The apache vulnerability issue found on 20 June 2002 (http://httpd.apache.org/info/security_bulletin_20020620.txt), has been addressed with security patches that upgrade apache to version 1.3.26.

The patches don't have the apache "include" directory, therefore be careful if you need to recompile something using apache header files; the directory is scheduled for an update in several days.

As of now, you can ask our staff to apply the patches or you can download and execute them by yourselves on each server. They are available at the following locations:

• Web server upgrade: http://www.soft.net/shiv/HS21-U/HS-apache-1_3_26
• CP web server upgrade: http://www.psoft.net/shiv/HS21-U/HS-apachecp-1_3_26
• Mail web server upgrade: http://www.psoft.net/shiv/HS21-U/HS-apachelite-1_3_26

To upgrade an apache web server:

1. Download the upgrade script.
2. Make sure that you're logged with root permissions.
3. Execute the script:
   sh SCRIPT_NAME

The script will:

• download the needed package from the psoft site;
• backup the current apache data;
• stop the apache web server;
• uninstall the old apache package/RPM if necessary;
• install the new downloaded updated apache package/RPM;
• start the new upgraded apache web server.

Warning: If you have custom packages installed to work with H-Sphere, it is strongly recommended to turn to support@psoft.net for assistance.