Updated httpd packages that fix two security issues are now available for Red Hat Linux 8.0 and 9.
The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A bug in Apache 2.0 through 2.0.45 allows remote attackers to cause a denial of service, and may allow execution of arbitrary code. This bug affects both Red Hat Linux 8.0 and 9. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0245 to this issue. A build system problem in Apache 2.0 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used. This bug affects only Red Hat Linux 9 when the threaded server "httpd.worker" has been configured, which is not the default. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0189 to this issue. All users of the Apache HTTP Web Server are advised to upgrade to the applicable errata packages, which contain back-ported fixes correcting these issues, and applied to Apache version 2.0.40. After the errata packages are installed, restart the Web service by running the following command: /sbin/service httpd restart Red Hat would like to thank iDefense who initially discovered CAN-2003-0245 and John Hughes for CAN-2003-0189.