Description: | Description:
The remote host is missing updates announced in advisory CLA-2003:632.
Apache[1] is the most popular webserver in use today.
This update fixes two security vulnerabilities:
1. Denial of service (CVE-2003-0132)[3] David Endler from iDefense reported[2] a denial of service condition that affects the apache 2.0 branch which affects all unpatched servers up to and including version 2.0.44.
There is a memory leak in these apache versions which can be remotely triggered by sending large chunks of consecutive linefeed characters. Each linefeed will cause the server to allocate 80 bytes of memory.
A remote attacker can keep sending these simple requests until the server's memory is exhausted.
2. File descriptor leak[5] Christian Kratzer and Bjoern A. Zeeb identified several file descriptor leaks to child processes, such as CGI scripts, which could consitute a security threat on servers that run untrusted CGI scripts.
The Apache HTTP Server Project released[4] Apache version 2.0.45 to address these issues, and this is the version provided via this update.
Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade'
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:632 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003
Risk factor : Medium
CVSS Score: 5.0
|