apache 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1184249637
업데이트 : 2007.07.12
상세내용
1.3.37-4 update
- add MaxClientServNum directive
- fixed CVE-2006-5752
- fixed CVE-2007-3304
CVE-2006-5752:
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status
module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a
public server-status page is used, allows remote attackers to inject arbitrary
web script or HTML via unspecified vectors involving charsets with browsers
that perform "charset detection" when the content-type is not specified.
CVE-2007-3304:
Apache httpd 1.3.37, and 2.2.4 with the Prefork MPM module, allows local
users to cause a denial of service by modifying the worker_score and
process_score arrays to reference an arbitrary process ID, which is sent
a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
Autoupdates 지원 : Packages System
pkgadd -F "apache*"
update 패키지
RPMS :
. apache-1.3.37-4.i686.rpm
. apache-devel-1.3.37-4.i686.rpm
SRPMS :
. apache-1.3.37-4.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
|