| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Aug 2010 18:04:00 +0200 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDVSA-2010:153 ] apache -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:153 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache Date : August 16, 2010 Affected: 2009.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in apache: The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path (CVE-2010-1452). mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions (CVE-2010-2791). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2791 http://httpd.apache.org/security/vulnerabilities_22.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 238de136ebd4ef12d69c2bc8a3e3d3be 2009.0/i586/apache-base-2.2.9-12.10mdv2009.0.i586.rpm 141124279c0755c0299d59587f0eafeb 2009.0/i586/apache-devel-2.2.9-12.10mdv2009.0.i586.rpm 05cf83c379680e3ed51340b42d084b54 2009.0/i586/apache-htcacheclean-2.2.9-12.10mdv2009.0.i586.rpm 9e1f554bb3705dedaddba825f1b56403 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.10mdv2009.0.i586.rpm 9a3655c03604fcd04b4d1e0e34dedffc 2009.0/i586/apache-mod_cache-2.2.9-12.10mdv2009.0.i586.rpm 0a92ae5396ef3bc58481964474fbbb19 2009.0/i586/apache-mod_dav-2.2.9-12.10mdv2009.0.i586.rpm 63df221d5cf990cd347466419a8b0377 2009.0/i586/apache-mod_dbd-2.2.9-12.10mdv2009.0.i586.rpm 1b2dbf225749350a9bb7dcdf20b92227 2009.0/i586/apache-mod_deflate-2.2.9-12.10mdv2009.0.i586.rpm 5ecc8f17635dd7e7428292628daeda79 2009.0/i586/apache-mod_disk_cache-2.2.9-12.10mdv2009.0.i586.rpm 8fab3607fe02e1564939f8c20f0d207b 2009.0/i586/apache-mod_file_cache-2.2.9-12.10mdv2009.0.i586.rpm 88cd61a082b42899bda94777ab7e62aa 2009.0/i586/apache-mod_ldap-2.2.9-12.10mdv2009.0.i586.rpm 1ff181c8481cda668fcb129052ab094c 2009.0/i586/apache-mod_mem_cache-2.2.9-12.10mdv2009.0.i586.rpm 6eedc6c5d7727f408882a07d0408bbdd 2009.0/i586/apache-mod_proxy-2.2.9-12.10mdv2009.0.i586.rpm ba21753018cb8fb4aa4750e8fe77e022 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.10mdv2009.0.i586.rpm 2a90910cff8efc4dd4c61db469548bf5 2009.0/i586/apache-mod_ssl-2.2.9-12.10mdv2009.0.i586.rpm 35e3bca53a5880a07b24ad72f6dd6d07 2009.0/i586/apache-modules-2.2.9-12.10mdv2009.0.i586.rpm 62e5846e1811ba312d6bb8f049493788 2009.0/i586/apache-mod_userdir-2.2.9-12.10mdv2009.0.i586.rpm 0f15da6722a641d7d5e5b911e8c0cece 2009.0/i586/apache-mpm-event-2.2.9-12.10mdv2009.0.i586.rpm 9b9f2d505afcc686c7d7fd1fb80615f7 2009.0/i586/apache-mpm-itk-2.2.9-12.10mdv2009.0.i586.rpm d839ec4ccd71e89115f9f62cd6ceee36 2009.0/i586/apache-mpm-peruser-2.2.9-12.10mdv2009.0.i586.rpm e4ae2a88b622053fe3b319343fadaf1e 2009.0/i586/apache-mpm-prefork-2.2.9-12.10mdv2009.0.i586.rpm 797172063095f4f48199e0f5c6df34df 2009.0/i586/apache-mpm-worker-2.2.9-12.10mdv2009.0.i586.rpm 56a686181dec3713a922e2beb1b74515 2009.0/i586/apache-source-2.2.9-12.10mdv2009.0.i586.rpm ffc80b53691b9200454d986e66728aa2 2009.0/SRPMS/apache-2.2.9-12.10mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: c578a6e9a29e81df145a388e8696e8f0 2009.0/x86_64/apache-base-2.2.9-12.10mdv2009.0.x86_64.rpm 168df22318ae9ea5be0f265b9aaa486a 2009.0/x86_64/apache-devel-2.2.9-12.10mdv2009.0.x86_64.rpm 3fd73c32becdc0c7ea67283c3a056e52 2009.0/x86_64/apache-htcacheclean-2.2.9-12.10mdv2009.0.x86_64.rpm 875d0e01dd140f65da24a14eb57ae484 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.10mdv2009.0.x86_64.rpm 