lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WQbnM-0001T9-Ps@titan.mandriva.com>
Date: Thu, 20 Mar 2014 13:10:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:065 ] apache

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:065
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : apache
 Date    : March 20, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in apache
 (ASF HTTPD):
 
 XML parsing code in mod_dav incorrectly calculates the end of the
 string when removing leading spaces and places a NUL character outside
 the buffer, causing random crashes. This XML parsing code is only
 used with DAV provider modules that support DeltaV, of which the only
 publicly released provider is mod_dav_svn (CVE-2013-6438).
 
 A flaw was found in mod_log_config. A remote attacker could send a
 specific truncated cookie causing a crash. This crash would only be
 a denial of service if using a threaded MPM (CVE-2014-0098).
 
 The updated packages have been upgraded to the latest 2.2.27 version
 which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
 https://httpd.apache.org/security/vulnerabilities_24.html
 http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
 http://svn.apache.org/viewvc?view=revision&revision=1576716
 http://svn.apache.org/viewvc?view=revision&revision=1576706
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 b5e67e1ec8eecc90ed3c776be71884b5  mes5/i586/apache-base-2.2.27-0.1mdvmes5.2.i586.rpm
 e16c269288c33326c63dad69fbd5d742  mes5/i586/apache-conf-2.2.27-0.1mdvmes5.2.i586.rpm
 11490118b15176832c62e64b72873609  mes5/i586/apache-devel-2.2.27-0.1mdvmes5.2.i586.rpm
 8a34bbef25421b5e2383ac562078aed5  mes5/i586/apache-doc-2.2.27-0.1mdvmes5.2.i586.rpm
 3891966385c973595a02762c7a7feaaf  mes5/i586/apache-htcacheclean-2.2.27-0.1mdvmes5.2.i586.rpm
 fc0a5bf2b0f1a76e872ea576f58d109c  mes5/i586/apache-mod_authn_dbd-2.2.27-0.1mdvmes5.2.i586.rpm
 45637e33dbf459ad74b73bb8e499cb76  mes5/i586/apache-mod_cache-2.2.27-0.1mdvmes5.2.i586.rpm
 bdc00a86280c77f0e304daf07a36012b  mes5/i586/apache-mod_dav-2.2.27-0.1mdvmes5.2.i586.rpm
 2f0dd4c1914cb339975e2452a8431db5  mes5/i586/apache-mod_dbd-2.2.27-0.1mdvmes5.2.i586.rpm
 993a009191f7c94ef0571308de37659d  mes5/i586/apache-mod_deflate-2.2.27-0.1mdvmes5.2.i586.rpm
 791d43838768761473fe188ff9da7f05  mes5/i586/apache-mod_disk_cache-2.2.27-0.1mdvmes5.2.i586.rpm
 a236df927b98accfed0ac37630e887fd  mes5/i586/apache-mod_file_cache-2.2.27-0.1mdvmes5.2.i586.rpm
