Red Hat has released several security updates for Apache and Kerberos as well as a kernel update for RHEL 4. The Apache update addresses issues with the mod_status and mod_cache modules.
Apache
Apache updates are available for RHEL 4 and RHEL 5. This update repairs flaws that give remote attackers openings if the server-status page is publicly accessible or if sites have caching enabled. By default, your server should not have mod_status or mod_cache running. You can check for mod_status by running:
http://www.example.com/server-status
If you get results back, then server-status is enabled and accessible. You should probably either update apache or disable mod_status.
You would need to check your apache configuration directly to see if mod_cache is enabled.
Kerberos
An update for the Kerberos network authentication system has been released for RHEL 3, 4 and 5. A flaw was detected that could allow remote attackers to execute arbitrary code on the Kerberos server. Note, Red Hat considers the Kerberos update critical on RHEL 3 systems. Updated kernel packages have also been released for RHEL 4 but they have a important rating.
Kerberos hooks into may systems and just to be safe, we always recommend updating these packages as soon as possible.
Clients using our monthly management service should have patches applied within the next 24 hours.
Check over at Red Hat for more details on severity levels and recent security updates.
