lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1Ev3oG-0000qT-N1@mercury.mandriva.com>
Date: Fri, 06 Jan 2006 19:28:00 -0700
From: Mandriva Security Team <xsecurity@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:009
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : apache2-mod_auth_pgsql
 Date    : January 6, 2006
 Affected: 10.1, 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 iDefense discovered several format string vulnerabilities in the way
 that mod_auth_pgsql logs information which could potentially be used
 by a remote attacker to execute arbitrary code as the apache user if
 mod_auth_pgsql is used for user authentication.
 
 The provided packages have been patched to prevent this problem.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3656
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 5fd1e2329146f2c03845fe516acaa123  10.1/RPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.i586.rpm
 c7cfefd7de46d13ee74f25e35f2fd76a  10.1/SRPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 631ed3b26fddd6f5198d4a33aa31326c  x86_64/10.1/RPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.x86_64.rpm
 c7cfefd7de46d13ee74f25e35f2fd76a  x86_64/10.1/SRPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm

 Mandriva Linux 10.2:
 477fd516e48926f13a66cc0a92366598  10.2/RPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.i586.rpm
 12baf2fcd6739141f29c4f6000f83e28  10.2/SRPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 7d5ba837da8f1681587c431fe219f9fa  x86_64/10.2/RPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.x86_64.rpm
 12baf2fcd6739141f29c4f6000f83e28  x86_64/10.2/SRPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.src.rpm

 Mandriva Linux 2006.0:
 abe116d3afce2e1dd6c29a4a922ecf0a  2006.0/RPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.i586.rpm
 c6755d865f6de4cf51a9f6918798aafc  2006.0/SRPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 a8e95a35a1eda50cc392193496c15721  x86_64/2006.0/RPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.x86_64.rpm
 c6755d865f6de4cf51a9f6918798aafc  x86_64/2006.0/SRPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDvvqymqjQ0CJFipgRAl5jAJwInb6yP+dO/9iXRdSeJxETV3Li+wCg7glF
tYByE5LQ2FHucxwe8fXvt2A=
=DB3Z
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