Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0567 -- [Win][UNIX/Linux][RedHat] apache security update 21 August 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apache 2.2.1 and prior Apache 2.0.56 and prior Apache 1.3.34 and prior Publisher: Red Hat Operating System: Red Hat Enterprise Linux AS/ES/WS 2.1 UNIX variants (UNIX, Linux, OSX) Windows Impact: Cross-site Scripting Access: Remote/Unauthenticated CVE Names: CVE-2006-3918 Comment: This advisory references vulnerabilities in products which run on platforms other than Red Hat. It is recommended that administrators running Apache check for an updated version of the software for their operating system. Revision History: August 21 2006: Added bulletin for Red Hat versions 3 and 4 August 9 2006: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: apache security update Advisory ID: RHSA-2006:0618-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0618.html Issue date: 2006-08-08 Updated on: 2006-08-08 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-3918 - - --------------------------------------------------------------------- 1. Summary: Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The Apache HTTP Server is a popular Web server available for free. A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918) While a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers. If users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible. Users of Apache should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 200738 - CVE-2006-3918 Expect header XSS 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/apache-1.3.27-11.ent.src.rpm 6195921625144194e4483f3f31a31025 apache-1.3.27-11.ent.src.rpm i386: 3139ab4d1534b2dc8467a4dea8ea7004 apache-1.3.27-11.ent.i386.rpm 5a2c1a85a3fc5db0b29f59269788a4a6 apache-devel-1.3.27-11.ent.i386.rpm 921105306fd10ce908c60d6cd9a88298 apache-manual-1.3.27-11.ent.i386.rpm ia64: 4e05401ab82413c501bf83e65bfd91cb apache-1.3.27-11.ent.ia64.rpm 1c71728d8382407c71331b2bc7c938b7 apache-devel-1.3.27-11.ent.ia64.rpm 8f7177083aeb3997af5b92bc5f63013f apache-manual-1.3.27-11.ent.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/apache-1.3.27-11.ent.src.rpm 6195921625144194e4483f3f31a31025 apache-1.3.27-11.ent.src.rpm ia64: 4e05401ab82413c501bf83e65bfd91cb apache-1.3.27-11.ent.ia64.rpm 1c71728d8382407c71331b2bc7c938b7 apache-devel-1.3.27-11.ent.ia64.rpm 8f7177083aeb3997af5b92bc5f63013f apache-manual-1.3.27-11.ent.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/apache-1.3.27-11.ent.src.rpm 6195921625144194e4483f3f31a31025 apache-1.3.27-11.ent.src.rpm i386: 3139ab4d1534b2dc8467a4dea8ea7004 apache-1.3.27-11.ent.i386.rpm 5a2c1a85a3fc5db0b29f59269788a4a6 apache-devel-1.3.27-11.ent.i386.rpm 921105306fd10ce908c60d6cd9a88298 apache-manual-1.3.27-11.ent.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/apache-1.3.27-11.ent.src.rpm 6195921625144194e4483f3f31a31025 apache-1.3.27-11.ent.src.rpm i386: 3139ab4d1534b2dc8467a4dea8ea7004 apache-1.3.27-11.ent.i386.rpm 5a2c1a85a3fc5db0b29f59269788a4a6 apache-devel-1.3.27-11.ent.i386.rpm 921105306fd10ce908c60d6cd9a88298 apache-manual-1.3.27-11.ent.