Summary: | net-www/apache Possible DoS (CVE-2005-3357) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | apache-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://issues.apache.org/bugzilla/show_bug.cgi?id=37791 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-12-12 10:15:53 UTC
Apache herd, please advise/patch ? Looks like we need this patch to fix the problem: http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=354394&view=diff&r1=354394&r2=354393&p1=httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c&p2=/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Best regards, Stu The supplied patch is for the apache trunk and won't apply correctly to 2.0.55. We need a backport from upstream unless someone more knowledgable in c/c++ wants to step up to the plate. Given the very specific nature of this vulnerability I would wait for an upstream release to pick it up. Backports at : http://issues.apache.org/bugzilla/show_bug.cgi?id=37791#c3 This should be grouped with bug 118875 for a common GLSA. fixed in CVS. see bug 118875. See stable marking handled on bug 118875 Common GLSA with bug 118875 GLSA 200602-03 Apache note that new old style versions might be flagged as vulnerable by this GLSA. So we have to update it if you put out new versions. |