Date: 30 October 2000
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2000.317 -- RHSA-2000:095-02
Updated Secure Web Server packages now available
30 October 2000
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Red Hat Secure Web Server 3.2
Vendor: Red Hat
Operating System: Red Hat Linux
Platform: i386
Impact: Reduced Security
- --------------------------BEGIN INCLUDED TEXT--------------------
- ---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Updated Secure Web Server packages now available
Advisory ID: RHSA-2000:095-02
Issue date: 2000-10-26
Updated on: 2000-10-27
Product: Red Hat Secure Web Server
Keywords: mod_rewrite apache
Cross references: N/A
- ---------------------------------------------------------------------
1. Topic:
Updated Secure Web Server packages are now available for users of Secure
Web Server 3.2.
2. Relevant releases/architectures:
Red Hat Secure Web Server 3.2 - i386
3. Problem description:
Security bugs in versions of Apache prior to 1.3.14 also affect Secure Web
Server. A new release which incorporates 1.3.14 is now available.
4. Solution:
Some of these files are distributed in rhmask format and may only be used
by individuals who have purchased Red Hat Linux 6.2 Professional.
To produce installable RPM files from the rhmask files, retrieve the rhmask
files via ftp and type the following:
rhmask secureweb-3.2-12.i386.rpm secureweb-3.2.2-4.i386.rpm.rhmask
The original RPM is located only on your Secure Web Server CD, and cannot
be obtained via the Internet. Note: if you do not have the original RPM
located in the same directory as the rhmask file, you will need to prefix
the name of the RPM with the full path name to its location (i.e. on your
installation CD).
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM package.
To restart your Secure Web Server, type the following:
/etc/rc.d/init.d/httpsd restart
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
14147 - The conf directive "SSLOptions +StdEnvVars" for mod_ssl will cause every request to seg fault.
6. RPMs required:
Red Hat Secure Web Server 3.2:
i386:
ftp://updates.redhat.com/secureweb/3.2/i386/secureweb-3.2.2-4.i386.rpm.rhmask
ftp://updates.redhat.com/secureweb/3.2/i386/secureweb-devel-3.2.2-4.i386.rpm
ftp://updates.redhat.com/secureweb/3.2/i386/secureweb-manual-3.2.2-4.i386.rpm
sources:
ftp://updates.redhat.com/secureweb/3.2/SRPMS/secureweb-3.2.2-4.nosrc.rpm
7. Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
a533394b1954f9993b6dcce7469b52bd 3.2/SRPMS/secureweb-3.2.2-4.nosrc.rpm
49053e9a8e79abc362fcc1d3be4d3d88 3.2/i386/secureweb-3.2.2-4.i386.rpm.rhmask
d1002f61eef8a77373735ebb60d2d57c 3.2/i386/secureweb-devel-3.2.2-4.i386.rpm
67e1be0a09f2555e145441a9327d9be6 3.2/i386/secureweb-manual-3.2.2-4.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
N/A
Copyright(c) 2000 Red Hat, Inc.
- --------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBOlSNICh9+71yA2DNAQFH0wP/dRSlPAi5tUhH++EGWOgo1qxuelArvLUh
WXNyTBo4XrI0ibQhFLXNHnSj5zswbb6pPy86ukN7rBG1Dc5kexpzsofFSzvZuCY1
jbDZBP5sct+f6d+gAUA/xg/v+zbSO6MXi0jAlG/tIMH3g80VxLSiO2rH7jZlKtrq
kgqUcvUQcYI=
=U85/
-----END PGP SIGNATURE-----
|