[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1XPY9k-00048z-LS@titan.mandriva.com>
Date: Thu, 04 Sep 2014 16:37:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:174 ] apache
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:174
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : apache
Date : September 4, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in apache (ASF HTTPD):
The mod_headers module in the Apache HTTP Server 2.2.22 allows
remote attackers to bypass RequestHeader unset directives by placing
a header in the trailer portion of data sent with chunked transfer
coding. NOTE: the vendor states this is not a security issue in httpd
as such. (CVE-2013-5704).
The updated packages have been upgraded to the latest 2.2.29 version
which is not vulnerable to this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704
https://httpd.apache.org/security/vulnerabilities_24.html
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
29750abc525fa1f663282d289152728d mbs1/x86_64/apache-2.2.29-1.mbs1.x86_64.rpm
721035ffb6d7d21074f35717e3f44aaf mbs1/x86_64/apache-devel-2.2.29-1.mbs1.x86_64.rpm
26297afb85c6296c32e00126ac40ea9b mbs1/x86_64/apache-doc-2.2.29-1.mbs1.noarch.rpm
e53712739979bb6a1cd6c85165b1242a mbs1/x86_64/apache-htcacheclean-2.2.29-1.mbs1.x86_64.rpm
7fe720b46b6ebad13e251a9f36bbb28a mbs1/x86_64/apache-mod_authn_dbd-2.2.29-1.mbs1.x86_64.rpm
9f09d825cfd11dc8f8027ac3bd1c261c mbs1/x86_64/apache-mod_cache-2.2.29-1.mbs1.x86_64.rpm
7d1ffd5f5df3200633bbb199b7c1523e mbs1/x86_64/apache-mod_dav-2.2.29-1.mbs1.x86_64.rpm
47ac5b86d4abcf7da0bfbbe9746738f8 mbs1/x86_64/apache-mod_dbd-2.2.29-1.mbs1.x86_64.rpm
30d1f26436b3db46048646ef958efddc mbs1/x86_64/apache-mod_deflate-2.2.29-1.mbs1.x86_64.rpm
ba2f01b8e532bb6d799a400162505199 mbs1/x86_64/apache-mod_disk_cache-2.2.29-1.mbs1.x86_64.rpm
fe40c02ee1cbdd83112356de42a2a626 mbs1/x86_64/apache-mod_file_cache-2.2.29-1.mbs1.x86_64.rpm
496a38cfceda7248fd711545dae76891 mbs1/x86_64/apache-mod_ldap-2.2.29-1.mbs1.x86_64.rpm
7628aa8f44becd4df7e0b3b647970915 mbs1/x86_64/apache-mod_mem_cache-2.2.29-1.mbs1.x86_64.rpm
9e04002218f22396cdfd2cb889da3e5e mbs1/x86_64/apache-mod_proxy-2.2.29-1.mbs1.x86_64.rpm
db545b5ea18345ddf4e4e16b4f0fac06 mbs1/x86_64/apache-mod_proxy_ajp-2.2.29-1.mbs1.x86_64.rpm
95d3fa71a040403e77c943d6923a90eb mbs1/x86_64/apache-mod_proxy_scgi-2.2.29-1.mbs1.x86_64.rpm
388a8240499cec37971a6ce592da4140 mbs1/x86_64/apache-mod_reqtimeout-2.2.29-1.mbs1.x86_64.rpm
d5e371ec472c6a05be68f87225027477 mbs1/x86_64/apache-mod_ssl-2.2.29-1.mbs1.x86_64.rpm
d20e4fd4af86f72b2c73f046d5ae53f8 mbs1/x86_64/apache-mod_suexec-2.2.29-1.mbs1.x86_64.rpm
f045696188805a71bddedbf4fbfc0983 mbs1/x86_64/apache-mod_userdir-2.2.29-1.mbs1.x86_64.rpm
2d3e37248a242d1106ede4d5ab1233f7 mbs1/x86_64/apache-mpm-event-2.2.29-1.mbs1.x86_64.rpm
4bed9538651df001dc99eceec5022f76 mbs1/x86_64/apache-mpm-itk-2.2.29-1.mbs1.x86_64.rpm
2502b612c9679119ea0c106db3c8b344 mbs1/x86_64/apache-mpm-peruser-2.2.29-1.mbs1.x86_64.rpm
a9611bd147a083dbd69bccc2c3dfc230 mbs1/x86_64/apache-mpm-prefork-2.2.29-1.mbs1.x86_64.rpm
a9a25d4cca89ac9941324f5adef736cc mbs1/x86_64/apache-mpm-worker-2.2.29-1.mbs1.x86_64.rpm
1ed209164c99e8430f4265d0c8500706 mbs1/x86_64/apache-source-2.2.29-1.mbs1.noarch.rpm
3e21e977464838c686fc1e07b9a9e6a7 mbs1/SRPMS/apache-2.2.29-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUCGsAmqjQ0CJFipgRAkD6AJ0eiJQ1D34BwBWCXxHIetoukCjAawCgze3z
ztA2F7284689+WB9M+caBLw=
=8+uD
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists