-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-48 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 03 Oct 2007 Last revised: 03 Oct 2007 Package: httpd Summary: Two vulnerabilities discovered in httpd More information: Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet. Two vulnerabilities discovered in Prefork MPM module and mod_proxy of Apache. Impact: The apache allows remote attackers to cause a denial of service. Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux 10 Server Source Packages Size: MD5 httpd-2.0.51-31.src.rpm 6855852 5e15f368a01acdcaec6eeecd5507ee68 Binary Packages Size: MD5 httpd-2.0.51-31.i586.rpm 1033398 0b61e37f3c95fd62a4c8aa6a649b171c httpd-devel-2.0.51-31.i586.rpm 225082 e154451792e687efdf513437a1e372db httpd-manual-2.0.51-31.i586.rpm 1133024 0adca0eae0fef87be0a9b27b698d416a mod_bwshare-2.0.51-31.i586.rpm 41305 9ccaaa464e81125d927171ceff392c47 mod_ssl-2.0.51-31.i586.rpm 89332 fd7719c9b13160524e59243e4675b3fe Source Packages Size: MD5 httpd-2.0.54-18.src.rpm 7621925 3e36b703aa893fea34c6fa1db3f62be1 Binary Packages Size: MD5 httpd-2.0.54-18.i686.rpm 1266404 759cb33e7c76b0dc5f31f2593b12abd9 httpd-devel-2.0.54-18.i686.rpm 276455 897e97a0f109e4c370ddbdcd8db70eab Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/httpd-2.0.51-31.src.rpm 6855852 2b28fbb21daf65f69b40e4edeacb2403 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-2.0.51-31.x86_64.rpm 1143468 64cc6587894ae2dbc2d807b5c3a3caa5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-debug-2.0.51-31.x86_64.rpm 3532916 b35bb93842420fdde9f827bbe5d0f788 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-devel-2.0.51-31.x86_64.rpm 225032 ac8a2565d014b0b1e2d714e08f516695 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-manual-2.0.51-31.x86_64.rpm 1133254 1e326b60fe84ec8f51dd79e0581e9cd4 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_bwshare-2.0.51-31.x86_64.rpm 42070 4b0c28ee2020a9da2527cb8742bfd059 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_ssl-2.0.51-31.x86_64.rpm 96928 1b121ce5756373f7e38a7b0681f794c3 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/httpd-2.0.51-31.src.rpm 6855852 190979e0dc39abf9c50523398ac78697 Binary Packages Size: MD5 httpd-2.0.51-31.i586.rpm 1033398 0b61e37f3c95fd62a4c8aa6a649b171c httpd-debug-2.0.51-31.i586.rpm 3541629 dbc4fab6019ef41dbf4aaa6b2312638f httpd-devel-2.0.51-31.i586.rpm 225082 e154451792e687efdf513437a1e372db httpd-manual-2.0.51-31.i586.rpm 1133024 0adca0eae0fef87be0a9b27b698d416a mod_bwshare-2.0.51-31.i586.rpm 41305 9ccaaa464e81125d927171ceff392c47 mod_ssl-2.0.51-31.i586.rpm 89332 fd7719c9b13160524e59243e4675b3fe References: CVE [CVE-2007-3304] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 [CVE-2007-3847] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 -------------------------------------------------------------------------- Revision History 03 Oct 2007 Initial release -------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHAwA4K0LzjOqIJMwRAu1dAJ4u+0AIWkszbPP6Q37J2hYnGxud4ACghB2f ovaD2pKs54LWd0OvmihclGQ= =IvLk -----END PGP SIGNATURE-----