C-Note-04-014: Apache 2.0.51 Released - 09/15/04 (revised 12/06/04)

Apache has announced a new release, 2.0.51 and it is primarily bug fixes. This release is compatible with modules compiled for 2.0.42 and later versions. Apache encourages users of all prior versions to upgrade. It also addresses five security vulnerabilities that are outlined below:

An input validation issue in IPv6 literal address parsing which can result in a negative length parameter being passed to memcpy. [CAN-2004-0786]

A buffer overflow in configuration file parsing could allow a local user to gain the privileges of a httpd child if the server can be forced to parse a carefully crafted .htaccess file. [CAN-2004-0747]

A segfault in mod_ssl which can be triggered by a malicious remote server, if proxying to SSL servers has been configured. [CAN-2004-0751]

A potential infinite loop in mod_ssl which could be triggered given particular timing of a connection abort. [CAN-2004-0748]

A segfault in mod_dav_fs which can be remotely triggered by an indirect lock refresh request. [CAN-2004-0809]

The original Apache Announcement may be found at: http://www.apache.org/dist/httpd/Announcement2.html
CIAC would like to thank The Apache Project for this information.

For additional information, please see the following websites:

Red Hat Security Advisory RHSA-2004:463-09
https://rhn.redhat.com/errata/RHSA-2004-463.html

Debian Security Advisory DSA-558-1 libapache-mod-dav -- null point dereference http://www.debian.org/security/2004/dsa-558
(added 10/06/04)

HP Security Bulletin HPSBUX01090 rev. 0 / SSRT4853 rev. 0 HP-UX Apache with PHP remote Denial of Service, local elevation of privileges, unauthorized access to restricted resources.
(Access the bulletin using HP's subscription service: http://r.your.hp.com/r/c/r?1.1.HX.Dc.148YX9.BudUXO...ClDA.1GWW.2ytX9o )
(added 10/28/04)

HP Security Bulletin HPSBGN01091 rev. 0 / SSRT4812, SSRT4832 rev.0 HP Tru64 IX (Internet Express) PHP / Apache Multiple Local and Remote Unauthorized Access
(Access the bulletin using HP's subscription service: http://r.your.hp.com/r/c/r?1.1.HX.Dc.148YX9.Bv34Lo...ClJK.1GXg.2r719M )
(added 10/29/04)

Apple's Security Update 2004-12-02
http://docs.info.apple.com/article.html?artnum=61798
(added 12/06/04)