3247dcd354558d0fe035feda4416c8a0 2009.0/x86_64/apache-mod_cache-2.2.9-12.10mdv2009.0.x86_64.rpm 101c210907cd0e5d289081d80f83892e 2009.0/x86_64/apache-mod_dav-2.2.9-12.10mdv2009.0.x86_64.rpm 10b7a5d979b99bcbf38fdbe0e036a1cf 2009.0/x86_64/apache-mod_dbd-2.2.9-12.10mdv2009.0.x86_64.rpm 82c0a9a58e60d6018447052ad22b4507 2009.0/x86_64/apache-mod_deflate-2.2.9-12.10mdv2009.0.x86_64.rpm fae88ae076de0bc2528f6b01f96c0608 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.10mdv2009.0.x86_64.rpm a506f22a169f2de5a2705eeb6742fc69 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.10mdv2009.0.x86_64.rpm 069155f234c22f55c30d20bda33dd40a 2009.0/x86_64/apache-mod_ldap-2.2.9-12.10mdv2009.0.x86_64.rpm c4a56e07aabaac67a5fb491b72cbdd5e 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.10mdv2009.0.x86_64.rpm 842ce796a5ce358267588e62dc6c1d84 2009.0/x86_64/apache-mod_proxy-2.2.9-12.10mdv2009.0.x86_64.rpm de2dfcf5017e07456237ebaebb94b63a 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.10mdv2009.0.x86_64.rpm e7424124fd455d338fe7807085a465f8 2009.0/x86_64/apache-mod_ssl-2.2.9-12.10mdv2009.0.x86_64.rpm cc51ff1bc2bb86fa375c64a83cbe5669 2009.0/x86_64/apache-modules-2.2.9-12.10mdv2009.0.x86_64.rpm bd9169da6ee818841c99f893d97758ab 2009.0/x86_64/apache-mod_userdir-2.2.9-12.10mdv2009.0.x86_64.rpm d786b5b3e993f6b762984939a59188ac 2009.0/x86_64/apache-mpm-event-2.2.9-12.10mdv2009.0.x86_64.rpm 3663a04f5b3bece171140300beca60a6 2009.0/x86_64/apache-mpm-itk-2.2.9-12.10mdv2009.0.x86_64.rpm 1893fd3799e3914f79b4e99435f7f28d 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.10mdv2009.0.x86_64.rpm 08cf47881f23b2f6423c7c0243369468 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.10mdv2009.0.x86_64.rpm b79fc5815401552c1ee4dd411ea60e9e 2009.0/x86_64/apache-mpm-worker-2.2.9-12.10mdv2009.0.x86_64.rpm d03ac2690298a61b630ec151fef1110b 2009.0/x86_64/apache-source-2.2.9-12.10mdv2009.0.x86_64.rpm ffc80b53691b9200454d986e66728aa2 2009.0/SRPMS/apache-2.2.9-12.10mdv2009.0.src.rpm Mandriva Enterprise Server 5: cae43472379d49f78134e2058709677a mes5/i586/apache-base-2.2.9-12.10mdvmes5.1.i586.rpm a71d55063dc1c638e2dfeed6379405e7 mes5/i586/apache-devel-2.2.9-12.10mdvmes5.1.i586.rpm 96c5a3f3408f16608e4aa0eae921eadc mes5/i586/apache-htcacheclean-2.2.9-12.10mdvmes5.1.i586.rpm d91c5806b0647c7de4a7ae5a7acb5901 mes5/i586/apache-mod_authn_dbd-2.2.9-12.10mdvmes5.1.i586.rpm 51709df2ae1d1bbbb80161d17823ed54 mes5/i586/apache-mod_cache-2.2.9-12.10mdvmes5.1.i586.rpm 76d66f1632147a1db2a66ec8449676a7 mes5/i586/apache-mod_dav-2.2.9-12.10mdvmes5.1.i586.rpm c8fc9d26366cf23cb4e02e0ba7c40ab1 mes5/i586/apache-mod_dbd-2.2.9-12.10mdvmes5.1.i586.rpm f407cb9d289d4df8f395b7469221af83 mes5/i586/apache-mod_deflate-2.2.9-12.10mdvmes5.1.i586.rpm 870246ffc86e5453bebc0adeff740f23 mes5/i586/apache-mod_disk_cache-2.2.9-12.10mdvmes5.1.i586.rpm c373b7252a58575f8b100cc9a77897d6 mes5/i586/apache-mod_file_cache-2.2.9-12.10mdvmes5.1.i586.rpm 72b7c2d21a4aa038d384bb15f1171acd mes5/i586/apache-mod_ldap-2.2.9-12.10mdvmes5.1.i586.rpm 7c4d510bdaa58bb13b4281283462d4e8 mes5/i586/apache-mod_mem_cache-2.2.9-12.10mdvmes5.1.i586.rpm e88f86183f1edab93caf98a98496237d mes5/i586/apache-mod_proxy-2.2.9-12.10mdvmes5.1.i586.rpm 5c6f9547a6ff4faad90cf8f4fa6ad841 mes5/i586/apache-mod_proxy_ajp-2.2.9-12.10mdvmes5.1.i586.rpm ebb11a941f84db7fbc28ce274f9e8ba6 