Gentoo Security Advisory GLSA 200403-04 (Apache)

Summary
The remote host is missing updates announced in advisory GLSA 200403-04.
Solution
Users are urged to upgrade to Apache 2.0.49: # emerge sync # emerge -pv '>=net-www/apache-2.0.49' # emerge '>=net-www/apache-2.0.49' # ** IMPORTANT ** # If you are migrating from Apache 2.0.48-r1 or earlier versions, # it is important that the following directories are removed. # The following commands should cause no data loss since these # are symbolic links. # rm /etc/apache2/lib /etc/apache2/logs /etc/apache2/modules # rm /etc/apache2/extramodules # ** ** ** ** ** # ** ALSO NOTE ** # Users who use mod_disk_cache should edit their Apache # configuration and disable mod_disk_cache. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200403-04 http://bugs.gentoo.org/show_bug.cgi?id=45206 http://www.securityfocus.com/bid/9933/info/ http://www.apache.org/dist/httpd/Announcement2.html
Insight
A memory leak in mod_ssl allows a remote denial of service attack against an SSL-enabled server via plain HTTP requests. Another flaw was found when arbitrary client-supplied strings can be written to the error log, allowing the exploit of certain terminal emulators. A third flaw exists with the mod_disk_cache module.