-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                ESB-2006.0567 -- [Win][UNIX/Linux][RedHat]
                          apache security update
                              21 August 2006

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Apache 2.2.1 and prior
                      Apache 2.0.56 and prior
                      Apache 1.3.34 and prior
Publisher:            Red Hat
Operating System:     Red Hat Enterprise Linux AS/ES/WS 2.1
                      UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact:               Cross-site Scripting
Access:               Remote/Unauthenticated
CVE Names:            CVE-2006-3918

Comment: This advisory references vulnerabilities in products which run on
         platforms other than Red Hat. It is recommended that administrators
         running Apache check for an updated version of the software for
         their operating system.

Revision History:  August 21 2006: Added bulletin for Red Hat versions 3 and 4
                   August  9 2006: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: apache security update
Advisory ID:       RHSA-2006:0618-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0618.html
Issue date:        2006-08-08
Updated on:        2006-08-08
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-3918 
- - ---------------------------------------------------------------------

1. Summary:

Updated Apache httpd packages that correct a security issue are now
available for Red Hat Enterprise Linux 2.1.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

The Apache HTTP Server is a popular Web server available for free. 

A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header. (CVE-2006-3918)

While a web browser cannot be forced to send an arbitrary Expect header by
a third-party attacker, it was recently discovered that certain versions of
the Flash plugin can manipulate request headers. If users running such
versions can be persuaded to load a web page with a malicious Flash applet,
a cross-site scripting attack against the server may be possible.

Users of Apache should upgrade to these updated packages, which contain a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

200738 - CVE-2006-3918 Expect header XSS

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/apache-1.3.27-11.ent.src.rpm
6195921625144194e4483f3f31a31025  apache-1.3.27-11.ent.src.rpm

i386:
3139ab4d1534b2dc8467a4dea8ea7004  apache-1.3.27-11.ent.i386.rpm
5a2c1a85a3fc5db0b29f59269788a4a6  apache-devel-1.3.27-11.ent.i386.rpm
921105306fd10ce908c60d6cd9a88298  apache-manual-1.3.27-11.ent.i386.rpm

ia64:
4e05401ab82413c501bf83e65bfd91cb  apache-1.3.27-11.ent.ia64.rpm
1c71728d8382407c71331b2bc7c938b7  apache-devel-1.3.27-11.ent.ia64.rpm
8f7177083aeb3997af5b92bc5f63013f  apache-manual-1.3.27-11.ent.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/apache-1.3.27-11.ent.src.rpm
6195921625144194e4483f3f31a31025  apache-1.3.27-11.ent.src.rpm

ia64:
4e05401ab82413c501bf83e65bfd91cb  apache-1.3.27-11.ent.ia64.rpm
1c71728d8382407c71331b2bc7c938b7  apache-devel-1.3.27-11.ent.ia64.rpm
8f7177083aeb3997af5b92bc5f63013f  apache-manual-1.3.27-11.ent.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/apache-1.3.27-11.ent.src.rpm
6195921625144194e4483f3f31a31025  apache-1.3.27-11.ent.src.rpm

i386:
3139ab4d1534b2dc8467a4dea8ea7004  apache-1.3.27-11.ent.i386.rpm
5a2c1a85a3fc5db0b29f59269788a4a6  apache-devel-1.3.27-11.ent.i386.rpm
921105306fd10ce908c60d6cd9a88298  apache-manual-1.3.27-11.ent.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/apache-1.3.27-11.ent.src.rpm
6195921625144194e4483f3f31a31025  apache-1.3.27-11.ent.src.rpm

i386:
3139ab4d1534b2dc8467a4dea8ea7004  apache-1.3.27-11.ent.i386.rpm
5a2c1a85a3fc5db0b29f59269788a4a6  apache-devel-1.3.27-11.ent.i386.rpm
921105306fd10ce908c60d6cd9a88298  apache-manual-1.3.27-11.ent.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFE2PfuXlSAg2UNWIIRAlfWAJ9ujIHBO8zJ0lrKmAiWJmdm8v2+bACZAUBJ
8VdBul6wLL8Esi3p9zZHhXU=
=cPnC
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: httpd security update
Advisory ID:       RHSA-2006:0619-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0619.html
Issue date:        2006-08-10
Updated on:        2006-08-10
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-3918 
- - ---------------------------------------------------------------------

1. Summary:

Updated Apache httpd packages that correct security issues and resolve bugs
are now available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Apache HTTP Server is a popular Web server available for free.