 6c1f38d784ed01fdf773d600f25bc822  mes5/i586/apache-mod_ldap-2.2.27-0.1mdvmes5.2.i586.rpm
 db6236186f3ed655ff14f8190a6b9b11  mes5/i586/apache-mod_mem_cache-2.2.27-0.1mdvmes5.2.i586.rpm
 f3c6a2e67c302d940ed7789e14730adb  mes5/i586/apache-mod_proxy-2.2.27-0.1mdvmes5.2.i586.rpm
 2ff0faab5b2e6bf9032ab602cc721f87  mes5/i586/apache-mod_proxy_ajp-2.2.27-0.1mdvmes5.2.i586.rpm
 570084346136e6ca0a2eb71a37523996  mes5/i586/apache-mod_proxy_scgi-2.2.27-0.1mdvmes5.2.i586.rpm
 04c90937763864425f46e4447280cf4a  mes5/i586/apache-mod_reqtimeout-2.2.27-0.1mdvmes5.2.i586.rpm
 01baf75de1196eed684d3dd296607322  mes5/i586/apache-mod_ssl-2.2.27-0.1mdvmes5.2.i586.rpm
 d8df1a10ffbad3c3700f3e9028882dbb  mes5/i586/apache-mod_suexec-2.2.27-0.1mdvmes5.2.i586.rpm
 60478eb5d2d1fc7a53c42e2ad3536dee  mes5/i586/apache-modules-2.2.27-0.1mdvmes5.2.i586.rpm
 0985355dcf2786d5df081584a5365075  mes5/i586/apache-mod_userdir-2.2.27-0.1mdvmes5.2.i586.rpm
 589ff991bbc2418a558952aab141802e  mes5/i586/apache-mpm-event-2.2.27-0.1mdvmes5.2.i586.rpm
 e7f2e1496d22505ae65e62284b2b970c  mes5/i586/apache-mpm-itk-2.2.27-0.1mdvmes5.2.i586.rpm
 620f4244f503eab2b96a6be9e8ab1666  mes5/i586/apache-mpm-peruser-2.2.27-0.1mdvmes5.2.i586.rpm
 e114434dafc66f47f8e52ab75aa7143e  mes5/i586/apache-mpm-prefork-2.2.27-0.1mdvmes5.2.i586.rpm
 962a5a9c092f23eb11c16167a836cc3f  mes5/i586/apache-mpm-worker-2.2.27-0.1mdvmes5.2.i586.rpm
 9a5b83b069447c37e3a0a3120f6f1048  mes5/i586/apache-source-2.2.27-0.1mdvmes5.2.i586.rpm 
 2507314b81d2c933cf4879c6d0f19c18  mes5/SRPMS/apache-2.2.27-0.1mdvmes5.2.src.rpm
 d5e8602ed0ea75413c7ad540c1bd4cb3  mes5/SRPMS/apache-conf-2.2.27-0.1mdvmes5.2.src.rpm
 c8f195227825c721a4c618cf31cf5fcb  mes5/SRPMS/apache-mod_suexec-2.2.27-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 d943ec6695e181bb18f2d8c4e3222ffd  mes5/x86_64/apache-base-2.2.27-0.1mdvmes5.2.x86_64.rpm
 b49b023b202a2bad32ecf8d48711f7bf  mes5/x86_64/apache-conf-2.2.27-0.1mdvmes5.2.x86_64.rpm
 feb28ca173194c44d0973c0c470f2193  mes5/x86_64/apache-devel-2.2.27-0.1mdvmes5.2.x86_64.rpm
 391d8d6b95d2b4689bb4e426df332ce6  mes5/x86_64/apache-doc-2.2.27-0.1mdvmes5.2.x86_64.rpm
 173911d5948fefa17765495b8092e76d  mes5/x86_64/apache-htcacheclean-2.2.27-0.1mdvmes5.2.x86_64.rpm
 1759fe1247cad34ea0e47d8ab2a0f16e  mes5/x86_64/apache-mod_authn_dbd-2.2.27-0.1mdvmes5.2.x86_64.rpm
 624d53cfd9eba36e27538170fad22448  mes5/x86_64/apache-mod_cache-2.2.27-0.1mdvmes5.2.x86_64.rpm
