Bug 41150 - (CVE-2003-0132) VUL-0: CVE-2003-0132: Security update of apache2?
VUL-0: CVE-2003-0132: Security update of apache2?
: 41939 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
All Linux
: P3 - Medium : Major
: ---
Assigned To: Peter Poeml
Security Team bot
CVE-2003-0245: CVSS v2 Base Score: 5....
Depends on:
  Show dependency treegraph
Reported: 2003-04-08 05:00 UTC by Robert Schiele
Modified: 2021-09-27 09:50 UTC (History)
2 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Robert Schiele 2003-04-08 05:00:10 UTC
Although this security problem is known now for some time, apache2 is not listed in the 
pending vulnerabilities list in the security announcements. 
Are you aware of the problem? 
Is it planned to release an update? 
Note that details of the problem are announced to be disclosed TODAY.
Comment 1 Robert Schiele 2003-04-08 05:00:10 UTC
<!-- SBZ_reproduce  -->
Nothing to reproduce here.
Comment 2 Roman Drahtmueller 2003-04-08 09:56:16 UTC
We are.
Olaf, looks like we don't have to make bugs; They show up automatically.
Comment 3 Peter Poeml 2003-04-14 21:42:53 UTC
Since Friday there is a patch for 2.0.44, which fixes


The issue about file descriptor leak to child processes (such as cgi
scripts) remains. I don't know how to dissect the fairly widespread
changes in apr and apache from the other changes, and I am seriously
considering a version update... 

apache-2.0.45 runs fine, and the apr 0.9.2 prerelease that ships with it
is stable and known to be work with subversion.
Comment 4 Olaf Kirch 2003-05-26 21:37:51 UTC
dist meeting decision is to do a version upgrade. please proceed.
Comment 5 Peter Poeml 2003-05-30 20:40:42 UTC
The update will be 2.0.46, which has three more fixes:

  Security [CAN-2003-0245]: Fixed a bug that could be triggered
    remotely through mod_dav
  Security [CAN-2003-0189]: Fixed a denial-of-service
    vulnerability affecting basic authentication
  Security: forward port of buffer overflow fixes for htdigest.

Comment 6 Robert Schiele 2003-06-01 02:49:21 UTC
*** Bug 41939 has been marked as a duplicate of this bug. ***
Comment 7 Peter Poeml 2003-06-10 19:33:11 UTC
Updates are submitted (2.0.46), and are currently under control of
Comment 8 Robert Schiele 2003-06-18 04:17:19 UTC
They are out now. 
Comment 9 Thomas Biege 2009-10-13 19:44:58 UTC
CVE-2003-0245: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)