-67.ent.i386.rpm
b8bd1fd07967369b4e9cd294dfc60303 mod_ssl-2.0.46-67.ent.i386.rpm
ia64:
22368c82bb9f17719208cba312fed8a4 httpd-2.0.46-67.ent.ia64.rpm
586f95c1dc12bff70d7da51f68fe4984 httpd-debuginfo-2.0.46-67.ent.ia64.rpm
9dc46eff2153fa16e6e890d0c878f08a httpd-devel-2.0.46-67.ent.ia64.rpm
ac9887d706b39e26afa06a25fe8aeddd mod_ssl-2.0.46-67.ent.ia64.rpm
ppc:
b6f72354d310d984701577d0bf9fe21e httpd-2.0.46-67.ent.ppc.rpm
b6f96f28d817efa7d64ed886626faeb4 httpd-debuginfo-2.0.46-67.ent.ppc.rpm
79421efb3bac965f1d1d42f2ecd587fd httpd-devel-2.0.46-67.ent.ppc.rpm
5555daa8851d8f19b0d7ea291824937c mod_ssl-2.0.46-67.ent.ppc.rpm
s390:
aa1fac151724bcbdc7cc26266804d867 httpd-2.0.46-67.ent.s390.rpm
d43a2a6d7d63141bd9f83bf51447acdd httpd-debuginfo-2.0.46-67.ent.s390.rpm
240fb805afe36629e0b69ec6466cd09e httpd-devel-2.0.46-67.ent.s390.rpm
32c84498d68f4dd528ed031cf833f79d mod_ssl-2.0.46-67.ent.s390.rpm
s390x:
65baca10f1d70707030d6e7a690fbe7a httpd-2.0.46-67.ent.s390x.rpm
00aa827986623dcf7f9bfea706a4bf7a httpd-debuginfo-2.0.46-67.ent.s390x.rpm
47bd31ecb8e45a5fdf4712f93bd818ad httpd-devel-2.0.46-67.ent.s390x.rpm
ee305ef3a339162e56f775b755d560a1 mod_ssl-2.0.46-67.ent.s390x.rpm
x86_64:
063145065e6c458c947456d17ea76416 httpd-2.0.46-67.ent.x86_64.rpm
707e2e0289a6e44636088b2bfe55b928 httpd-debuginfo-2.0.46-67.ent.x86_64.rpm
6e85e683643feae487f1db8c8d7d0a0f httpd-devel-2.0.46-67.ent.x86_64.rpm
dca190139d3f40c01d9be00edca58091 mod_ssl-2.0.46-67.ent.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-67.ent.src.rpm
752cf35caf437b66bce278f3dbe965ec httpd-2.0.46-67.ent.src.rpm
i386:
cf26962d30fb80724d4327189f480d03 httpd-2.0.46-67.ent.i386.rpm
0c43b31934bae94e23d6a0305d8c3cfa httpd-debuginfo-2.0.46-67.ent.i386.rpm
53383509096013b40eab93a493ca0677 httpd-devel-2.0.46-67.ent.i386.rpm
b8bd1fd07967369b4e9cd294dfc60303 mod_ssl-2.0.46-67.ent.i386.rpm
x86_64:
063145065e6c458c947456d17ea76416 httpd-2.0.46-67.ent.x86_64.rpm
707e2e0289a6e44636088b2bfe55b928 httpd-debuginfo-2.0.46-67.ent.x86_64.rpm
6e85e683643feae487f1db8c8d7d0a0f httpd-devel-2.0.46-67.ent.x86_64.rpm
dca190139d3f40c01d9be00edca58091 mod_ssl-2.0.46-67.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-67.ent.src.rpm
752cf35caf437b66bce278f3dbe965ec httpd-2.0.46-67.ent.src.rpm
i386:
cf26962d30fb80724d4327189f480d03 httpd-2.0.46-67.ent.i386.rpm
0c43b31934bae94e23d6a0305d8c3cfa httpd-debuginfo-2.0.46-67.ent.i386.rpm
53383509096013b40eab93a493ca0677 httpd-devel-2.0.46-67.ent.i386.rpm
b8bd1fd07967369b4e9cd294dfc60303 mod_ssl-2.0.46-67.ent.i386.rpm
ia64:
22368c82bb9f17719208cba312fed8a4 httpd-2.0.46-67.ent.ia64.rpm
586f95c1dc12bff70d7da51f68fe4984 httpd-debuginfo-2.0.46-67.ent.ia64.rpm
9dc46eff2153fa16e6e890d0c878f08a httpd-devel-2.0.46-67.ent.ia64.rpm
ac9887d706b39e26afa06a25fe8aeddd mod_ssl-2.0.46-67.ent.ia64.rpm