 207b1e9c9ae0209dd474f476dd8058af  mes5/x86_64/apache-mod_dav-2.2.27-0.1mdvmes5.2.x86_64.rpm
 f64626bd170b85077cb155199a0a7b7d  mes5/x86_64/apache-mod_dbd-2.2.27-0.1mdvmes5.2.x86_64.rpm
 b03d31b694c3547afd34d770809a228d  mes5/x86_64/apache-mod_deflate-2.2.27-0.1mdvmes5.2.x86_64.rpm
 29d10687579ab5063b9b13c1ec9413f4  mes5/x86_64/apache-mod_disk_cache-2.2.27-0.1mdvmes5.2.x86_64.rpm
 14b29246f53953558ea1cb0378c015e1  mes5/x86_64/apache-mod_file_cache-2.2.27-0.1mdvmes5.2.x86_64.rpm
 41130c165e310f3b811d1a37e251b064  mes5/x86_64/apache-mod_ldap-2.2.27-0.1mdvmes5.2.x86_64.rpm
 5599f490c632ba8b8bc3572d00cadf28  mes5/x86_64/apache-mod_mem_cache-2.2.27-0.1mdvmes5.2.x86_64.rpm
 c30200d51d074f274dacbbf9b6a0e509  mes5/x86_64/apache-mod_proxy-2.2.27-0.1mdvmes5.2.x86_64.rpm
 e8bd582626b42bf5f953ae8f574ecc05  mes5/x86_64/apache-mod_proxy_ajp-2.2.27-0.1mdvmes5.2.x86_64.rpm
 15b83bafb6460e87cb2e2225c1f36f8e  mes5/x86_64/apache-mod_proxy_scgi-2.2.27-0.1mdvmes5.2.x86_64.rpm
 9882e8d318d67f0545289707945d5d5d  mes5/x86_64/apache-mod_reqtimeout-2.2.27-0.1mdvmes5.2.x86_64.rpm
 78da0fd6eb45543c7b6445504055e65b  mes5/x86_64/apache-mod_ssl-2.2.27-0.1mdvmes5.2.x86_64.rpm
 3b5cced3102d837ad69ea89776041aa0  mes5/x86_64/apache-mod_suexec-2.2.27-0.1mdvmes5.2.x86_64.rpm
 562020cac2840f941538410e1b2e2d30  mes5/x86_64/apache-modules-2.2.27-0.1mdvmes5.2.x86_64.rpm
 08261dd04dcc1b36ba6a5790e71ea9df  mes5/x86_64/apache-mod_userdir-2.2.27-0.1mdvmes5.2.x86_64.rpm
 e9a3b15af20da1f18bb33664595eeae2  mes5/x86_64/apache-mpm-event-2.2.27-0.1mdvmes5.2.x86_64.rpm
 4126660d6e4bbf93ccae6d825c71d402  mes5/x86_64/apache-mpm-itk-2.2.27-0.1mdvmes5.2.x86_64.rpm
 89a50add3e4ef8a0e8d618225dad48bf  mes5/x86_64/apache-mpm-peruser-2.2.27-0.1mdvmes5.2.x86_64.rpm
 3139a9eaf050b5d36904e8d9594037fe  mes5/x86_64/apache-mpm-prefork-2.2.27-0.1mdvmes5.2.x86_64.rpm
 5ee83c2ddd05bc4bf4b181572901e4d1  mes5/x86_64/apache-mpm-worker-2.2.27-0.1mdvmes5.2.x86_64.rpm
 148c679fdebbcfc2db352e54e2601986  mes5/x86_64/apache-source-2.2.27-0.1mdvmes5.2.x86_64.rpm 
 2507314b81d2c933cf4879c6d0f19c18  mes5/SRPMS/apache-2.2.27-0.1mdvmes5.2.src.rpm
 d5e8602ed0ea75413c7ad540c1bd4cb3  mes5/SRPMS/apache-conf-2.2.27-0.1mdvmes5.2.src.rpm
 c8f195227825c721a4c618cf31cf5fcb  mes5/SRPMS/apache-mod_suexec-2.2.27-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 728c1edd6393661989108a7366c17153  mbs1/x86_64/apache-2.2.27-1.mbs1.x86_64.rpm
 88c168a73dd792a713b8a1fddbb7064a  mbs1/x86_64/apache-devel-2.2.27-1.mbs1.x86_64.rpm
