Skip to navigation

Security Advisory Updated apache packages available

Advisory: RHSA-2001:126-29
Type: Security Advisory
Severity: N/A
Issued on: 2001-10-09
Last updated on: 2002-01-15
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
Red Hat Linux 7.1
Red Hat Linux 7.2
CVEs (cve.mitre.org): CVE-2001-0730
CVE-2001-0731

Details

Updated Apache packages are now available for Red Hat Linux 6.2, 7, 7.1,
and 7.2. These packages upgrade the Apache Web server to version 1.3.22,
which closes a potential security bug which would present clients with a
listing of the contents of a directory instead of the contents of an index
file, or in case of an error, the error message.

By using a carefully constructed HTTP request, a server with
mod_negotiation and either mod_dir or mod_autoindex loaded could be tricked
into displaying a listing of the contents of a directory, despite the
presence of an index file.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2001-0730, and CAN-2001-0731 to these
issues.


Solution

Note: The updated apache (and apache-devel) packages for Red Hat Linux 7,
7.1, and 7.2 require installation of mm and expat (as well as mm-devel and
expat-devel for apache-devel). Because mm and expat were not previously
released for Red Hat Linux 7, and mm was not previously released for Red
Hat Linux 7.1, they will need to either be installed simultaneously with or
before the apache packages.

Before applying this update, make sure all previously released errata
relevant to your system have been applied. Users of Red Hat Linux 7 and
7.1 will find that the mod_bandwidth, mod_put, and mod_throttle packages
are now built as separate packages, and that they will need to manually
install these packages as well.

To update all other RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Users of Red Hat Linux 7 will find that these updates enable the suexec
feature by default, which was not the case in previous versions of this
package. Administrators who have configured their servers to run CGI
scripts from user home directories should read the suexec documentation
included in the apache-manual package.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 6.2

SRPMS:
apache-1.3.22-0.6.src.rpm
File outdated by:  RHSA-2002:222
    MD5: bc9a7598e452fd0a5e2b05173216ef81
 
Alpha:
apache-1.3.22-0.6.alpha.rpm
File outdated by:  RHSA-2002:222
    MD5: a181a9ffff1759abbf42e05c824ddb2f
apache-devel-1.3.22-0.6.alpha.rpm
File outdated by:  RHSA-2002:222
    MD5: 3360fda64d65cbf60a8634e7991e5a6d
apache-manual-1.3.22-0.6.alpha.rpm
File outdated by:  RHSA-2002:222
    MD5: f045b315ecc6a11e23131fa86e2d0a72
 
IA-32:
apache-1.3.22-0.6.i386.rpm
File outdated by:  RHSA-2002:222
    MD5: dc567a3074e237efd73622596dfc2c13
apache-devel-1.3.22-0.6.i386.rpm
File outdated by:  RHSA-2002:222
    MD5: 36b1dd6f65c83f3c47326ae976567ce3
apache-manual-1.3.22-0.6.i386.rpm
File outdated by:  RHSA-2002:222
    MD5: 13d4d3822f4b2de1f198d5bc24884a8a
 
Sparc:
apache-1.3.22-0.6.sparc.rpm
File outdated by:  RHSA-2002:222
    MD5: ef85d7e0d44abd776d4b76a75553cc86
apache-devel-1.3.22-0.6.sparc.rpm
File outdated by:  RHSA-2002:222
    MD5: 4eb62d0355f51df33e62ea6647a061ec
apache-manual-1.3.22-0.6.sparc.rpm
File outdated by:  RHSA-2002:222
    MD5: 7138fb9b44085ee557d291c081e46d3c
 