A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message.  This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header.  (CVE-2006-3918)

While a web browser cannot be forced to send an arbitrary Expect
header by a third-party attacker, it was recently discovered that
certain versions of the Flash plugin can manipulate request headers.
If users running such versions can be persuaded to load a web page
with a malicious Flash applet, a cross-site scripting attack against
the server may be possible.

On Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in
the handling of malformed Expect headers, the page produced by the
cross-site scripting attack will only be returned after a timeout expires
(2-5 minutes by default) if not first canceled by the user.

Users of httpd should update to these erratum packages, which contain a
backported patch to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

200732 - CVE-2006-3918 Expect header XSS

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-61.ent.src.rpm
04cf2be7ea48113d24aad1d32b36ad0b  httpd-2.0.46-61.ent.src.rpm

i386:
d9bb6b02095ee31f3779a41ccf37e889  httpd-2.0.46-61.ent.i386.rpm
eae693185994488d65566a690a1e43b5  httpd-debuginfo-2.0.46-61.ent.i386.rpm
59adb3ab038e3bf0e799b1d246913b87  httpd-devel-2.0.46-61.ent.i386.rpm
8095700d500f6427d83e7e65010d91c5  mod_ssl-2.0.46-61.ent.i386.rpm

ia64:
66c25ecc5c74599ba3a7bb3f2fa9f4b8  httpd-2.0.46-61.ent.ia64.rpm
f8e037feaae5deef8418d5d7f276eae5  httpd-debuginfo-2.0.46-61.ent.ia64.rpm
c967c0497ef645d09805b432add9fac2  httpd-devel-2.0.46-61.ent.ia64.rpm
635c92aac642b85d9b49322c4fd09f39  mod_ssl-2.0.46-61.ent.ia64.rpm

ppc:
54e916bfdc60fdd36ff8e924f18fa165  httpd-2.0.46-61.ent.ppc.rpm
59e5b716afb5cc4968c445d4114b18e0  httpd-debuginfo-2.0.46-61.ent.ppc.rpm
acaaf4cbdca1df0cd1e781af286c8758  httpd-devel-2.0.46-61.ent.ppc.rpm
076c66ddc29fc5d97fc9b33f744dda30  mod_ssl-2.0.46-61.ent.ppc.rpm

s390:
631fd6776f5930a1a5346ef7b651a596  httpd-2.0.46-61.ent.s390.rpm
c92b39cea6574b088d879f17406e1f1e  httpd-debuginfo-2.0.46-61.ent.s390.rpm
d547adbcdb6e9b7c3971db416196eb24  httpd-devel-2.0.46-61.ent.s390.rpm
7bb49ad738ca9fd78ee1fcaaf6fa85e9  mod_ssl-2.0.46-61.ent.s390.rpm

s390x:
88820ef80fc2f013716483ed9cc24618  httpd-2.0.46-61.ent.s390x.rpm
b5da9fe9b0a72da25644623099c97d54  httpd-debuginfo-2.0.46-61.ent.s390x.rpm
9f02adf3a99778f31bdcc5e83c552ccf  httpd-devel-2.0.46-61.ent.s390x.rpm
6f9e00153fb16ca4d84ca25edc8b369d  mod_ssl-2.0.46-61.ent.s390x.rpm

x86_64:
a867591bfea47c5918bb37b37fbec21a  httpd-2.0.46-61.ent.x86_64.rpm
8f8cd4e2b9024b355965888c3ba0196d  httpd-debuginfo-2.0.46-61.ent.x86_64.rpm
624fd85d9aa4e6372f1663052df06309  httpd-devel-2.0.46-61.ent.x86_64.rpm
927b300b3ff027401c1c7b38dac1cfa0  mod_ssl-2.0.46-61.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-61.ent.src.rpm
04cf2be7ea48113d24aad1d32b36ad0b  httpd-2.0.46-61.ent.src.rpm