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFE2PfuXlSAg2UNWIIRAlfWAJ9ujIHBO8zJ0lrKmAiWJmdm8v2+bACZAUBJ 8VdBul6wLL8Esi3p9zZHhXU= =cPnC - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2006:0619-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0619.html Issue date: 2006-08-10 Updated on: 2006-08-10 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-3918 - - --------------------------------------------------------------------- 1. Summary: Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Apache HTTP Server is a popular Web server available for free. A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918) While a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers. If users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible. On Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user. Users of httpd should update to these erratum packages, which contain a backported patch to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 200732 - CVE-2006-3918 Expect header XSS 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-61.ent.src.rpm 04cf2be7ea48113d24aad1d32b36ad0b httpd-2.0.46-61.ent.src.rpm i386: d9bb6b02095ee31f3779a41ccf37e889 httpd-2.0.46-61.ent.i386.rpm eae693185994488d65566a690a1e43b5 httpd-debuginfo-2.0.46-61.ent.i386.rpm 59adb3ab038e3bf0e799b1d246913b87 httpd-devel-2.0.46-61.ent.i386.rpm 8095700d500f6427d83e7e65010d91c5 mod_ssl-2.0.46-61.ent.i386.rpm ia64: 66c25ecc5c74599ba3a7bb3f2fa9f4b8 httpd-2.0.46-61.ent.ia64.rpm f8e037feaae5deef8418d5d7f276eae5 httpd-debuginfo-2.0.46-61.ent.ia64.rpm c967c0497ef645d09805b432add9fac2 httpd-devel-2.0.46-61.ent.ia64.rpm 635c92aac642b85d9b49322c4fd09f39 mod_ssl-2.0.46-61.ent.ia64.rpm ppc: 54e916bfdc60fdd36ff8e924f18fa165 httpd-2.0.46-61.ent.ppc.rpm 59e5b716afb5cc4968c445d4114b18e0 httpd-debuginfo-2.0.46-61.ent.ppc.rpm acaaf4cbdca1df0cd1e781af286c8758 httpd-devel-2.0.46-61.ent.ppc.rpm 076c66ddc29fc5d97fc9b33f744dda30 mod_ssl-2.0.46-61.ent.ppc.rpm s390: 631fd6776f5930a1a5346ef7b651a596 httpd-2.0.46-61.ent.s390.rpm c92b39cea6574b088d879f17406e1f1e httpd-debuginfo-2.0.46-61.ent.s390.rpm d547adbcdb6e9b7c3971db416196eb24 httpd-devel-2.0.46-61.ent.s390.rpm 7bb49ad738ca9fd78ee1fcaaf6fa85e9 mod_ssl-2.0.46-61.ent.s390.rpm s390x: 88820ef80fc2f013716483ed9cc24618 httpd-2.0.46-61.ent.s390x.rpm b5da9fe9b0a72da25644623099c97d54 httpd-debuginfo-2.0.46-61.ent.s390x.rpm 9f02adf3a99778f31bdcc5e83c552ccf httpd-devel-2.0.46-61.ent.s390x.rpm 6f9e00153fb16ca4d84ca25edc8b369d mod_ssl-2.0.46-61.ent.s390x.rpm x86_64: a867591bfea47c5918bb37b37fbec21a httpd-2.0.46-61.ent.x86_64.rpm 8f8cd4e2b9024b355965888c3ba0196d httpd-debuginfo-2.0.46-61.ent.x86_64.rpm 624fd85d9aa4e6372f1663052df06309 httpd-devel-2.0.46-61.ent.x86_64.rpm 927b300b3ff027401c1c7b38dac1cfa0 mod_ssl-2.0.46-61.ent.