SOFTPAQ NUMBER:  SP19861
PART NUMBER:  N/A
FILE NAME:  N/A
TITLE:  ProLiant Content Delivery Server Apache Security update
VERSION:  1.3.23-14
LANGUAGE:  English

CATEGORY:  ProLiant Content Delivery Servers

DIVISIONS: Server Appliances

PRODUCTS AFFECTED:  TaskSmart C-series Servers

OPERATING SYSTEM:  RedHat Linux 7.2

SYSTEM CONFIGURATION: N/A

PREREQUISITES: ProLiant Content Delivery Server Quick Restore Release 3.1

EFFECTIVE DATE:  Immediate

ELECTRONIC DISTRIBUTION ALLOWED:  Yes

SOFTPAQ UTILITY VERSION:  5.0

SUPERSEDES:  N/A

DESCRIPTION:  

The Compaq ProLiant Content Delivery Administration Utility uses the 
Apache Web Server to function.  The Apache Web server contains a security
vulnerability, which can be used to launch a denial of service attack or,
in some cases, allow remote code execution.  This security issue has minimal
impact on the ProLiant Content Delivery Server.


Enhancements/Fixes:

As described by the RedHat web site, the Apache Web server contains a
security vulnerability, which can be used to launch a denial of service
attack or, in some cases, allow remote code execution.  Apache Web Server
versions up to and including 1.3.24 contain a bug in the routines which
deal with requests using "chunked" encoding.  A carefully crafted invalid
request can cause an Apache child process to call the memcpy() function
in a way that will write past the end of its buffer, corrupting the stack.
On some platforms this can be remotely exploited - allowing arbitrary code
to be run on the server.  The security fix has been backported from the 
official Apache 1.3.26 release.


HOW TO USE:

1. Download the SoftPaq to a directory on your hard drive of a Windows client.
The file downloaded is a self-extracting executable with a filename based on
the SoftPaq Number above.

2. Execute the downloaded file and follow the on-screen instructions. 
Use the spacebar to confirm the unpacking of files into the download directory. 
Files extracted from this SoftPaq are UpdateApache-1.3.23-14.tar.gz and sp19861.cva.

3. After the files have been unpacked, you may delete the self-extracting file 
downloaded in step 1.

4. Transfer the UpdateApache-1.3.23-14.tar.gz to your TaskSmart C-series Server by
connecting to the console using supplied methods, for example, the Remote Insight
Lights-Out Edition user interface or a secure shell connection.

5. From your TaskSmart C-series Server, extract the Apache upgrade files using
the following command:  tar -xzvf UpdateApache-1.3.23-14.tar.gz
To continue the upgrade, refer to the readme.txt file.

Copyright 2002, Compaq Computer Corporation.  All rights reserved.

Product names mentioned herein may be trademarks and/or registered
trademarks of their respective companies