Security bugfix for package Apache
Knowledgebase
(Last modified: 19JUN2002)
solutions Security bugfix for package Apache SuSE Linux Maintenance Web (5c07dee804dd971217d00b385e8c6a6c)
SuSE Linux Enterprise Server 7 for PowerPC
SuSE Linux Enterprise Server 7 for IA32
SuSE Linux Enterprise Server 7 for IA64
SuSE Linux Enterprise Server 7 for S/390 and zSeries
SuSE Linux Connectivity Server
Package: apache
mod_ssl
Release: 20020619
Obsoletes: none
Previous versions of the Apache web server did not properly detect incorrectly encoded chunks, which caused a buffer overflow on the stack. On 32bit architectures, this overflow cannot be exploited to inject code into the
httpd
process and gain access to the machine, because the overflow will always result in a segmentation fault and the process will terminate.On 64bit architectures, it may be possible for an attacker to a exploit the buffer overflow to execute arbitary code with the privileges of the
httpd
process (user wwwrun
on SuSE Linux.)For additional information, please refer to
http://httpd.apache.org/info/security_bulletin_20020617.txt
rpm --nodeps -Fvh apache.rpm mod_ssl.rpm
If you have modified the configuration file
/etc/httpd/httpd.conf
, upgrading will backup this file to /etc/httpd/httpd.conf.rpmsave
. If this is the case, make sure to restore this backup file. Finally, restart the web server using/usr/sbin/rcapache restart
Download Source Packages
Download the source code of the patches for maintained products.
Disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.