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-61.ent.src.rpm 04cf2be7ea48113d24aad1d32b36ad0b httpd-2.0.46-61.ent.src.rpm i386: d9bb6b02095ee31f3779a41ccf37e889 httpd-2.0.46-61.ent.i386.rpm eae693185994488d65566a690a1e43b5 httpd-debuginfo-2.0.46-61.ent.i386.rpm 59adb3ab038e3bf0e799b1d246913b87 httpd-devel-2.0.46-61.ent.i386.rpm 8095700d500f6427d83e7e65010d91c5 mod_ssl-2.0.46-61.ent.i386.rpm x86_64: a867591bfea47c5918bb37b37fbec21a httpd-2.0.46-61.ent.x86_64.rpm 8f8cd4e2b9024b355965888c3ba0196d httpd-debuginfo-2.0.46-61.ent.x86_64.rpm 624fd85d9aa4e6372f1663052df06309 httpd-devel-2.0.46-61.ent.x86_64.rpm 927b300b3ff027401c1c7b38dac1cfa0 mod_ssl-2.0.46-61.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-61.ent.src.rpm 04cf2be7ea48113d24aad1d32b36ad0b httpd-2.0.46-61.ent.src.rpm i386: d9bb6b02095ee31f3779a41ccf37e889 httpd-2.0.46-61.ent.i386.rpm eae693185994488d65566a690a1e43b5 httpd-debuginfo-2.0.46-61.ent.i386.rpm 59adb3ab038e3bf0e799b1d246913b87 httpd-devel-2.0.46-61.ent.i386.rpm 8095700d500f6427d83e7e65010d91c5 mod_ssl-2.0.46-61.ent.i386.rpm ia64: 66c25ecc5c74599ba3a7bb3f2fa9f4b8 httpd-2.0.46-61.ent.ia64.rpm f8e037feaae5deef8418d5d7f276eae5 httpd-debuginfo-2.0.46-61.ent.ia64.rpm c967c0497ef645d09805b432add9fac2 httpd-devel-2.0.46-61.ent.ia64.rpm 635c92aac642b85d9b49322c4fd09f39 mod_ssl-2.0.46-61.ent.ia64.rpm x86_64: a867591bfea47c5918bb37b37fbec21a httpd-2.0.46-61.ent.x86_64.rpm 8f8cd4e2b9024b355965888c3ba0196d httpd-debuginfo-2.0.46-61.ent.x86_64.rpm 624fd85d9aa4e6372f1663052df06309 httpd-devel-2.0.46-61.ent.x86_64.rpm 927b300b3ff027401c1c7b38dac1cfa0 mod_ssl-2.0.46-61.ent.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-61.ent.src.rpm 04cf2be7ea48113d24aad1d32b36ad0b httpd-2.0.46-61.ent.src.rpm i386: d9bb6b02095ee31f3779a41ccf37e889 httpd-2.0.46-61.ent.i386.rpm eae693185994488d65566a690a1e43b5 httpd-debuginfo-2.0.46-61.ent.i386.rpm 59adb3ab038e3bf0e799b1d246913b87 httpd-devel-2.0.46-61.ent.i386.rpm 8095700d500f6427d83e7e65010d91c5 mod_ssl-2.0.46-61.ent.i386.rpm ia64: 66c25ecc5c74599ba3a7bb3f2fa9f4b8 httpd-2.0.46-61.ent.ia64.rpm f8e037feaae5deef8418d5d7f276eae5 httpd-debuginfo-2.0.46-61.ent.ia64.rpm c967c0497ef645d09805b432add9fac2 httpd-devel-2.0.46-61.ent.ia64.rpm 635c92aac642b85d9b49322c4fd09f39 mod_ssl-2.0.46-61.ent.ia64.rpm x86_64: a867591bfea47c5918bb37b37fbec21a httpd-2.0.46-61.ent.x86_64.rpm 8f8cd4e2b9024b355965888c3ba0196d httpd-debuginfo-2.0.46-61.ent.x86_64.rpm 624fd85d9aa4e6372f1663052df06309 httpd-devel-2.0.46-61.ent.x86_64.rpm 927b300b3ff027401c1c7b38dac1cfa0 mod_ssl-2.0.46-61.ent.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-28.ent.src.rpm 4f35d5c8dc42f7e0c8d47fbe15f80ee7 httpd-2.0.52-28.ent.src.rpm i386: 0b30f0a89cca20b95784a39fcab65e35 httpd-2.0.52-28.ent.i386.rpm 16c54cd14dd2efbcc264ce313107aa1e httpd-debuginfo-2.0.52-28.ent.i386.rpm 1f5dc32947852da3a57662e6d8d5da21 httpd-devel-2.0.52-28.ent.i386.rpm 453758ed80cda526c0d28dbe6a4fb053 httpd-manual-2.0.52-28.ent.i386.rpm 08c31b58be6c3a3e56b4ab8cd7c9d60b httpd-suexec-2.0.52-28.ent.i386.rpm bafd04190956db5220e1931f1cdfda06 mod_ssl-2.0.52-28.ent.i386.rpm ia64: 981d825a38f285dc367a57909ebb1bb5 httpd-2.0.52-28.ent.ia64.rpm cf2d0c7a8b16aa07012fd164f490e040 