Red Hat Linux 7.0

SRPMS:
apache-1.3.22-1.7.1.src.rpm
File outdated by:  RHSA-2002:222
    MD5: 5cf136a2bfb482501254fa6630f9e6e8
ftp://updates.redhat.com/rhn/repository/NULL/expat/1.95.1-1/SRPMS/expat-1.95.1-1.src.rpm
Missing file
    MD5: d0cbe11cfd0c2fad460d749a4afadf8f
mm-1.1.3-2.src.rpm
File outdated by:  RHBA-2002:273
    MD5: 85f0ff3830d540a3235e2d7471ca2e27
ftp://updates.redhat.com/rhn/repository/NULL/mod_bandwidth/2.0.3-2/SRPMS/mod_bandwidth-2.0.3-2.src.rpm
Missing file
    MD5: 9cd99798f41854041ed50e5c2b9c9d4a
ftp://updates.redhat.com/rhn/repository/NULL/mod_put/1.3-2/SRPMS/mod_put-1.3-2.src.rpm
Missing file
    MD5: 392c6c20c9ca7d5ad437b91ea08bac2a
mod_ssl-2.8.5-0.7.src.rpm
File outdated by:  RHSA-2002:222
    MD5: 4d9b105c543162987b6a0755080e73b1
ftp://updates.redhat.com/rhn/repository/NULL/mod_throttle/3.1.2-3/SRPMS/mod_throttle-3.1.2-3.src.rpm
Missing file
    MD5: 15398a5663f14b8e5babbb5309d6739c
 
Alpha:
apache-1.3.22-1.7.1.alpha.rpm
File outdated by:  RHSA-2002:222
    MD5: 8f8ea759a9ff2d61c60104ee9b3edc09
apache-devel-1.3.22-1.7.1.alpha.rpm
File outdated by:  RHSA-2002:222
    MD5: ea3bd3c37081fd9a303c8f656a31b52f
apache-manual-1.3.22-1.7.1.alpha.rpm
File outdated by:  RHSA-2002:222
    MD5: e6f023bd016b75e40e390b2cdf5fe77f
ftp://updates.redhat.com/rhn/repository/NULL/expat/1.95.1-1/alpha/expat-1.95.1-1.alpha.rpm
Missing file
    MD5: 4b4d4c5fdf897457c7286d2b4fd2ac39
ftp://updates.redhat.com/rhn/repository/NULL/expat-devel/1.95.1-1/alpha/expat-devel-1.95.1-1.alpha.rpm
Missing file
    MD5: aa8555291135f9b681d1d519f5fe5539
mm-1.1.3-2.alpha.rpm
File outdated by:  RHBA-2002:273
    MD5: 13cfd219c25232decce6703c70419f4a
mm-devel-1.1.3-2.alpha.rpm
File outdated by:  RHBA-2002:273
    MD5: f9b26ec0d52c79444de07f10bceb2262
ftp://updates.redhat.com/rhn/repository/NULL/mod_bandwidth/2.0.3-2/alpha/mod_bandwidth-2.0.3-2.alpha.rpm
Missing file
    MD5: 3be3121fa4b5490a1ace387526cf2406
ftp://updates.redhat.com/rhn/repository/NULL/mod_put/1.3-2/alpha/mod_put-1.3-2.alpha.rpm
Missing file
    MD5: 25f1a3961b8c2aa6f2b63288535abc73
mod_ssl-2.8.5-0.7.alpha.rpm
File outdated by:  RHSA-2002:222
    MD5: b4b100f56cefc614b878a191fb5ed6f0
ftp://updates.redhat.com/rhn/repository/NULL/mod_throttle/3.1.2-3/alpha/mod_throttle-3.1.2-3.alpha.rpm
Missing file
    MD5: d3f81d978bb81de0b2e357b79ade1d7e
 