x86_64:
063145065e6c458c947456d17ea76416 httpd-2.0.46-67.ent.x86_64.rpm
707e2e0289a6e44636088b2bfe55b928 httpd-debuginfo-2.0.46-67.ent.x86_64.rpm
6e85e683643feae487f1db8c8d7d0a0f httpd-devel-2.0.46-67.ent.x86_64.rpm
dca190139d3f40c01d9be00edca58091 mod_ssl-2.0.46-67.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-67.ent.src.rpm
752cf35caf437b66bce278f3dbe965ec httpd-2.0.46-67.ent.src.rpm
i386:
cf26962d30fb80724d4327189f480d03 httpd-2.0.46-67.ent.i386.rpm
0c43b31934bae94e23d6a0305d8c3cfa httpd-debuginfo-2.0.46-67.ent.i386.rpm
53383509096013b40eab93a493ca0677 httpd-devel-2.0.46-67.ent.i386.rpm
b8bd1fd07967369b4e9cd294dfc60303 mod_ssl-2.0.46-67.ent.i386.rpm
ia64:
22368c82bb9f17719208cba312fed8a4 httpd-2.0.46-67.ent.ia64.rpm
586f95c1dc12bff70d7da51f68fe4984 httpd-debuginfo-2.0.46-67.ent.ia64.rpm
9dc46eff2153fa16e6e890d0c878f08a httpd-devel-2.0.46-67.ent.ia64.rpm
ac9887d706b39e26afa06a25fe8aeddd mod_ssl-2.0.46-67.ent.ia64.rpm
x86_64:
063145065e6c458c947456d17ea76416 httpd-2.0.46-67.ent.x86_64.rpm
707e2e0289a6e44636088b2bfe55b928 httpd-debuginfo-2.0.46-67.ent.x86_64.rpm
6e85e683643feae487f1db8c8d7d0a0f httpd-devel-2.0.46-67.ent.x86_64.rpm
dca190139d3f40c01d9be00edca58091 mod_ssl-2.0.46-67.ent.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGgnqJXlSAg2UNWIIRAnPlAKCQDSyZrYjS2F9gL9jBneVcH1H7rwCeN2ra
EF53eIzo/V2dgN4/cjcVliM=
=9nFH
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: httpd security update
Advisory ID: RHSA-2007:0557-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0557.html
Issue date: 2007-07-13
Updated on: 2007-07-13
Product: Red Hat Application Stack
CVE Names: CVE-2006-5752 CVE-2007-1863 CVE-2007-3304
- - ---------------------------------------------------------------------
1. Summary:
Updated Apache httpd packages that correct two security issues are now
available for Red Hat Application Stack.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64
3. Problem description:
The Apache HTTP Server is a popular Web server.
A flaw was found in the Apache HTTP Server mod_status module. On sites
where the server-status page is publicly accessible and ExtendedStatus is
enabled, this flaw could lead to a cross-site scripting attack. On Red Hat
Enterprise Linux, the server-status page is not enabled by default and it
is best practice to not make this publicly available. (CVE-2006-5752)
A bug was found in the Apache HTTP Server mod_cache module. On sites where
caching is enabled, a remote attacker could send a carefully crafted
request that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to run
scripts on the Apache HTTP Server could manipulate the scoreboard and cause
arbitrary processes to be terminated which could lead to a denial of
service. (CVE-2007-3304).