httpd-debuginfo-2.0.52-28.ent.ia64.rpm 37da1e4c1527b539523bd076595ec3fb httpd-devel-2.0.52-28.ent.ia64.rpm e6dc477ed351c90340a16ee7e05a6c0f httpd-manual-2.0.52-28.ent.ia64.rpm 2e8c68c3be5aba7ff97fe63a5204c1ed httpd-suexec-2.0.52-28.ent.ia64.rpm 1b20f7a2d51bb180b8e0d7ce7198c37a mod_ssl-2.0.52-28.ent.ia64.rpm ppc: d5f2c327364716fac423212bab0e78ae httpd-2.0.52-28.ent.ppc.rpm 22e7b339bf1bd1673ac55d5ee26a9abf httpd-debuginfo-2.0.52-28.ent.ppc.rpm 90bd7f4d121543fa18c46d5e4d061800 httpd-devel-2.0.52-28.ent.ppc.rpm 4df7750df209c840db61a391c4dc53cb httpd-manual-2.0.52-28.ent.ppc.rpm d990a29b89b52cc4f106f71e960de2f6 httpd-suexec-2.0.52-28.ent.ppc.rpm 2e36173faaf66a60e16f4ab560943264 mod_ssl-2.0.52-28.ent.ppc.rpm s390: 6b4eadc50cd34b89a5e552a9d837915b httpd-2.0.52-28.ent.s390.rpm 10b1258eaa72cb7d24f307f4b56587d6 httpd-debuginfo-2.0.52-28.ent.s390.rpm c32a312d95476cb5239f09ac5640cc89 httpd-devel-2.0.52-28.ent.s390.rpm 9f2a04f98ba26be7241299f38b3bdb30 httpd-manual-2.0.52-28.ent.s390.rpm 3f69e468aa98ccb4041eb638fb4f9836 httpd-suexec-2.0.52-28.ent.s390.rpm b1bf1d1537d3c69db0810449cd40a202 mod_ssl-2.0.52-28.ent.s390.rpm s390x: 1ade626c844752cacd4a4e3693b89c4d httpd-2.0.52-28.ent.s390x.rpm 1b47cc782af3c9ae292070bc4153314d httpd-debuginfo-2.0.52-28.ent.s390x.rpm 0473513c742d3926e936daa1cedb01e3 httpd-devel-2.0.52-28.ent.s390x.rpm 62693d03ee562582b0e8b3338da593ff httpd-manual-2.0.52-28.ent.s390x.rpm ce08d7a587630f3568d49a35d1aa3ad7 httpd-suexec-2.0.52-28.ent.s390x.rpm bf53b4918b08d5efd7abaf97445821f5 mod_ssl-2.0.52-28.ent.s390x.rpm x86_64: 5ea25c8a07bb0021b79d3607bebb7324 httpd-2.0.52-28.ent.x86_64.rpm 07e4bd6632a3775bb5fc56cdebdf1302 httpd-debuginfo-2.0.52-28.ent.x86_64.rpm 349f57d1d4819f8adb4a46118b774a50 httpd-devel-2.0.52-28.ent.x86_64.rpm 53ba74eac84a36cc1cb2829add804236 httpd-manual-2.0.52-28.ent.x86_64.rpm ad3cdee012b0cc635caa391ab695345c httpd-suexec-2.0.52-28.ent.x86_64.rpm 92a99ce7ec860e35b735814360ec37cb mod_ssl-2.0.52-28.ent.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-28.ent.src.rpm 4f35d5c8dc42f7e0c8d47fbe15f80ee7 httpd-2.0.52-28.ent.src.rpm i386: 0b30f0a89cca20b95784a39fcab65e35 httpd-2.0.52-28.ent.i386.rpm 16c54cd14dd2efbcc264ce313107aa1e httpd-debuginfo-2.0.52-28.ent.i386.rpm 1f5dc32947852da3a57662e6d8d5da21 httpd-devel-2.0.52-28.ent.i386.rpm 453758ed80cda526c0d28dbe6a4fb053 httpd-manual-2.0.52-28.ent.i386.rpm 08c31b58be6c3a3e56b4ab8cd7c9d60b httpd-suexec-2.0.52-28.ent.i386.rpm bafd04190956db5220e1931f1cdfda06 mod_ssl-2.0.52-28.ent.i386.rpm x86_64: 5ea25c8a07bb0021b79d3607bebb7324 httpd-2.0.52-28.ent.x86_64.rpm 07e4bd6632a3775bb5fc56cdebdf1302 httpd-debuginfo-2.0.52-28.ent.x86_64.rpm 349f57d1d4819f8adb4a46118b774a50 httpd-devel-2.0.52-28.ent.x86_64.rpm 53ba74eac84a36cc1cb2829add804236 httpd-manual-2.0.52-28.ent.x86_64.rpm ad3cdee012b0cc635caa391ab695345c httpd-suexec-2.0.52-28.ent.x86_64.rpm 92a99ce7ec860e35b735814360ec37cb mod_ssl-2.0.52-28.ent.