TITLE
apache multiple vulnerabilities, upgraded to apache-1.3.29
/TITLE

SYNOPSIS

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to these issues.  

CAN-2003-0192: Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory re-negotiations and the SSLCipherSuite directive being used to upgrade from a weak cipher suite to a strong one," which could cause Apache to use the weak cipher suite.

CAN-2003-0542: Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

/SYNOPSIS

INCIDENTS
sr886044 fz528423 erg712465 sr886995 fz528485 erg712487
/INCIDENTS

ACKNOWLEDGMENTS
SCO would like to thank 
/ACKNOWLEDGMENTS

REFERENCES
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542
/REFERENCES


#
# The next three items can be thought of as an array of structures.
# The first element in each is the first structure, and so on.
#
PRODUCTS
unixware713
openunix800
unixware711
/PRODUCTS

PACKAGES
apache713.pkg
apache800.pkg
apache711.pkg
/PACKAGES

URL
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.5
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.5
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.5
/URL