Users of httpd should upgrade to these updated packages, which contain
backported patches to correct these issues. Users should restart Apache
after installing this update.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
244658 - CVE-2007-1863 httpd mod_cache segfault
245112 - CVE-2006-5752 httpd mod_status XSS
6. RPMs required:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4):
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/httpd-2.0.59-1.el4s1.7.src.rpm
ba3642a4c124090b5e7ea8a90294fa23 httpd-2.0.59-1.el4s1.7.src.rpm
i386:
44e247bfcdceaaa6e59009925d13129d httpd-2.0.59-1.el4s1.7.i386.rpm
a4bbcf0b9e6f5649942347d5fb4f41ab httpd-debuginfo-2.0.59-1.el4s1.7.i386.rpm
486ef1d5da37f178eedea70abd82a4f5 httpd-devel-2.0.59-1.el4s1.7.i386.rpm
33389202046b9651e3a35da1bc0091d9 httpd-manual-2.0.59-1.el4s1.7.i386.rpm
beae81006d90d0187e31275030051a73 mod_ssl-2.0.59-1.el4s1.7.i386.rpm
x86_64:
b78c01f55bdecc83ed40084eae41e5f3 httpd-2.0.59-1.el4s1.7.x86_64.rpm
389b87bb05f5cde1141297a309676a20 httpd-debuginfo-2.0.59-1.el4s1.7.x86_64.rpm
2968024dee972275e73da19815030cc5 httpd-devel-2.0.59-1.el4s1.7.x86_64.rpm
405428ee9039e797350cbbca2dfbd6fb httpd-manual-2.0.59-1.el4s1.7.x86_64.rpm
a1a9fbe7e8e4ec4082b47320a520091f mod_ssl-2.0.59-1.el4s1.7.x86_64.rpm
Red Hat Application Stack v1 for Enterprise Linux ES (v.4):
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/httpd-2.0.59-1.el4s1.7.src.rpm
ba3642a4c124090b5e7ea8a90294fa23 httpd-2.0.59-1.el4s1.7.src.rpm
i386:
44e247bfcdceaaa6e59009925d13129d httpd-2.0.59-1.el4s1.7.i386.rpm
a4bbcf0b9e6f5649942347d5fb4f41ab httpd-debuginfo-2.0.59-1.el4s1.7.i386.rpm
486ef1d5da37f178eedea70abd82a4f5 httpd-devel-2.0.59-1.el4s1.7.i386.rpm
33389202046b9651e3a35da1bc0091d9 httpd-manual-2.0.59-1.el4s1.7.i386.rpm
beae81006d90d0187e31275030051a73 mod_ssl-2.0.59-1.el4s1.7.i386.rpm
x86_64:
b78c01f55bdecc83ed40084eae41e5f3 httpd-2.0.59-1.el4s1.7.x86_64.rpm
389b87bb05f5cde1141297a309676a20 httpd-debuginfo-2.0.59-1.el4s1.7.x86_64.rpm
2968024dee972275e73da19815030cc5 httpd-devel-2.0.59-1.el4s1.7.x86_64.rpm
405428ee9039e797350cbbca2dfbd6fb httpd-manual-2.0.59-1.el4s1.7.x86_64.rpm
a1a9fbe7e8e4ec4082b47320a520091f mod_ssl-2.0.59-1.el4s1.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGlyw9XlSAg2UNWIIRAlmsAKCgFiBOqda2VjFYxJTQxY+/mWQuXwCghJ9p
4TvGhz6dYnBUWDCLtzYf0ds=
=WkE5
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: httpd security update
Advisory ID: RHSA-2007:0662-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0662.html
Issue date: 2007-07-13
Updated on: 2007-07-13
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-3304
- - ---------------------------------------------------------------------
1. Summary:
Updated Apache httpd packages that correct a security issue are now
available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The Apache HTTP Server is a popular Web server.