i386:
d9bb6b02095ee31f3779a41ccf37e889  httpd-2.0.46-61.ent.i386.rpm
eae693185994488d65566a690a1e43b5  httpd-debuginfo-2.0.46-61.ent.i386.rpm
59adb3ab038e3bf0e799b1d246913b87  httpd-devel-2.0.46-61.ent.i386.rpm
8095700d500f6427d83e7e65010d91c5  mod_ssl-2.0.46-61.ent.i386.rpm

x86_64:
a867591bfea47c5918bb37b37fbec21a  httpd-2.0.46-61.ent.x86_64.rpm
8f8cd4e2b9024b355965888c3ba0196d  httpd-debuginfo-2.0.46-61.ent.x86_64.rpm
624fd85d9aa4e6372f1663052df06309  httpd-devel-2.0.46-61.ent.x86_64.rpm
927b300b3ff027401c1c7b38dac1cfa0  mod_ssl-2.0.46-61.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-61.ent.src.rpm
04cf2be7ea48113d24aad1d32b36ad0b  httpd-2.0.46-61.ent.src.rpm

i386:
d9bb6b02095ee31f3779a41ccf37e889  httpd-2.0.46-61.ent.i386.rpm
eae693185994488d65566a690a1e43b5  httpd-debuginfo-2.0.46-61.ent.i386.rpm
59adb3ab038e3bf0e799b1d246913b87  httpd-devel-2.0.46-61.ent.i386.rpm
8095700d500f6427d83e7e65010d91c5  mod_ssl-2.0.46-61.ent.i386.rpm

ia64:
66c25ecc5c74599ba3a7bb3f2fa9f4b8  httpd-2.0.46-61.ent.ia64.rpm
f8e037feaae5deef8418d5d7f276eae5  httpd-debuginfo-2.0.46-61.ent.ia64.rpm
c967c0497ef645d09805b432add9fac2  httpd-devel-2.0.46-61.ent.ia64.rpm
635c92aac642b85d9b49322c4fd09f39  mod_ssl-2.0.46-61.ent.ia64.rpm

x86_64:
a867591bfea47c5918bb37b37fbec21a  httpd-2.0.46-61.ent.x86_64.rpm
8f8cd4e2b9024b355965888c3ba0196d  httpd-debuginfo-2.0.46-61.ent.x86_64.rpm
624fd85d9aa4e6372f1663052df06309  httpd-devel-2.0.46-61.ent.x86_64.rpm
927b300b3ff027401c1c7b38dac1cfa0  mod_ssl-2.0.46-61.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-61.ent.src.rpm
04cf2be7ea48113d24aad1d32b36ad0b  httpd-2.0.46-61.ent.src.rpm

i386:
d9bb6b02095ee31f3779a41ccf37e889  httpd-2.0.46-61.ent.i386.rpm
eae693185994488d65566a690a1e43b5  httpd-debuginfo-2.0.46-61.ent.i386.rpm
59adb3ab038e3bf0e799b1d246913b87  httpd-devel-2.0.46-61.ent.i386.rpm
8095700d500f6427d83e7e65010d91c5  mod_ssl-2.0.46-61.ent.i386.rpm

ia64:
66c25ecc5c74599ba3a7bb3f2fa9f4b8  httpd-2.0.46-61.ent.ia64.rpm
f8e037feaae5deef8418d5d7f276eae5  httpd-debuginfo-2.0.46-61.ent.ia64.rpm
c967c0497ef645d09805b432add9fac2  httpd-devel-2.0.46-61.ent.ia64.rpm
635c92aac642b85d9b49322c4fd09f39  mod_ssl-2.0.46-61.ent.ia64.rpm