IA-32:
apache-1.3.22-1.7.1.i386.rpm
File outdated by:  RHSA-2002:222
    MD5: 6bcd4368b5106127787cbac0248f669b
apache-devel-1.3.22-1.7.1.i386.rpm
File outdated by:  RHSA-2002:222
    MD5: 052ac912ba5dd85f2f81a1dc0c7472fd
apache-manual-1.3.22-1.7.1.i386.rpm
File outdated by:  RHSA-2002:222
    MD5: 26752f2274eec2d5e399d03a6f973ea7
ftp://updates.redhat.com/rhn/repository/NULL/expat/1.95.1-1/i386/expat-1.95.1-1.i386.rpm
Missing file
    MD5: fb87db480ce7f5317f0464640b419e43
ftp://updates.redhat.com/rhn/repository/NULL/expat-devel/1.95.1-1/i386/expat-devel-1.95.1-1.i386.rpm
Missing file
    MD5: 87978a5568dccb618c1646110443ad87
mm-1.1.3-2.i386.rpm
File outdated by:  RHBA-2002:273
    MD5: bffbf64db212e970ad139b5e61dc4ad2
mm-devel-1.1.3-2.i386.rpm
File outdated by:  RHBA-2002:273
    MD5: 541a185e0e63970cdbb573eb5afc6d45
ftp://updates.redhat.com/rhn/repository/NULL/mod_bandwidth/2.0.3-2/i386/mod_bandwidth-2.0.3-2.i386.rpm
Missing file
    MD5: 414b7a5cb5a0153b9cd41c0b10a7c155
ftp://updates.redhat.com/rhn/repository/NULL/mod_put/1.3-2/i386/mod_put-1.3-2.i386.rpm
Missing file
    MD5: c1bc1dd8b81ed2669ea31a0338cf8e8d
mod_ssl-2.8.5-0.7.i386.rpm
File outdated by:  RHSA-2002:222
    MD5: ef3ec4f2b0775440f7b9f7b2274e5a3f
ftp://updates.redhat.com/rhn/repository/NULL/mod_throttle/3.1.2-3/i386/mod_throttle-3.1.2-3.i386.rpm
Missing file
    MD5: e80083a4d622f91d14125d291e542b24
 
Red Hat Linux 7.1

SRPMS:
apache-1.3.22-1.7.1.src.rpm
File outdated by:  RHSA-2002:222
    MD5: 5cf136a2bfb482501254fa6630f9e6e8
ftp://updates.redhat.com/rhn/repository/NULL/expat/1.95.1-1/SRPMS/expat-1.95.1-1.src.rpm
Missing file
    MD5: d0cbe11cfd0c2fad460d749a4afadf8f
mm-1.1.3-2.src.rpm
File outdated by:  RHBA-2002:273
    MD5: 85f0ff3830d540a3235e2d7471ca2e27
ftp://updates.redhat.com/rhn/repository/NULL/mod_bandwidth/2.0.3-2/SRPMS/mod_bandwidth-2.0.3-2.src.rpm
Missing file
    MD5: 9cd99798f41854041ed50e5c2b9c9d4a
ftp://updates.redhat.com/rhn/repository/NULL/mod_put/1.3-2/SRPMS/mod_put-1.3-2.src.rpm
Missing file
    MD5: 392c6c20c9ca7d5ad437b91ea08bac2a
mod_ssl-2.8.5-0.7.src.rpm
File outdated by:  RHSA-2002:222
    MD5: 4d9b105c543162987b6a0755080e73b1
ftp://updates.redhat.com/rhn/repository/NULL/mod_throttle/3.1.2-3/SRPMS/mod_throttle-3.1.2-3.src.rpm
Missing file
    MD5: 15398a5663f14b8e5babbb5309d6739c
 