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to run
scripts on the Apache HTTP Server could manipulate the scoreboard and cause
arbitrary processes to be terminated which could lead to a denial of
service. (CVE-2007-3304).
Users of httpd should upgrade to these updated packages, which contain
backported patches to correct this issue. Users should restart Apache
after installing this update.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
245111 - CVE-2007-3304 httpd scoreboard lack of PID protection
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-68.ent.src.rpm
04de0fb255872ee653842ca34316ad31 httpd-2.0.46-68.ent.src.rpm
i386:
45c45a284cdab73aeebb862525f2ede7 httpd-2.0.46-68.ent.i386.rpm
bad211e4329922e6ec4c3084c155587d httpd-debuginfo-2.0.46-68.ent.i386.rpm
7de1d694f50b018a3ef0c75d82239935 httpd-devel-2.0.46-68.ent.i386.rpm
8ed0d653d5a77352750851fd7a1bf31f mod_ssl-2.0.46-68.ent.i386.rpm
ia64:
926247832f94dfd72401b05f525f2e20 httpd-2.0.46-68.ent.ia64.rpm
a40731fb4e87bf735fcd5bb647b0cf16 httpd-debuginfo-2.0.46-68.ent.ia64.rpm
47168f2b3cb197eec527331e166e0a48 httpd-devel-2.0.46-68.ent.ia64.rpm
87477843557016c9c84f34c68500175d mod_ssl-2.0.46-68.ent.ia64.rpm
ppc:
42f51fe41d491ace05c74ca17d78fe46 httpd-2.0.46-68.ent.ppc.rpm
c0ec46f9857bdc714e8f966e15897a37 httpd-debuginfo-2.0.46-68.ent.ppc.rpm
a09210d5c9e0912f6299ad1c5f4c0bec httpd-devel-2.0.46-68.ent.ppc.rpm
0e4dfbe87cabee593054d7ca4627073b mod_ssl-2.0.46-68.ent.ppc.rpm
s390:
558efe236ba18cf1cebe60bfc9a356f9 httpd-2.0.46-68.ent.s390.rpm
a1ed197ac28cabc678b0b232fedba518 httpd-debuginfo-2.0.46-68.ent.s390.rpm
a908d0d57a07d7e574c8aeda7e0dc8d1 httpd-devel-2.0.46-68.ent.s390.rpm
b8b21f7acd5fd8e277d0b2261dbba9d1 mod_ssl-2.0.46-68.ent.s390.rpm
s390x:
988d27fe858348482b019927bc5db50a httpd-2.0.46-68.ent.s390x.rpm
f8f60b0a404a7121b53c06770444aea8 httpd-debuginfo-2.0.46-68.ent.s390x.rpm
0dadb504ce4aea5a65e97530d91f01f4 httpd-devel-2.0.46-68.ent.s390x.rpm
5f64f5d1510bff857dbd6e2e2a1ec221 mod_ssl-2.0.46-68.ent.s390x.rpm
x86_64:
5e2133732637c3d68f5c18159689cd5a httpd-2.0.46-68.ent.x86_64.rpm
92616d06d35472e3514e28a35d6071d5 httpd-debuginfo-2.0.46-68.ent.x86_64.rpm
305cbfae95e99237871c54f74a92ee4b httpd-devel-2.0.46-68.ent.x86_64.rpm
7b617b1877d5c84d54b619fda1da2c6e mod_ssl-2.0.46-68.ent.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-68.ent.src.rpm
