5649765 2000-10-27 22:53 /102 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <13483>
Ärende: [RHSA-2000:095-02] Updated Secure Web Server packages now
------------------------------------------------------------
available
From: bugzilla@REDHAT.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <200010271647.e9RGlmM28560@porkchop.redhat.com>
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Updated Secure Web Server packages now available
Advisory ID: RHSA-2000:095-02
Issue date: 2000-10-26
Updated on: 2000-10-27
Product: Red Hat Secure Web Server
Keywords: mod_rewrite apache
Cross references: N/A
---------------------------------------------------------------------
1. Topic:
Updated Secure Web Server packages are now available for users of
Secure Web Server 3.2.
2. Relevant releases/architectures:
Red Hat Secure Web Server 3.2 - i386
3. Problem description:
Security bugs in versions of Apache prior to 1.3.14 also affect
Secure Web Server. A new release which incorporates 1.3.14 is now
available.
4. Solution:
Some of these files are distributed in rhmask format and may only be
used by individuals who have purchased Red Hat Linux 6.2 Professional.
To produce installable RPM files from the rhmask files, retrieve the
rhmask files via ftp and type the following:
rhmask secureweb-3.2-12.i386.rpm secureweb-3.2.2-4.i386.rpm.rhmask
The original RPM is located only on your Secure Web Server CD, and
cannot be obtained via the Internet. Note: if you do not have the
original RPM located in the same directory as the rhmask file, you
will need to prefix the name of the RPM with the full path name to
its location (i.e. on your installation CD).
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM package.
To restart your Secure Web Server, type the following:
/etc/rc.d/init.d/httpsd restart
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
14147 - The conf directive "SSLOptions +StdEnvVars" for mod_ssl will
cause every request to seg fault.
6. RPMs required:
Red Hat Secure Web Server 3.2:
i386:
ftp://updates.redhat.com/secureweb/3.2/i386/secureweb-3.2.2-4.i386.rpm.rhmask
ftp://updates.redhat.com/secureweb/3.2/i386/secureweb-devel-3.2.2-4.i386.rpm
ftp://updates.redhat.com/secureweb/3.2/i386/secureweb-manual-3.2.2-4.i386.rpm
sources:
ftp://updates.redhat.com/secureweb/3.2/SRPMS/secureweb-3.2.2-4.nosrc.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
a533394b1954f9993b6dcce7469b52bd 3.2/SRPMS/secureweb-3.2.2-4.nosrc.rpm
49053e9a8e79abc362fcc1d3be4d3d88 3.2/i386/secureweb-3.2.2-4.i386.rpm.rhmask
d1002f61eef8a77373735ebb60d2d57c 3.2/i386/secureweb-devel-3.2.2-4.i386.rpm
67e1be0a09f2555e145441a9327d9be6 3.2/i386/secureweb-manual-3.2.2-4.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
N/A
Copyright(c) 2000 Red Hat, Inc.
(5649765) ------------------------------------------(Ombruten)