mes5/i586/apache-mod_ssl-2.2.9-12.10mdvmes5.1.i586.rpm 9854699e46d9dfdfcabc5cd034c00b96 mes5/i586/apache-modules-2.2.9-12.10mdvmes5.1.i586.rpm 51323be198089431321036224db67d03 mes5/i586/apache-mod_userdir-2.2.9-12.10mdvmes5.1.i586.rpm c046c955c1c506c03197d392df79c748 mes5/i586/apache-mpm-event-2.2.9-12.10mdvmes5.1.i586.rpm 704649a20a5017f880eb36f2759fa835 mes5/i586/apache-mpm-itk-2.2.9-12.10mdvmes5.1.i586.rpm 91003a47a1b7a5be432db522d40c00f8 mes5/i586/apache-mpm-peruser-2.2.9-12.10mdvmes5.1.i586.rpm adb996091556269761169421570ca809 mes5/i586/apache-mpm-prefork-2.2.9-12.10mdvmes5.1.i586.rpm 28d84353ee16bb7945fcfcf8cafd8c66 mes5/i586/apache-mpm-worker-2.2.9-12.10mdvmes5.1.i586.rpm f4ebb8202d84b91e93c79f65188ca23e mes5/i586/apache-source-2.2.9-12.10mdvmes5.1.i586.rpm da98e1bb9ad5504b54849dc44dd0c405 mes5/SRPMS/apache-2.2.9-12.10mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 94082a462cbbedc8c26aab5b6573bf82 mes5/x86_64/apache-base-2.2.9-12.10mdvmes5.1.x86_64.rpm 315b539457792bc6e30b59564d6c1aa5 mes5/x86_64/apache-devel-2.2.9-12.10mdvmes5.1.x86_64.rpm defdf4efb19dfbd2efe8f799957dba00 mes5/x86_64/apache-htcacheclean-2.2.9-12.10mdvmes5.1.x86_64.rpm 46b8507c6df22032fb25df9f1057d473 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.10mdvmes5.1.x86_64.rpm 08732297da7d96414a6e66d0b5fe4f72 mes5/x86_64/apache-mod_cache-2.2.9-12.10mdvmes5.1.x86_64.rpm 6d059d9fc62ec59c93afb20fe2b1e134 mes5/x86_64/apache-mod_dav-2.2.9-12.10mdvmes5.1.x86_64.rpm 7a6a0e7b8086db5bfde394f0bbff7299 mes5/x86_64/apache-mod_dbd-2.2.9-12.10mdvmes5.1.x86_64.rpm 8977f6e2b5b6bb21f456752a215019b0 mes5/x86_64/apache-mod_deflate-2.2.9-12.10mdvmes5.1.x86_64.rpm a642f9d74eed23992905d4ca26570b1a mes5/x86_64/apache-mod_disk_cache-2.2.9-12.10mdvmes5.1.x86_64.rpm 6c583416f58264f0e6be8a8dfd426715 mes5/x86_64/apache-mod_file_cache-2.2.9-12.10mdvmes5.1.x86_64.rpm 40092f4dd75fdb25506c136c6ae1cd87 mes5/x86_64/apache-mod_ldap-2.2.9-12.10mdvmes5.1.x86_64.rpm c4323601dc144cb51e024cf178dfe414 mes5/x86_64/apache-mod_mem_cache-2.2.9-12.10mdvmes5.1.x86_64.rpm 584fff4d5eb4b4c55da1d298468fab68 mes5/x86_64/apache-mod_proxy-2.2.9-12.10mdvmes5.1.x86_64.rpm cd69b1c53233a546f26ac1a06a56b76f mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.10mdvmes5.1.x86_64.rpm 68d9fcdd47f4767dfb4e58f210c31d97 mes5/x86_64/apache-mod_ssl-2.2.9-12.10mdvmes5.1.x86_64.rpm 86c8a0a66627ad73123a7a8f19442c08 mes5/x86_64/apache-modules-2.2.9-12.10mdvmes5.1.x86_64.rpm de0d632919fc6edfd091f3b1871c0ca9 mes5/x86_64/apache-mod_userdir-2.2.9-12.10mdvmes5.1.x86_64.rpm 0e4d84870327be57163579b66c3ac104 mes5/x86_64/apache-mpm-event-2.2.9-12.10mdvmes5.1.x86_64.rpm 0959bfed96992d16c58f9ee22c04af07 mes5/x86_64/apache-mpm-itk-2.2.9-12.10mdvmes5.1.x86_64.rpm 43eb9f6c352bbbe049628bbd41756b9b mes5/x86_64/apache-mpm-peruser-2.2.9-12.10mdvmes5.1.x86_64.rpm 919a363ca56831f04f2e622cc1a192f3 mes5/x86_64/apache-mpm-prefork-2.2.9-12.10mdvmes5.1.x86_64.rpm ec1d3e1ae8c2bc3e547fd8f095fcfe23 mes5/x86_64/apache-mpm-worker-2.2.9-12.10mdvmes5.1.x86_64.rpm 7637fb712b7b08cffda967a66c3c47aa mes5/x86_64/apache-source-2.2.9-12.10mdvmes5.1.x86_64.rpm da98e1bb9ad5504b54849dc44dd0c405 mes5/SRPMS/apache-2.2.9-12.10mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMaTSHmqjQ0CJFipgRAtoCAJ9BGN6CAncvlMzNDaRADUpkjPp7uACg7Mpx rElFxWU84znmOrOERj6iHh8= =oTXe -----END PGP SIGNATURE-----
Powered by blists - more mailing lists