AnNyung Official Homepage Home > Update [ 1.3 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



apache 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1184249637
업데이트 : 2007.07.12


상세내용

1.3.37-4 update

- add MaxClientServNum directive
- fixed CVE-2006-5752
- fixed CVE-2007-3304

CVE-2006-5752:
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status
module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a
public server-status page is used, allows remote attackers to inject arbitrary
web script or HTML via unspecified vectors involving charsets with browsers
that perform "charset detection" when the content-type is not specified. 

CVE-2007-3304:
Apache httpd 1.3.37, and 2.2.4 with the Prefork MPM module, allows local
users to cause a denial of service by modifying the worker_score and
process_score arrays to reference an arbitrary process ID, which is sent
a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." 


Autoupdates 지원 : Packages System
  pkgadd -F "apache*"


update 패키지

  RPMS :

    . apache-1.3.37-4.i686.rpm
    . apache-devel-1.3.37-4.i686.rpm

  SRPMS :

    . apache-1.3.37-4.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304



    



 Home > Update [ 1.3 ]

Copyright 2024 OOPS Development Organization 
LAST MODIFIED: 2018/04/10