Alpha:
apache-1.3.22-1.7.1.alpha.rpm
File outdated by:  RHSA-2002:222
    MD5: 8f8ea759a9ff2d61c60104ee9b3edc09
apache-devel-1.3.22-1.7.1.alpha.rpm
File outdated by:  RHSA-2002:222
    MD5: ea3bd3c37081fd9a303c8f656a31b52f
apache-manual-1.3.22-1.7.1.alpha.rpm
File outdated by:  RHSA-2002:222
    MD5: e6f023bd016b75e40e390b2cdf5fe77f
ftp://updates.redhat.com/rhn/repository/NULL/expat/1.95.1-1/alpha/expat-1.95.1-1.alpha.rpm
Missing file
    MD5: 4b4d4c5fdf897457c7286d2b4fd2ac39
ftp://updates.redhat.com/rhn/repository/NULL/expat-devel/1.95.1-1/alpha/expat-devel-1.95.1-1.alpha.rpm
Missing file
    MD5: aa8555291135f9b681d1d519f5fe5539
mm-1.1.3-2.alpha.rpm
File outdated by:  RHBA-2002:273
    MD5: 13cfd219c25232decce6703c70419f4a
mm-devel-1.1.3-2.alpha.rpm
File outdated by:  RHBA-2002:273
    MD5: f9b26ec0d52c79444de07f10bceb2262
ftp://updates.redhat.com/rhn/repository/NULL/mod_bandwidth/2.0.3-2/alpha/mod_bandwidth-2.0.3-2.alpha.rpm
Missing file
    MD5: 3be3121fa4b5490a1ace387526cf2406
ftp://updates.redhat.com/rhn/repository/NULL/mod_put/1.3-2/alpha/mod_put-1.3-2.alpha.rpm
Missing file
    MD5: 25f1a3961b8c2aa6f2b63288535abc73
mod_ssl-2.8.5-0.7.alpha.rpm
File outdated by:  RHSA-2002:222
    MD5: b4b100f56cefc614b878a191fb5ed6f0
ftp://updates.redhat.com/rhn/repository/NULL/mod_throttle/3.1.2-3/alpha/mod_throttle-3.1.2-3.alpha.rpm
Missing file
    MD5: d3f81d978bb81de0b2e357b79ade1d7e
 
IA-32:
apache-1.3.22-1.7.1.i386.rpm
File outdated by:  RHSA-2003:405
    MD5: 6bcd4368b5106127787cbac0248f669b
apache-devel-1.3.22-1.7.1.i386.rpm
File outdated by:  RHSA-2003:405
    MD5: 052ac912ba5dd85f2f81a1dc0c7472fd
apache-manual-1.3.22-1.7.1.i386.rpm
File outdated by:  RHSA-2003:405
    MD5: 26752f2274eec2d5e399d03a6f973ea7
ftp://updates.redhat.com/rhn/repository/NULL/expat/1.95.1-1/i386/expat-1.95.1-1.i386.rpm
Missing file
    MD5: fb87db480ce7f5317f0464640b419e43
ftp://updates.redhat.com/rhn/repository/NULL/expat-devel/1.95.1-1/i386/expat-devel-1.95.1-1.i386.rpm
Missing file
    MD5: 87978a5568dccb618c1646110443ad87
mm-1.1.3-2.i386.rpm
File outdated by:  RHBA-2002:273
    MD5: bffbf64db212e970ad139b5e61dc4ad2
mm-devel-1.1.3-2.i386.rpm
File outdated by:  RHBA-2002:273
    MD5: 541a185e0e63970cdbb573eb5afc6d45
ftp://updates.redhat.com/rhn/repository/NULL/mod_bandwidth/2.0.3-2/i386/mod_bandwidth-2.0.3-2.i386.rpm
Missing file
    MD5: 414b7a5cb5a0153b9cd41c0b10a7c155
ftp://updates.redhat.com/rhn/repository/NULL/mod_put/1.3-2/i386/mod_put-1.3-2.i386.rpm
Missing file
    MD5: c1bc1dd8b81ed2669ea31a0338cf8e8d
mod_ssl-2.8.5-0.7.i386.rpm
File outdated by:  RHSA-2003:243
    MD5: ef3ec4f2b0775440f7b9f7b2274e5a3f
ftp://updates.redhat.com/rhn/repository/NULL/mod_throttle/3.1.2-3/i386/mod_throttle-3.1.2-3.i386.rpm
Missing file
    MD5: e80083a4d622f91d14125d291e542b24
 
