Gentoo Security Advisory GLSA 200411-03 (apache) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200411-03.

Solution

All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-www/apache-1.3.32-r1' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200411-03 http://bugs.gentoo.org/show_bug.cgi?id=68564 http://www.apacheweek.com/features/security-13

Insight

A buffer overflow vulnerability exists in mod_include which could possibly allow a local attacker to gain escalated privileges.

Severity

Classification

CVE CVE-2004-0940

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200501-16 (Konqueror, kde, kdelibs)
Gentoo Security Advisory GLSA 200401-01 (Kernel)
Gentoo Security Advisory GLSA 200408-06 (SpamAssassin)
Gentoo Security Advisory GLSA 200408-18 (xine-lib)
Gentoo Security Advisory GLSA 200411-18 (apache)

Take action and discover your vulnerabilities