04de0fb255872ee653842ca34316ad31 httpd-2.0.46-68.ent.src.rpm
i386:
45c45a284cdab73aeebb862525f2ede7 httpd-2.0.46-68.ent.i386.rpm
bad211e4329922e6ec4c3084c155587d httpd-debuginfo-2.0.46-68.ent.i386.rpm
7de1d694f50b018a3ef0c75d82239935 httpd-devel-2.0.46-68.ent.i386.rpm
8ed0d653d5a77352750851fd7a1bf31f mod_ssl-2.0.46-68.ent.i386.rpm
x86_64:
5e2133732637c3d68f5c18159689cd5a httpd-2.0.46-68.ent.x86_64.rpm
92616d06d35472e3514e28a35d6071d5 httpd-debuginfo-2.0.46-68.ent.x86_64.rpm
305cbfae95e99237871c54f74a92ee4b httpd-devel-2.0.46-68.ent.x86_64.rpm
7b617b1877d5c84d54b619fda1da2c6e mod_ssl-2.0.46-68.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-68.ent.src.rpm
04de0fb255872ee653842ca34316ad31 httpd-2.0.46-68.ent.src.rpm
i386:
45c45a284cdab73aeebb862525f2ede7 httpd-2.0.46-68.ent.i386.rpm
bad211e4329922e6ec4c3084c155587d httpd-debuginfo-2.0.46-68.ent.i386.rpm
7de1d694f50b018a3ef0c75d82239935 httpd-devel-2.0.46-68.ent.i386.rpm
8ed0d653d5a77352750851fd7a1bf31f mod_ssl-2.0.46-68.ent.i386.rpm
ia64:
926247832f94dfd72401b05f525f2e20 httpd-2.0.46-68.ent.ia64.rpm
a40731fb4e87bf735fcd5bb647b0cf16 httpd-debuginfo-2.0.46-68.ent.ia64.rpm
47168f2b3cb197eec527331e166e0a48 httpd-devel-2.0.46-68.ent.ia64.rpm
87477843557016c9c84f34c68500175d mod_ssl-2.0.46-68.ent.ia64.rpm
x86_64:
5e2133732637c3d68f5c18159689cd5a httpd-2.0.46-68.ent.x86_64.rpm
92616d06d35472e3514e28a35d6071d5 httpd-debuginfo-2.0.46-68.ent.x86_64.rpm
305cbfae95e99237871c54f74a92ee4b httpd-devel-2.0.46-68.ent.x86_64.rpm
7b617b1877d5c84d54b619fda1da2c6e mod_ssl-2.0.46-68.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-68.ent.src.rpm
04de0fb255872ee653842ca34316ad31 httpd-2.0.46-68.ent.src.rpm
i386:
45c45a284cdab73aeebb862525f2ede7 httpd-2.0.46-68.ent.i386.rpm
bad211e4329922e6ec4c3084c155587d httpd-debuginfo-2.0.46-68.ent.i386.rpm
7de1d694f50b018a3ef0c75d82239935 httpd-devel-2.0.46-68.ent.i386.rpm
8ed0d653d5a77352750851fd7a1bf31f mod_ssl-2.0.46-68.ent.i386.rpm
ia64:
926247832f94dfd72401b05f525f2e20 httpd-2.0.46-68.ent.ia64.rpm
a40731fb4e87bf735fcd5bb647b0cf16 httpd-debuginfo-2.0.46-68.ent.ia64.rpm
47168f2b3cb197eec527331e166e0a48 httpd-devel-2.0.46-68.ent.ia64.rpm
87477843557016c9c84f34c68500175d mod_ssl-2.0.46-68.ent.ia64.rpm
x86_64:
5e2133732637c3d68f5c18159689cd5a httpd-2.0.46-68.ent.x86_64.rpm
92616d06d35472e3514e28a35d6071d5 httpd-debuginfo-2.0.46-68.ent.x86_64.rpm
