Security 10748 Published by

Red Hat has released an update for Apache 2.0.40 under Red Hat Linux 8.0 and 9



The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server.

A bug in Apache 2.0 through 2.0.45 allows remote attackers to cause a denial of service, and may allow execution of arbitrary code. This bug affects both Red Hat Linux 8.0 and 9. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0245 to
this issue.

A build system problem in Apache 2.0 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used. This bug affects only Red Hat Linux 9 when the threaded server "httpd.worker" has been configured, which is not the default. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0189 to this issue.

All users of the Apache HTTP Web Server are advised to upgrade to the applicable errata packages, which contain back-ported fixes correcting these issues, and applied to Apache version 2.0.40.

After the errata packages are installed, restart the Web service by running the following command:

/sbin/service httpd restart

Red Hat would like to thank iDefense who initially discovered CAN-2003-0245 and John Hughes for CAN-2003-0189.
Read more