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-28.ent.src.rpm 4f35d5c8dc42f7e0c8d47fbe15f80ee7 httpd-2.0.52-28.ent.src.rpm i386: 0b30f0a89cca20b95784a39fcab65e35 httpd-2.0.52-28.ent.i386.rpm 16c54cd14dd2efbcc264ce313107aa1e httpd-debuginfo-2.0.52-28.ent.i386.rpm 1f5dc32947852da3a57662e6d8d5da21 httpd-devel-2.0.52-28.ent.i386.rpm 453758ed80cda526c0d28dbe6a4fb053 httpd-manual-2.0.52-28.ent.i386.rpm 08c31b58be6c3a3e56b4ab8cd7c9d60b httpd-suexec-2.0.52-28.ent.i386.rpm bafd04190956db5220e1931f1cdfda06 mod_ssl-2.0.52-28.ent.i386.rpm ia64: 981d825a38f285dc367a57909ebb1bb5 httpd-2.0.52-28.ent.ia64.rpm cf2d0c7a8b16aa07012fd164f490e040 httpd-debuginfo-2.0.52-28.ent.ia64.rpm 37da1e4c1527b539523bd076595ec3fb httpd-devel-2.0.52-28.ent.ia64.rpm e6dc477ed351c90340a16ee7e05a6c0f httpd-manual-2.0.52-28.ent.ia64.rpm 2e8c68c3be5aba7ff97fe63a5204c1ed httpd-suexec-2.0.52-28.ent.ia64.rpm 1b20f7a2d51bb180b8e0d7ce7198c37a mod_ssl-2.0.52-28.ent.ia64.rpm x86_64: 5ea25c8a07bb0021b79d3607bebb7324 httpd-2.0.52-28.ent.x86_64.rpm 07e4bd6632a3775bb5fc56cdebdf1302 httpd-debuginfo-2.0.52-28.ent.x86_64.rpm 349f57d1d4819f8adb4a46118b774a50 httpd-devel-2.0.52-28.ent.x86_64.rpm 53ba74eac84a36cc1cb2829add804236 httpd-manual-2.0.52-28.ent.x86_64.rpm ad3cdee012b0cc635caa391ab695345c httpd-suexec-2.0.52-28.ent.x86_64.rpm 92a99ce7ec860e35b735814360ec37cb mod_ssl-2.0.52-28.ent.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-28.ent.src.rpm 4f35d5c8dc42f7e0c8d47fbe15f80ee7 httpd-2.0.52-28.ent.src.rpm i386: 0b30f0a89cca20b95784a39fcab65e35 httpd-2.0.52-28.ent.i386.rpm 16c54cd14dd2efbcc264ce313107aa1e httpd-debuginfo-2.0.52-28.ent.i386.rpm 1f5dc32947852da3a57662e6d8d5da21 httpd-devel-2.0.52-28.ent.i386.rpm 453758ed80cda526c0d28dbe6a4fb053 httpd-manual-2.0.52-28.ent.i386.rpm 08c31b58be6c3a3e56b4ab8cd7c9d60b httpd-suexec-2.0.52-28.ent.i386.rpm bafd04190956db5220e1931f1cdfda06 mod_ssl-2.0.52-28.ent.i386.rpm ia64: 981d825a38f285dc367a57909ebb1bb5 httpd-2.0.52-28.ent.ia64.rpm cf2d0c7a8b16aa07012fd164f490e040 httpd-debuginfo-2.0.52-28.ent.ia64.rpm 37da1e4c1527b539523bd076595ec3fb httpd-devel-2.0.52-28.ent.ia64.rpm e6dc477ed351c90340a16ee7e05a6c0f httpd-manual-2.0.52-28.ent.ia64.rpm 2e8c68c3be5aba7ff97fe63a5204c1ed httpd-suexec-2.0.52-28.ent.ia64.rpm 1b20f7a2d51bb180b8e0d7ce7198c37a mod_ssl-2.0.52-28.ent.ia64.rpm x86_64: 5ea25c8a07bb0021b79d3607bebb7324 httpd-2.0.52-28.ent.x86_64.rpm 07e4bd6632a3775bb5fc56cdebdf1302 httpd-debuginfo-2.0.52-28.ent.x86_64.rpm 349f57d1d4819f8adb4a46118b774a50 httpd-devel-2.0.52-28.ent.x86_64.rpm 53ba74eac84a36cc1cb2829add804236 httpd-manual-2.0.52-28.ent.x86_64.rpm ad3cdee012b0cc635caa391ab695345c httpd-suexec-2.0.52-28.ent.x86_64.rpm 92a99ce7ec860e35b735814360ec37cb mod_ssl-2.0.52-28.ent.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFE26cHXlSAg2UNWIIRAjpYAJ0UEAHLvxemCtk3j5E1qvTK4J8yKQCdHjVw 3UtrXb7F/zzzTBDNYJfMflY= =ZIj0 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBROj0Jih9+71yA2DNAQLl2wP+OUzZ122fO4z2hsXCNSIIRaQHHf1yrYHi DepGLasLs/S/KF1OoXJoW90+iqhXJJa/D0oXEZN9UO+T5N8b6bVddkqOU8zufSQ1 +wh+fWFNtprDdiYBpbksV1lDzSNPI7eOg5j1CcsRlejikfNjnjM+IVqEJJRDKcFv ZK16rbQNba0= =G6av -----END PGP SIGNATURE-----