305cbfae95e99237871c54f74a92ee4b httpd-devel-2.0.46-68.ent.x86_64.rpm
7b617b1877d5c84d54b619fda1da2c6e mod_ssl-2.0.46-68.ent.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-32.3.ent.src.rpm
98d72890a6b6ca504b3a4117b39a9cb8 httpd-2.0.52-32.3.ent.src.rpm
i386:
3d49e62ddef5e26af310e695e1c85942 httpd-2.0.52-32.3.ent.i386.rpm
5c9d1e61a6dce01cf4a0ea0a8f13aaeb httpd-debuginfo-2.0.52-32.3.ent.i386.rpm
7cd552fd590b098795e96eb44a319a24 httpd-devel-2.0.52-32.3.ent.i386.rpm
b6b8a6a9aeda14dcc1e1002ae75ff166 httpd-manual-2.0.52-32.3.ent.i386.rpm
259e29621f37bc98f7414459a6d0a7ba httpd-suexec-2.0.52-32.3.ent.i386.rpm
acaeb0a82c710af77ff3948736774a27 mod_ssl-2.0.52-32.3.ent.i386.rpm
ia64:
6e7bf610578b828450e32e23855f180a httpd-2.0.52-32.3.ent.ia64.rpm
e6311ddc9e353a3ff905120d3d9dab2a httpd-debuginfo-2.0.52-32.3.ent.ia64.rpm
fa6524d8755fbe467f4b122c1fc5d105 httpd-devel-2.0.52-32.3.ent.ia64.rpm
f073506a8dda759b9d806c4ff2ff7d28 httpd-manual-2.0.52-32.3.ent.ia64.rpm
f127172ad25744bcb4584240aa2e3484 httpd-suexec-2.0.52-32.3.ent.ia64.rpm
b5e97f1a2ae1da9fa04ae6af00766f1d mod_ssl-2.0.52-32.3.ent.ia64.rpm
ppc:
cb7e74df0b687d41515c00aa6c2f7f20 httpd-2.0.52-32.3.ent.ppc.rpm
be4924f953a80558ad60969382414d2b httpd-debuginfo-2.0.52-32.3.ent.ppc.rpm
46d384d93a7001f25c11f934d25afdbe httpd-devel-2.0.52-32.3.ent.ppc.rpm
6473cc4f012c92370f94b14c461c5939 httpd-manual-2.0.52-32.3.ent.ppc.rpm
95257fffaee90696acc675000f2534cd httpd-suexec-2.0.52-32.3.ent.ppc.rpm
82e75075008ad95c8069354f968bf4ec mod_ssl-2.0.52-32.3.ent.ppc.rpm
s390:
304dae15da3cb2f2b1a88bca696ab205 httpd-2.0.52-32.3.ent.s390.rpm
71eced2b9f805c347c3103a0d3062c7f httpd-debuginfo-2.0.52-32.3.ent.s390.rpm
ce3b6afc7f6f6d55fe72fa70141c4204 httpd-devel-2.0.52-32.3.ent.s390.rpm
27ce295c7088caeb41a9431653c0e778 httpd-manual-2.0.52-32.3.ent.s390.rpm
55c10fb0b5242f499300f793fb17f650 httpd-suexec-2.0.52-32.3.ent.s390.rpm
df04d6a0aa1b49e02fb72030cd3d538c mod_ssl-2.0.52-32.3.ent.s390.rpm
s390x:
5581919570c0644978581fab6fa5ed12 httpd-2.0.52-32.3.ent.s390x.rpm
26d74722b0622e9862115111a72e77e2 httpd-debuginfo-2.0.52-32.3.ent.s390x.rpm
e33cf6da4e4a25d4ebe58f73d39be7fa httpd-devel-2.0.52-32.3.ent.s390x.rpm
f8692011da91875de1195449c7fce3b8 httpd-manual-2.0.52-32.3.ent.s390x.rpm
edca1601a6d67a4c586d674f384a8742 httpd-suexec-2.0.52-32.3.ent.s390x.rpm
92f65dcb29479c9c10eb8aeaaef6e900 mod_ssl-2.0.52-32.3.ent.s390x.rpm
