3869 – Bug in Apache.Need the new ebuild (1.3.26 )

Bug 3869 - Bug in Apache.Need the new ebuild (1.3.26 )

Summary: Bug in Apache.Need the new ebuild (1.3.26 )

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High major
Assignee:	Nicholas Jones (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-06-18 20:48 UTC by Francisco Gimeno
Modified:	2002-06-23 19:10 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Francisco Gimeno 2002-06-18 20:48:40 UTC

Hi.    
    
It just has been released the new version of apache web server that fixs the    
chunk bug..    
From the web...    
-----------    
"In most cases the outcome of the invalid request is that the child process    
dealing with the request will terminate. At the least, this could help a remote    
attacker launch a denial of service attack as the parent process will    
eventually have to replace the terminated child process, and starting new    
children uses non-trivial amounts of resources.    
    
    
We were also notified today by ISS that they had published the same issue which    
has forced the early release of this advisory. Please note that the patch    
provided by ISS does not correct this vulnerability.    
    
    
The Apache Software Foundation has released versions 1.3.26 and 2.0.39 to    
address and fix this issue. These version are available for download; see    
below."    
--------    
So, the ISS patch doesn't work... What about trying the 1.3.26 ?    
    
Slt... Thx ;)   
  
PS: excuseme Carpaski and woodchip, but you are who better know the BIGGG 
apache ebuild.