 80c94adda8494d789468fb91f94667ca  mbs1/x86_64/apache-doc-2.2.27-1.mbs1.noarch.rpm
 24e02863dab7c758e53057ab83473654  mbs1/x86_64/apache-htcacheclean-2.2.27-1.mbs1.x86_64.rpm
 e7bcff8aadefad739f730aacf2bfe40f  mbs1/x86_64/apache-mod_authn_dbd-2.2.27-1.mbs1.x86_64.rpm
 ed043b70acda2c73dac9e1a3d1e557ea  mbs1/x86_64/apache-mod_cache-2.2.27-1.mbs1.x86_64.rpm
 c1c03eab1681f186752f0944b2b5d70a  mbs1/x86_64/apache-mod_dav-2.2.27-1.mbs1.x86_64.rpm
 f5be2ccab0a0d6ff085117643e189df8  mbs1/x86_64/apache-mod_dbd-2.2.27-1.mbs1.x86_64.rpm
 177ef274249c7d0f393cc22b62f4d9a2  mbs1/x86_64/apache-mod_deflate-2.2.27-1.mbs1.x86_64.rpm
 0a30594a7e7aeb0871c5cfa94d942d5a  mbs1/x86_64/apache-mod_disk_cache-2.2.27-1.mbs1.x86_64.rpm
 67702789c9838c767c023a1bb2571fac  mbs1/x86_64/apache-mod_file_cache-2.2.27-1.mbs1.x86_64.rpm
 f72e3480d50dfbcdd776ff07ec5d31f0  mbs1/x86_64/apache-mod_ldap-2.2.27-1.mbs1.x86_64.rpm
 df6b4e550100e4f8532e7d4a4c7c18e3  mbs1/x86_64/apache-mod_mem_cache-2.2.27-1.mbs1.x86_64.rpm
 c69d91ebc72f15221aa56fee982b35cc  mbs1/x86_64/apache-mod_proxy-2.2.27-1.mbs1.x86_64.rpm
 6dce9fabb3d6c6e482fbdc640f852506  mbs1/x86_64/apache-mod_proxy_ajp-2.2.27-1.mbs1.x86_64.rpm
 b30af36aeee0d8f2d4f5fd1cc801c8eb  mbs1/x86_64/apache-mod_proxy_scgi-2.2.27-1.mbs1.x86_64.rpm
 11abe25adefdaaf6955e5636fa6be368  mbs1/x86_64/apache-mod_reqtimeout-2.2.27-1.mbs1.x86_64.rpm
 7afd66d37f530771bb50559224513558  mbs1/x86_64/apache-mod_ssl-2.2.27-1.mbs1.x86_64.rpm
 521f46b704f64869e2ae142489ba8f4e  mbs1/x86_64/apache-mod_suexec-2.2.27-1.mbs1.x86_64.rpm
 73e41eaade715b59c51739e937d49d97  mbs1/x86_64/apache-mod_userdir-2.2.27-1.mbs1.x86_64.rpm
 183176fe544deffab73e187a6b6837df  mbs1/x86_64/apache-mpm-event-2.2.27-1.mbs1.x86_64.rpm
 153d52dbca8cef01eb71210c7877f7ce  mbs1/x86_64/apache-mpm-itk-2.2.27-1.mbs1.x86_64.rpm
 ffe2a2ad92be8303db5f33a551af70d8  mbs1/x86_64/apache-mpm-peruser-2.2.27-1.mbs1.x86_64.rpm
 78cba8364678e0ec37727955557be71a  mbs1/x86_64/apache-mpm-prefork-2.2.27-1.mbs1.x86_64.rpm
 4fb059e3c63e99c36c05a2cf98485247  mbs1/x86_64/apache-mpm-worker-2.2.27-1.mbs1.x86_64.rpm
 8822901f7d57c4f280b029dd6e9157d3  mbs1/x86_64/apache-source-2.2.27-1.mbs1.noarch.rpm 
 0e308e214a758f2e703059db6b11103c  mbs1/SRPMS/apache-2.2.27-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTKq52mqjQ0CJFipgRAnE4AJ9VvdPz8fTEBhXeuOOpB4ICr/mSXgCgjjqo
tbRNgzbwe6j2OyL9Q3x9jM8=
=T90d
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