Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/metadata/glsa/glsa-200401-03.xml
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa/glsa-200401-03.xml')
-rw-r--r--metadata/glsa/glsa-200401-03.xml66
1 files changed, 66 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200401-03.xml b/metadata/glsa/glsa-200401-03.xml
new file mode 100644
index 000000000000..05ec55fce802
--- /dev/null
+++ b/metadata/glsa/glsa-200401-03.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200401-03">
+ <title>Apache mod_python Denial of Service vulnerability</title>
+ <synopsis>
+ Apache's mod_python module could crash the httpd process if a specific,
+ malformed query string was sent.
+ </synopsis>
+ <product type="ebuild">mod_python</product>
+ <announced>2004-01-27</announced>
+ <revised count="02">2007-12-30</revised>
+ <bug>39154</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-apache/mod_python" auto="yes" arch="*">
+ <unaffected range="ge">2.7.10</unaffected>
+ <vulnerable range="lt">2.7.10</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ Mod_python is an Apache module that embeds the Python interpreter
+ within the server allowing Python-based web-applications to be
+ created.
+ </p>
+ </background>
+ <description>
+ <p>
+ The Apache Foundation has reported that mod_python may be prone to
+ Denial of Service attacks when handling a malformed
+ query. Mod_python 2.7.9 was released to fix the vulnerability,
+ however, because the vulnerability has not been fully fixed,
+ version 2.7.10 has been released.
+ </p>
+ <p>
+ Users of mod_python 3.0.4 are not affected by this vulnerability.
+ </p>
+ </description>
+ <impact type="low">
+ <p>
+ Although there are no known public exploits known for this
+ exploit, users are recommended to upgrade mod_python to ensure the
+ security of their infrastructure.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ Mod_python 2.7.10 has been released to solve this issue; there is
+ no immediate workaround.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users using mod_python 2.7.9 or below are recommended to
+ update their mod_python installation:
+ </p>
+ <code>
+ $&gt; emerge sync
+ $&gt; emerge -pv "&gt;=www-apache/mod_python-2.7.10"
+ $&gt; emerge "&gt;=www-apache/mod_python-2.7.10"
+ $&gt; /etc/init.d/apache restart</code>
+ </resolution>
+ <references>
+ <uri link="https://www.modpython.org/pipermail/mod_python/2004-January/014879.html">Mod_python 2.7.10 release announcement</uri>
+ </references>
+</glsa>