IA-64:
apache-1.3.22-1.7.1.ia64.rpm
File outdated by:  RHSA-2002:222
    MD5: d72a44ce73899c1ae8502a4dac44977a
apache-devel-1.3.22-1.7.1.ia64.rpm
File outdated by:  RHSA-2002:222
    MD5: 91d505625bfc721907beead7f79fa565
apache-manual-1.3.22-1.7.1.ia64.rpm
File outdated by:  RHSA-2002:222
    MD5: 235d62371a30d4f8817ff873f8948dae
mm-1.1.3-2.ia64.rpm
File outdated by:  RHBA-2002:273
    MD5: 93ebc06c4d160fd82430b983093e9f40
mm-devel-1.1.3-2.ia64.rpm
File outdated by:  RHBA-2002:273
    MD5: e31a027184bdc9a202994c57f9b96a10
ftp://updates.redhat.com/rhn/repository/NULL/mod_bandwidth/2.0.3-2/ia64/mod_bandwidth-2.0.3-2.ia64.rpm
Missing file
    MD5: c091e03032e4f7d628e8bb2f706e66ab
ftp://updates.redhat.com/rhn/repository/NULL/mod_put/1.3-2/ia64/mod_put-1.3-2.ia64.rpm
Missing file
    MD5: 4678335e17b5e09c42d679480493f2a0
mod_ssl-2.8.5-0.7.ia64.rpm
File outdated by:  RHSA-2002:222
    MD5: 1e5337f03080b9f28c951cc06fa7aa14
ftp://updates.redhat.com/rhn/repository/NULL/mod_throttle/3.1.2-3/ia64/mod_throttle-3.1.2-3.ia64.rpm
Missing file
    MD5: 47691815f0bad537d3305aa379083500
 
Red Hat Linux 7.2

SRPMS:
apache-1.3.22-2.src.rpm
File outdated by:  RHSA-2002:103
    MD5: bf518904d1b4ef0edd07ce3a7dd34871
mod_ssl-2.8.5-1.src.rpm
File outdated by:  RHSA-2003:243
    MD5: bc734ceff3e2dee5d5a4ff230b5e8293
 
IA-32:
apache-1.3.22-2.i386.rpm
File outdated by:  RHSA-2003:405
    MD5: 6dd421e90d6de5cb9a5ae25e428724e8
apache-devel-1.3.22-2.i386.rpm
File outdated by:  RHSA-2003:405
    MD5: 19aa4f624d8263756374095b352c274a
apache-manual-1.3.22-2.i386.rpm
File outdated by:  RHSA-2003:405
    MD5: c352198baaeb451d6e1797458cfcad4e
mod_ssl-2.8.5-1.i386.rpm
File outdated by:  RHSA-2003:243
    MD5: cec3188aea446e454e92efcf9246abd5
 
s390:
apache-1.3.22-2.s390.rpm
File outdated by:  RHSA-2002:103
    MD5: 94fbad043d55987ad3807aba33c9fabc
apache-devel-1.3.22-2.s390.rpm
File outdated by:  RHSA-2002:103
    MD5: 8030bd8357ad4d34948ae0324ad15c91
apache-manual-1.3.22-2.s390.rpm
File outdated by:  RHSA-2002:103
    MD5: fcdc19d52780fc79e2cd8744575c5d02
ftp://updates.redhat.com/rhn/repository/NULL/mod_ssl/2.8.5-1/s390/mod_ssl-2.8.5-1.s390.rpm
Missing file
    MD5: e334cb1f9e6a09c7cb15cb1f7b0c13ff
 

Bugs fixed (see bugzilla for more information)

34772 - Apache 1.3.14 breaks byterange functionality (hinders serving of PDFs)


References


Keywords

apache, directory, listing


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/