x86_64:
a867591bfea47c5918bb37b37fbec21a  httpd-2.0.46-61.ent.x86_64.rpm
8f8cd4e2b9024b355965888c3ba0196d  httpd-debuginfo-2.0.46-61.ent.x86_64.rpm
624fd85d9aa4e6372f1663052df06309  httpd-devel-2.0.46-61.ent.x86_64.rpm
927b300b3ff027401c1c7b38dac1cfa0  mod_ssl-2.0.46-61.ent.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-28.ent.src.rpm
4f35d5c8dc42f7e0c8d47fbe15f80ee7  httpd-2.0.52-28.ent.src.rpm

i386:
0b30f0a89cca20b95784a39fcab65e35  httpd-2.0.52-28.ent.i386.rpm
16c54cd14dd2efbcc264ce313107aa1e  httpd-debuginfo-2.0.52-28.ent.i386.rpm
1f5dc32947852da3a57662e6d8d5da21  httpd-devel-2.0.52-28.ent.i386.rpm
453758ed80cda526c0d28dbe6a4fb053  httpd-manual-2.0.52-28.ent.i386.rpm
08c31b58be6c3a3e56b4ab8cd7c9d60b  httpd-suexec-2.0.52-28.ent.i386.rpm
bafd04190956db5220e1931f1cdfda06  mod_ssl-2.0.52-28.ent.i386.rpm

ia64:
981d825a38f285dc367a57909ebb1bb5  httpd-2.0.52-28.ent.ia64.rpm
cf2d0c7a8b16aa07012fd164f490e040  httpd-debuginfo-2.0.52-28.ent.ia64.rpm
37da1e4c1527b539523bd076595ec3fb  httpd-devel-2.0.52-28.ent.ia64.rpm
e6dc477ed351c90340a16ee7e05a6c0f  httpd-manual-2.0.52-28.ent.ia64.rpm
2e8c68c3be5aba7ff97fe63a5204c1ed  httpd-suexec-2.0.52-28.ent.ia64.rpm
1b20f7a2d51bb180b8e0d7ce7198c37a  mod_ssl-2.0.52-28.ent.ia64.rpm

ppc:
d5f2c327364716fac423212bab0e78ae  httpd-2.0.52-28.ent.ppc.rpm
22e7b339bf1bd1673ac55d5ee26a9abf  httpd-debuginfo-2.0.52-28.ent.ppc.rpm
90bd7f4d121543fa18c46d5e4d061800  httpd-devel-2.0.52-28.ent.ppc.rpm
4df7750df209c840db61a391c4dc53cb  httpd-manual-2.0.52-28.ent.ppc.rpm
d990a29b89b52cc4f106f71e960de2f6  httpd-suexec-2.0.52-28.ent.ppc.rpm
2e36173faaf66a60e16f4ab560943264  mod_ssl-2.0.52-28.ent.ppc.rpm

s390:
6b4eadc50cd34b89a5e552a9d837915b  httpd-2.0.52-28.ent.s390.rpm
10b1258eaa72cb7d24f307f4b56587d6  httpd-debuginfo-2.0.52-28.ent.s390.rpm
c32a312d95476cb5239f09ac5640cc89  httpd-devel-2.0.52-28.ent.s390.rpm
9f2a04f98ba26be7241299f38b3bdb30  httpd-manual-2.0.52-28.ent.s390.rpm
3f69e468aa98ccb4041eb638fb4f9836  httpd-suexec-2.0.52-28.ent.s390.rpm
b1bf1d1537d3c69db0810449cd40a202  mod_ssl-2.0.52-28.ent.s390.rpm

s390x:
1ade626c844752cacd4a4e3693b89c4d  httpd-2.0.52-28.ent.s390x.rpm
1b47cc782af3c9ae292070bc4153314d  httpd-debuginfo-2.0.52-28.ent.s390x.rpm
0473513c742d3926e936daa1cedb01e3  httpd-devel-2.0.52-28.ent.s390x.rpm
62693d03ee562582b0e8b3338da593ff  httpd-manual-2.0.52-28.ent.s390x.rpm
ce08d7a587630f3568d49a35d1aa3ad7  httpd-suexec-2.0.52-28.ent.s390x.rpm
bf53b4918b08d5efd7abaf97445821f5  mod_ssl-2.0.52-28.ent.s390x.rpm

