Updated apache2 packages for SUSE

I’ve just added new apache2 builds for both SUSE 9.3 and 10.0. These packages address a couple of low-grade security issues (details below). As with any security update, it is recommended for all users.

The following updated packages are available for SUSE 10.0:

apache2-2.0.54-11.3.vm.i586.rpm
apache2-example-pages-2.0.54-11.3.vm.i586.rpm
apache2-debuginfo-2.0.54-11.3.vm.i586.rpm
apache2-prefork-2.0.54-11.3.vm.i586.rpm
apache2-devel-2.0.54-11.3.vm.i586.rpm
apache2-worker-2.0.54-11.3.vm.i586.rpm
apache2-doc-2.0.54-11.3.vm.i586.rpm
libapr0-2.0.54-11.3.vm.i586.rpm

The following updated packages are available for SUSE 9.3:

apache2-2.0.53-9.10.vm.i586.rpm
apache2-example-pages-2.0.53-9.10.vm.i586.rpm
apache2-debuginfo-2.0.53-9.10.vm.i586.rpm
apache2-prefork-2.0.53-9.10.vm.i586.rpm
apache2-devel-2.0.53-9.10.vm.i586.rpm
apache2-worker-2.0.53-9.10.vm.i586.rpm
apache2-doc-2.0.53-9.10.vm.i586.rpm
libapr0-2.0.53-9.10.vm.i586.rpm

From the SUSE security report, this update fixes:

  • a cross-site-scripting bug in the imagemap module mod_imap
    (CVE-2005-3352)

  • a bug in mod_ssl that allowed attackers to crash apache
    (CVE-2005-3357)

Joe,

Tried to update the apache2 packages using yum on SuSE 10.0 failed with the following error.

Dep Number: 1/1
apache2 requires: /usr/local/bin/perl
–> Processing Dependency: /usr/local/bin/perl for package: apache2
Requiring package is from transaction set
Resolving for requiring package: apache2-2.0.54-11.3.vm in state u
Resolving for requirement: /usr/local/bin/perl
Searching pkgSack for dep: /usr/local/bin/perl
miss = 1
conf = 0
CheckDeps = 0
–> Finished Dependency Resolution
Dependency Process ending
Error: Missing Dependency: /usr/local/bin/perl is needed by package apache2

On SuSE 10.0 perl is in the /usr/bin/ not the /usr/local/bin/.

Hey Kevin,

Thanks for the heads up. I have no clue how that could possibly have come to be (or how the SUSE packages actually work and mine don’t–I rebuilt from their SRPM).

I’m looking into it. Will have an updated package in the repo ASAP.