x86_64:
6e2eefa4b8cc1ab593792107718256af httpd-2.0.52-32.3.ent.x86_64.rpm
87c9dd6919e674f477377c25fe5e0376 httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm
92ec83cb5f718fdcfe430e61662bcfae httpd-devel-2.0.52-32.3.ent.x86_64.rpm
d134b7e7091f1be16435cd76241bf6d9 httpd-manual-2.0.52-32.3.ent.x86_64.rpm
ea93db5243587f9e2043fa4f0b109224 httpd-suexec-2.0.52-32.3.ent.x86_64.rpm
5de43b0430642a8c1ac2d900db03a58c mod_ssl-2.0.52-32.3.ent.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-32.3.ent.src.rpm
98d72890a6b6ca504b3a4117b39a9cb8 httpd-2.0.52-32.3.ent.src.rpm
i386:
3d49e62ddef5e26af310e695e1c85942 httpd-2.0.52-32.3.ent.i386.rpm
5c9d1e61a6dce01cf4a0ea0a8f13aaeb httpd-debuginfo-2.0.52-32.3.ent.i386.rpm
7cd552fd590b098795e96eb44a319a24 httpd-devel-2.0.52-32.3.ent.i386.rpm
b6b8a6a9aeda14dcc1e1002ae75ff166 httpd-manual-2.0.52-32.3.ent.i386.rpm
259e29621f37bc98f7414459a6d0a7ba httpd-suexec-2.0.52-32.3.ent.i386.rpm
acaeb0a82c710af77ff3948736774a27 mod_ssl-2.0.52-32.3.ent.i386.rpm
x86_64:
6e2eefa4b8cc1ab593792107718256af httpd-2.0.52-32.3.ent.x86_64.rpm
87c9dd6919e674f477377c25fe5e0376 httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm
92ec83cb5f718fdcfe430e61662bcfae httpd-devel-2.0.52-32.3.ent.x86_64.rpm
d134b7e7091f1be16435cd76241bf6d9 httpd-manual-2.0.52-32.3.ent.x86_64.rpm
ea93db5243587f9e2043fa4f0b109224 httpd-suexec-2.0.52-32.3.ent.x86_64.rpm
5de43b0430642a8c1ac2d900db03a58c mod_ssl-2.0.52-32.3.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-32.3.ent.src.rpm
98d72890a6b6ca504b3a4117b39a9cb8 httpd-2.0.52-32.3.ent.src.rpm
i386:
3d49e62ddef5e26af310e695e1c85942 httpd-2.0.52-32.3.ent.i386.rpm
5c9d1e61a6dce01cf4a0ea0a8f13aaeb httpd-debuginfo-2.0.52-32.3.ent.i386.rpm
7cd552fd590b098795e96eb44a319a24 httpd-devel-2.0.52-32.3.ent.i386.rpm
b6b8a6a9aeda14dcc1e1002ae75ff166 httpd-manual-2.0.52-32.3.ent.i386.rpm
259e29621f37bc98f7414459a6d0a7ba httpd-suexec-2.0.52-32.3.ent.i386.rpm
acaeb0a82c710af77ff3948736774a27 mod_ssl-2.0.52-32.3.ent.i386.rpm
ia64:
6e7bf610578b828450e32e23855f180a httpd-2.0.52-32.3.ent.ia64.rpm
e6311ddc9e353a3ff905120d3d9dab2a httpd-debuginfo-2.0.52-32.3.ent.ia64.rpm
fa6524d8755fbe467f4b122c1fc5d105 httpd-devel-2.0.52-32.3.ent.ia64.rpm
f073506a8dda759b9d806c4ff2ff7d28 httpd-manual-2.0.52-32.3.ent.ia64.rpm
f127172ad25744bcb4584240aa2e3484 httpd-suexec-2.0.52-32.3.ent.ia64.rpm