x86_64:
5ea25c8a07bb0021b79d3607bebb7324  httpd-2.0.52-28.ent.x86_64.rpm
07e4bd6632a3775bb5fc56cdebdf1302  httpd-debuginfo-2.0.52-28.ent.x86_64.rpm
349f57d1d4819f8adb4a46118b774a50  httpd-devel-2.0.52-28.ent.x86_64.rpm
53ba74eac84a36cc1cb2829add804236  httpd-manual-2.0.52-28.ent.x86_64.rpm
ad3cdee012b0cc635caa391ab695345c  httpd-suexec-2.0.52-28.ent.x86_64.rpm
92a99ce7ec860e35b735814360ec37cb  mod_ssl-2.0.52-28.ent.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-28.ent.src.rpm
4f35d5c8dc42f7e0c8d47fbe15f80ee7  httpd-2.0.52-28.ent.src.rpm

i386:
0b30f0a89cca20b95784a39fcab65e35  httpd-2.0.52-28.ent.i386.rpm
16c54cd14dd2efbcc264ce313107aa1e  httpd-debuginfo-2.0.52-28.ent.i386.rpm
1f5dc32947852da3a57662e6d8d5da21  httpd-devel-2.0.52-28.ent.i386.rpm
453758ed80cda526c0d28dbe6a4fb053  httpd-manual-2.0.52-28.ent.i386.rpm
08c31b58be6c3a3e56b4ab8cd7c9d60b  httpd-suexec-2.0.52-28.ent.i386.rpm
bafd04190956db5220e1931f1cdfda06  mod_ssl-2.0.52-28.ent.i386.rpm

x86_64:
5ea25c8a07bb0021b79d3607bebb7324  httpd-2.0.52-28.ent.x86_64.rpm
07e4bd6632a3775bb5fc56cdebdf1302  httpd-debuginfo-2.0.52-28.ent.x86_64.rpm
349f57d1d4819f8adb4a46118b774a50  httpd-devel-2.0.52-28.ent.x86_64.rpm
53ba74eac84a36cc1cb2829add804236  httpd-manual-2.0.52-28.ent.x86_64.rpm
ad3cdee012b0cc635caa391ab695345c  httpd-suexec-2.0.52-28.ent.x86_64.rpm
92a99ce7ec860e35b735814360ec37cb  mod_ssl-2.0.52-28.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-28.ent.src.rpm
4f35d5c8dc42f7e0c8d47fbe15f80ee7  httpd-2.0.52-28.ent.src.rpm

i386:
0b30f0a89cca20b95784a39fcab65e35  httpd-2.0.52-28.ent.i386.rpm
16c54cd14dd2efbcc264ce313107aa1e  httpd-debuginfo-2.0.52-28.ent.i386.rpm
1f5dc32947852da3a57662e6d8d5da21  httpd-devel-2.0.52-28.ent.i386.rpm
453758ed80cda526c0d28dbe6a4fb053  httpd-manual-2.0.52-28.ent.i386.rpm
08c31b58be6c3a3e56b4ab8cd7c9d60b  httpd-suexec-2.0.52-28.ent.i386.rpm
bafd04190956db5220e1931f1cdfda06  mod_ssl-2.0.52-28.ent.i386.rpm

ia64:
981d825a38f285dc367a57909ebb1bb5  httpd-2.0.52-28.ent.ia64.rpm
cf2d0c7a8b16aa07012fd164f490e040  httpd-debuginfo-2.0.52-28.ent.ia64.rpm
37da1e4c1527b539523bd076595ec3fb  httpd-devel-2.0.52-28.ent.ia64.rpm
e6dc477ed351c90340a16ee7e05a6c0f  httpd-manual-2.0.52-28.ent.ia64.rpm
2e8c68c3be5aba7ff97fe63a5204c1ed  httpd-suexec-2.0.52-28.ent.ia64.rpm
1b20f7a2d51bb180b8e0d7ce7198c37a  mod_ssl-2.0.52-28.ent.ia64.rpm

