lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1XPY9k-00048z-LS@titan.mandriva.com>
Date: Thu, 04 Sep 2014 16:37:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:174 ] apache

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:174
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : apache
 Date    : September 4, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in apache (ASF HTTPD):
 
 The mod_headers module in the Apache HTTP Server 2.2.22 allows
 remote attackers to bypass RequestHeader unset directives by placing
 a header in the trailer portion of data sent with chunked transfer
 coding. NOTE: the vendor states this is not a security issue in httpd
 as such. (CVE-2013-5704).
 
 The updated packages have been upgraded to the latest 2.2.29 version
 which is not vulnerable to this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704
 https://httpd.apache.org/security/vulnerabilities_24.html
 http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 29750abc525fa1f663282d289152728d  mbs1/x86_64/apache-2.2.29-1.mbs1.x86_64.rpm
 721035ffb6d7d21074f35717e3f44aaf  mbs1/x86_64/apache-devel-2.2.29-1.mbs1.x86_64.rpm
 26297afb85c6296c32e00126ac40ea9b  mbs1/x86_64/apache-doc-2.2.29-1.mbs1.noarch.rpm
 e53712739979bb6a1cd6c85165b1242a  mbs1/x86_64/apache-htcacheclean-2.2.29-1.mbs1.x86_64.rpm
 7fe720b46b6ebad13e251a9f36bbb28a  mbs1/x86_64/apache-mod_authn_dbd-2.2.29-1.mbs1.x86_64.rpm
 9f09d825cfd11dc8f8027ac3bd1c261c  mbs1/x86_64/apache-mod_cache-2.2.29-1.mbs1.x86_64.rpm
 7d1ffd5f5df3200633bbb199b7c1523e  mbs1/x86_64/apache-mod_dav-2.2.29-1.mbs1.x86_64.rpm
 47ac5b86d4abcf7da0bfbbe9746738f8  mbs1/x86_64/apache-mod_dbd-2.2.29-1.mbs1.x86_64.rpm
 30d1f26436b3db46048646ef958efddc  mbs1/x86_64/apache-mod_deflate-2.2.29-1.mbs1.x86_64.rpm
 ba2f01b8e532bb6d799a400162505199  mbs1/x86_64/apache-mod_disk_cache-2.2.29-1.mbs1.x86_64.rpm
 fe40c02ee1cbdd83112356de42a2a626  mbs1/x86_64/apache-mod_file_cache-2.2.29-1.mbs1.x86_64.rpm
 496a38cfceda7248fd711545dae76891  mbs1/x86_64/apache-mod_ldap-2.2.29-1.mbs1.x86_64.rpm
 7628aa8f44becd4df7e0b3b647970915  mbs1/x86_64/apache-mod_mem_cache-2.2.29-1.mbs1.x86_64.rpm
 9e04002218f22396cdfd2cb889da3e5e  mbs1/x86_64/apache-mod_proxy-2.2.29-1.mbs1.x86_64.rpm
 db545b5ea18345ddf4e4e16b4f0fac06  mbs1/x86_64/apache-mod_proxy_ajp-2.2.29-1.mbs1.x86_64.rpm
 95d3fa71a040403e77c943d6923a90eb  mbs1/x86_64/apache-mod_proxy_scgi-2.2.29-1.mbs1.x86_64.rpm
 388a8240499cec37971a6ce592da4140  mbs1/x86_64/apache-mod_reqtimeout-2.2.29-1.mbs1.x86_64.rpm
 d5e371ec472c6a05be68f87225027477  mbs1/x86_64/apache-mod_ssl-2.2.29-1.mbs1.x86_64.rpm
 d20e4fd4af86f72b2c73f046d5ae53f8  mbs1/x86_64/apache-mod_suexec-2.2.29-1.mbs1.x86_64.rpm
 f045696188805a71bddedbf4fbfc0983  mbs1/x86_64/apache-mod_userdir-2.2.29-1.mbs1.x86_64.rpm
 2d3e37248a242d1106ede4d5ab1233f7  mbs1/x86_64/apache-mpm-event-2.2.29-1.mbs1.x86_64.rpm
 4bed9538651df001dc99eceec5022f76  mbs1/x86_64/apache-mpm-itk-2.2.29-1.mbs1.x86_64.rpm
 2502b612c9679119ea0c106db3c8b344  mbs1/x86_64/apache-mpm-peruser-2.2.29-1.mbs1.x86_64.rpm
 a9611bd147a083dbd69bccc2c3dfc230  mbs1/x86_64/apache-mpm-prefork-2.2.29-1.mbs1.x86_64.rpm
 a9a25d4cca89ac9941324f5adef736cc  mbs1/x86_64/apache-mpm-worker-2.2.29-1.mbs1.x86_64.rpm
 1ed209164c99e8430f4265d0c8500706  mbs1/x86_64/apache-source-2.2.29-1.mbs1.noarch.rpm 
 3e21e977464838c686fc1e07b9a9e6a7  mbs1/SRPMS/apache-2.2.29-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUCGsAmqjQ0CJFipgRAkD6AJ0eiJQ1D34BwBWCXxHIetoukCjAawCgze3z
ztA2F7284689+WB9M+caBLw=
=8+uD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