Apache worm released

[Jeremy Fowler]

>
> BTW, This is the wrong version anyway.
> You have version 1.3.22 Apache rpm.
> You need version 1.3.26 Apache rpm

Not necessarily, Redhat has a patched 1.3.22 for 7.1 and 7.2; and 7.3 has a
patched 1.3.23:

Redhat 7.1:
ftp://updates.redhat.com/7.1/en/os/i386/apache-1.3.22-5.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/apache-devel-1.3.22-5.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/apache-manual-1.3.22-5.7.1.i386.rpm

Redhat 7.2:
ftp://updates.redhat.com/7.2/en/os/i386/apache-1.3.22-6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/apache-devel-1.3.22-6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/apache-manual-1.3.22-6.i386.rpm

Redhat 7.3:
ftp://updates.redhat.com/7.3/en/os/i386/apache-1.3.23-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/apache-devel-1.3.23-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/apache-manual-1.3.23-14.i386.rpm

While your at it, don't forget to update your SSH packages too! Another security
flaw in the challenge authentication was announced last week.
http://rhn.redhat.com/errata/rh73-errata-security.html

>
> Here is how to do it with the least headache.
> print off you httpd.conf file (hopefully you didn't destroy this).
> download apachetoolbox (http://www.apachetoolbox.com)
> run apachetoolbox and select the add-ons that are enabled in your
> current httpd.conf configuration file. There will be load statements,
> hopefully you took notes when installing it the first time that can
> help you determine other options you need. I have to do the same thing.
> Took down my server over the weekend but have been unable to find time
> to install yet. (sigh)
>
> Brian
>
> > -----Original Message-----
> > From: Jeremy Fowler [mailto:jfowler at westrope.com]
> > Sent: Monday, July 01, 2002 3:29 PM
> > To: rossiter at discoverynet.com
> > Cc: Kclug at Kclug. Org
> > Subject: RE: Apache worm released
> >
> >
> > First off, did you download the right rpm for your system?
> > What distro and
> > version are you running? If you download a binary package
> > that was compiled for
> > a different version or distro (or both) this may be why you
> > are having problems.
> > You could always rebuild using the SRPM though.
> >
> > > libdb-3.2.so   is needed by apache-1.3.22-6
> > db3-3.2
> >
> > > libexpat.so.0   is needed by apache-1.3.22-6
> > expat
> >
> > > libmm.so.11   is needed by apache-1.3.22-6
> > mm
> >
> > >
> > > Anyone know which package these are in?
> > > I've searched google trying to find out where I can get
> > libdb-3.2.so to
> > > no avail....haven't looked for the others....
> >
> > > Why don't package upgrades come complete with all the
> > dependency crap
> > > they need???  And why does a package upgrade of apache require these
> > > libs that the old one I had running didn't??
> >
> > These libraries are dynamically linked with apache to reduce
> > the size of the
> > executable and more memory efficient by only loading the
> > library into memory
> > once. Any program that then uses that code won't have to load
> > it again. Since
> > it's a separate package it makes upgrading easier if a new
> > version of the
> > library comes out. If they statically mapped the library into
> > the executable,
> > you would have to rebuild apache whenever a new version of
> > the library came out
> > that improved performance, or more importantly - fixes bugs.
> > (Think zlib)
> >
> > As for why they need these libs now? Got me, like I said. You
> > sure you grabbed
> > the right rpm?
> >
> > > This is absurd.
> >
> > Patience young grasshopper.
> >
> >
> >
> > majordomo at kclug.org
> >
>
>