x86_64:
5ea25c8a07bb0021b79d3607bebb7324  httpd-2.0.52-28.ent.x86_64.rpm
07e4bd6632a3775bb5fc56cdebdf1302  httpd-debuginfo-2.0.52-28.ent.x86_64.rpm
349f57d1d4819f8adb4a46118b774a50  httpd-devel-2.0.52-28.ent.x86_64.rpm
53ba74eac84a36cc1cb2829add804236  httpd-manual-2.0.52-28.ent.x86_64.rpm
ad3cdee012b0cc635caa391ab695345c  httpd-suexec-2.0.52-28.ent.x86_64.rpm
92a99ce7ec860e35b735814360ec37cb  mod_ssl-2.0.52-28.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-28.ent.src.rpm
4f35d5c8dc42f7e0c8d47fbe15f80ee7  httpd-2.0.52-28.ent.src.rpm

i386:
0b30f0a89cca20b95784a39fcab65e35  httpd-2.0.52-28.ent.i386.rpm
16c54cd14dd2efbcc264ce313107aa1e  httpd-debuginfo-2.0.52-28.ent.i386.rpm
1f5dc32947852da3a57662e6d8d5da21  httpd-devel-2.0.52-28.ent.i386.rpm
453758ed80cda526c0d28dbe6a4fb053  httpd-manual-2.0.52-28.ent.i386.rpm
08c31b58be6c3a3e56b4ab8cd7c9d60b  httpd-suexec-2.0.52-28.ent.i386.rpm
bafd04190956db5220e1931f1cdfda06  mod_ssl-2.0.52-28.ent.i386.rpm

ia64:
981d825a38f285dc367a57909ebb1bb5  httpd-2.0.52-28.ent.ia64.rpm
cf2d0c7a8b16aa07012fd164f490e040  httpd-debuginfo-2.0.52-28.ent.ia64.rpm
37da1e4c1527b539523bd076595ec3fb  httpd-devel-2.0.52-28.ent.ia64.rpm
e6dc477ed351c90340a16ee7e05a6c0f  httpd-manual-2.0.52-28.ent.ia64.rpm
2e8c68c3be5aba7ff97fe63a5204c1ed  httpd-suexec-2.0.52-28.ent.ia64.rpm
1b20f7a2d51bb180b8e0d7ce7198c37a  mod_ssl-2.0.52-28.ent.ia64.rpm

x86_64:
5ea25c8a07bb0021b79d3607bebb7324  httpd-2.0.52-28.ent.x86_64.rpm
07e4bd6632a3775bb5fc56cdebdf1302  httpd-debuginfo-2.0.52-28.ent.x86_64.rpm
349f57d1d4819f8adb4a46118b774a50  httpd-devel-2.0.52-28.ent.x86_64.rpm
53ba74eac84a36cc1cb2829add804236  httpd-manual-2.0.52-28.ent.x86_64.rpm
ad3cdee012b0cc635caa391ab695345c  httpd-suexec-2.0.52-28.ent.x86_64.rpm
92a99ce7ec860e35b735814360ec37cb  mod_ssl-2.0.52-28.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFE26cHXlSAg2UNWIIRAjpYAJ0UEAHLvxemCtk3j5E1qvTK4J8yKQCdHjVw
3UtrXb7F/zzzTBDNYJfMflY=
=ZIj0
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBROj0Jih9+71yA2DNAQLl2wP+OUzZ122fO4z2hsXCNSIIRaQHHf1yrYHi
DepGLasLs/S/KF1OoXJoW90+iqhXJJa/D0oXEZN9UO+T5N8b6bVddkqOU8zufSQ1
+wh+fWFNtprDdiYBpbksV1lDzSNPI7eOg5j1CcsRlejikfNjnjM+IVqEJJRDKcFv
ZK16rbQNba0=
=G6av
-----END PGP SIGNATURE-----