IBM Support

PQ85834; 2.0.47,2.0.42,2.0.42.1,2.0.42.2: GSKit vulnerability and cumulative fix

Download


Abstract

PQ85834 cumulative fix for IBM HTTP Server 2.0.42.2 and IBM HTTP Server 2.0.47 and fix for GSKit vulnerability.

Download Description

This contains fixes for issues encountered with IBM HTTP Server 2.0.42.2, for which no Interim Fix was previously available:

GSKit vulnerability: Certain malformed SSL records may lead to DOS.
PQ85944 glibc incompatibility.
Fix ap_custom_response() storage corruption problem.
Fix mod_dav problem with manipulating locks on some platforms.
Add ThreadStackSize to resolve stack overflow with some third-party modules.
Remove compile-time limit on LimitRequestLine config directive.
Resolve CAN-2004-0174.
Resolve CAN-2003-0542.
PQ82056 Remove FD_SETSIZE restrictions on client connections.
Make mod_status show 'L' state for hung logging processes.
Resolve apxs problems (a perl script for building 3rd party IBM HTTP Server V2 modules).
Lower severity of the "listener thread did not exit" message to debug.
Does not respect the Server header field as set by modules and CGIs.
Restart mod_cgid daemon if it crashes.

This contains fixes for additional issues encountered with IBM HTTP Server 2.0.47, for which no Interim Fix was previously available:

GSKit vulnerability: Certain malformed SSL records may lead to DOS.
PQ85944 glibc incompatibility .
Fix ap_custom_response() storage corruption problem.
Fix mod_dav problem with manipulating locks on some platforms.
Add ThreadStackSize to resolve stack overflow with some third-party modules.
Remove compile-time limit on LimitRequestLine config directive.
Resolve CAN-2004-0174.
Resolve CAN-2003-0542.
PQ82056 Remove FD_SETSIZE restrictions on client connections.
Make mod_status show 'L' state for hung logging processes.

NOTICE: IBM HTTP Server interim fixes are delivered through an export controlled Web site.

Prerequisites

NONE

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"3692","INURL":"https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=httpfix"}]
Off
[{"DNLabel":"PQ85834 - Any Version/All Platforms","DNDate":"4/2/2004","DNLang":"US English","DNSize":"27699200","DNPlat":{"label":"Multi-Platform","code":""},"DNURL":"https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=httpfix","DNURL_FTP":" ","DDURL":null}]

Technical Support

1-800-IBM-SERV (U.S. Only)

[{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Base Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"2.0.47","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"SSL","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PQ78320;PQ78384;PQ78925;PQ79217;PQ80104;PQ80604;PQ80619;PQ81843;PQ82441;PQ83045;PQ83048;PQ83559;PQ84017;PQ84990;PQ77489

Document Information

Modified date:
07 September 2022

UID

swg24006719

Page Feedback