b5e97f1a2ae1da9fa04ae6af00766f1d mod_ssl-2.0.52-32.3.ent.ia64.rpm
x86_64:
6e2eefa4b8cc1ab593792107718256af httpd-2.0.52-32.3.ent.x86_64.rpm
87c9dd6919e674f477377c25fe5e0376 httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm
92ec83cb5f718fdcfe430e61662bcfae httpd-devel-2.0.52-32.3.ent.x86_64.rpm
d134b7e7091f1be16435cd76241bf6d9 httpd-manual-2.0.52-32.3.ent.x86_64.rpm
ea93db5243587f9e2043fa4f0b109224 httpd-suexec-2.0.52-32.3.ent.x86_64.rpm
5de43b0430642a8c1ac2d900db03a58c mod_ssl-2.0.52-32.3.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-32.3.ent.src.rpm
98d72890a6b6ca504b3a4117b39a9cb8 httpd-2.0.52-32.3.ent.src.rpm
i386:
3d49e62ddef5e26af310e695e1c85942 httpd-2.0.52-32.3.ent.i386.rpm
5c9d1e61a6dce01cf4a0ea0a8f13aaeb httpd-debuginfo-2.0.52-32.3.ent.i386.rpm
7cd552fd590b098795e96eb44a319a24 httpd-devel-2.0.52-32.3.ent.i386.rpm
b6b8a6a9aeda14dcc1e1002ae75ff166 httpd-manual-2.0.52-32.3.ent.i386.rpm
259e29621f37bc98f7414459a6d0a7ba httpd-suexec-2.0.52-32.3.ent.i386.rpm
acaeb0a82c710af77ff3948736774a27 mod_ssl-2.0.52-32.3.ent.i386.rpm
ia64:
6e7bf610578b828450e32e23855f180a httpd-2.0.52-32.3.ent.ia64.rpm
e6311ddc9e353a3ff905120d3d9dab2a httpd-debuginfo-2.0.52-32.3.ent.ia64.rpm
fa6524d8755fbe467f4b122c1fc5d105 httpd-devel-2.0.52-32.3.ent.ia64.rpm
f073506a8dda759b9d806c4ff2ff7d28 httpd-manual-2.0.52-32.3.ent.ia64.rpm
f127172ad25744bcb4584240aa2e3484 httpd-suexec-2.0.52-32.3.ent.ia64.rpm
b5e97f1a2ae1da9fa04ae6af00766f1d mod_ssl-2.0.52-32.3.ent.ia64.rpm
x86_64:
6e2eefa4b8cc1ab593792107718256af httpd-2.0.52-32.3.ent.x86_64.rpm
87c9dd6919e674f477377c25fe5e0376 httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm
92ec83cb5f718fdcfe430e61662bcfae httpd-devel-2.0.52-32.3.ent.x86_64.rpm
d134b7e7091f1be16435cd76241bf6d9 httpd-manual-2.0.52-32.3.ent.x86_64.rpm
ea93db5243587f9e2043fa4f0b109224 httpd-suexec-2.0.52-32.3.ent.x86_64.rpm
5de43b0430642a8c1ac2d900db03a58c mod_ssl-2.0.52-32.3.ent.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGlzHyXlSAg2UNWIIRAiB3AKCRf+MAPjGBveIANDueO2oYfrrluwCfVXBq
u4aaozmmRnyJBnRx0AQXeMg=
=JYjx
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRpsMXyh9+71yA2DNAQKqTgP+JqiYNLHm+8RE4YeaiWVewpyXkSxfJ6K1
tjQ1mgzAjyheUjx20FzG9WdD8O811RQ14WcR3AKOqE0fuIBFIsRUEF+W17R96rMr
h6swD3IaAokaR6dnY95qfiCUZEdLOdy6o7g3D9ofL8xBzrOoC0Dcdw91ro1Cnj18
CZg9yrfSqP8=
=FLbt
-----END PGP SIGNATURE-----
|