lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040629231427.5703.qmail@updates.mandrakesoft.com>
From: security at linux-mandrake.com (Mandrake Linux Security Team)
Subject: MDKSA-2004:065 - Updated apache packages fix buffer overflow vulnerability in mod_proxy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           apache
 Advisory ID:            MDKSA-2004:065
 Date:                   June 29th, 2004

 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A buffer overflow vulnerability was found by George Guninski in
 Apache's mod_proxy module, which can be exploited by a remote user
 to potentially execute arbitrary code with the privileges of an
 httpd child process (user apache).  This can only be exploited,
 however, if mod_proxy is actually in use.
 
 It is recommended that you stop Apache prior to updating and then
 restart it again once the update is complete ("service httpd stop"
 and "service httpd start" respectively).
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492
  http://www.guninski.com/modproxy1.html
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 3c7630ddf9e8e8a87fb0a4b16717c86d  10.0/RPMS/apache-1.3.29-1.2.100mdk.i586.rpm
 d450542efae157588cf02fcfb7ce18bd  10.0/RPMS/apache-devel-1.3.29-1.2.100mdk.i586.rpm
 ebec3b55ec6d2b1db7756a5a71b19fd3  10.0/RPMS/apache-modules-1.3.29-1.2.100mdk.i586.rpm
 8a718d665b832ca4a79b0fcd8ab911f0  10.0/RPMS/apache-source-1.3.29-1.2.100mdk.i586.rpm
 2e659040e210fa92b2ad5458cbd2227f  10.0/SRPMS/apache-1.3.29-1.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 3965ed52ddb399405a96d5ef5c1c9b80  amd64/10.0/RPMS/apache-1.3.29-1.2.100mdk.amd64.rpm
 0efc45ba61377eb7ad257d7fed8eccf1  amd64/10.0/RPMS/apache-devel-1.3.29-1.2.100mdk.amd64.rpm
 7a7e8c0d0c49825e91419cfc43461099  amd64/10.0/RPMS/apache-modules-1.3.29-1.2.100mdk.amd64.rpm
 2455fa5f7a3c9c39575d203cb336b527  amd64/10.0/RPMS/apache-source-1.3.29-1.2.100mdk.amd64.rpm
 2e659040e210fa92b2ad5458cbd2227f  amd64/10.0/SRPMS/apache-1.3.29-1.2.100mdk.src.rpm

 Corporate Server 2.1:
 7ee272946f5933718ed052f2a8ea3a5c  corporate/2.1/RPMS/apache-1.3.26-7.2.C21mdk.i586.rpm
 bd1586af647cc0bd29b474c213d0d1d6  corporate/2.1/RPMS/apache-common-1.3.26-7.2.C21mdk.i586.rpm
 84c2fce310207060141864a65d6e18ea  corporate/2.1/RPMS/apache-devel-1.3.26-7.2.C21mdk.i586.rpm
 ea3badd6c5f97eae2c77497662c3f588  corporate/2.1/RPMS/apache-manual-1.3.26-7.2.C21mdk.i586.rpm
 0f7b7fbf3e826250a21e246225e750b9  corporate/2.1/RPMS/apache-modules-1.3.26-7.2.C21mdk.i586.rpm
 2e52cbec6e2b6dd60b9792854c1cc323  corporate/2.1/RPMS/apache-source-1.3.26-7.2.C21mdk.i586.rpm
 c80aef846628f4a4d7baf59722c3ebea  corporate/2.1/SRPMS/apache-1.3.26-7.2.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 e08cece5bbc816e7e0e17297bc6feec9  x86_64/corporate/2.1/RPMS/apache-1.3.26-7.2.C21mdk.x86_64.rpm
 e15d6518f1a98094232ee91545031d8c  x86_64/corporate/2.1/RPMS/apache-common-1.3.26-7.2.C21mdk.x86_64.rpm
 71d81d5fbc9e1e1e7aa1d53c16a427ff  x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-7.2.C21mdk.x86_64.rpm
 6208b9d0f0858b92108ec7c05e34fa0d  x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-7.2.C21mdk.x86_64.rpm
 4c18d17a03140eb76c5b7159030ca67d  x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-7.2.C21mdk.x86_64.rpm
 80bb1c5f6e7a41ccdf77fbc74ec91a9f  x86_64/corporate/2.1/RPMS/apache-source-1.3.26-7.2.C21mdk.x86_64.rpm
 c80aef846628f4a4d7baf59722c3ebea  x86_64/corporate/2.1/SRPMS/apache-1.3.26-7.2.C21mdk.src.rpm

 Mandrakelinux 9.1:
 0f24006e8ff29fbaa2e9e48d95e9e493  9.1/RPMS/apache-1.3.27-8.3.91mdk.i586.rpm
 b8ee1b7b773b4399ae10f57860180b79  9.1/RPMS/apache-devel-1.3.27-8.3.91mdk.i586.rpm
 5ef66d25cfc031c10eab53f2907b15dd  9.1/RPMS/apache-modules-1.3.27-8.3.91mdk.i586.rpm
 85528359234a3d5a118893c480f20862  9.1/RPMS/apache-source-1.3.27-8.3.91mdk.i586.rpm
 5353af41517365b5007cac19508eee37  9.1/SRPMS/apache-1.3.27-8.3.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 38d721f0c30b824e268f54eea437e8a9  ppc/9.1/RPMS/apache-1.3.27-8.3.91mdk.ppc.rpm
 fc2349a3a233209c95f85bb9f18da270  ppc/9.1/RPMS/apache-devel-1.3.27-8.3.91mdk.ppc.rpm
 9448f73715ffbb2a3a9a0415dfaa2745  ppc/9.1/RPMS/apache-modules-1.3.27-8.3.91mdk.ppc.rpm
 2d68de368b93897ba2f2675490ad838e  ppc/9.1/RPMS/apache-source-1.3.27-8.3.91mdk.ppc.rpm
 5353af41517365b5007cac19508eee37  ppc/9.1/SRPMS/apache-1.3.27-8.3.91mdk.src.rpm

 Mandrakelinux 9.2:
 9635d7e327fd8bee822a4bbbb3a56da0  9.2/RPMS/apache-1.3.28-3.3.92mdk.i586.rpm
 ce3a540397e2c0a77650a47a91c8619a  9.2/RPMS/apache-devel-1.3.28-3.3.92mdk.i586.rpm
 5389d198986e1714ebb6a0e687dce0f0  9.2/RPMS/apache-modules-1.3.28-3.3.92mdk.i586.rpm
 ce34d1cc91996c84f12189580ae6dafd  9.2/RPMS/apache-source-1.3.28-3.3.92mdk.i586.rpm
 908ea9a964fec711bc25fbc7b7e9dc0f  9.2/SRPMS/apache-1.3.28-3.3.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 dee14b276676f203fceb1ca658876d24  amd64/9.2/RPMS/apache-1.3.28-3.3.92mdk.amd64.rpm
 4750abf196f44eb4aff051c4113a07a4  amd64/9.2/RPMS/apache-devel-1.3.28-3.3.92mdk.amd64.rpm
 c0eb375d43f0bad4ae8e4d4b121c72af  amd64/9.2/RPMS/apache-modules-1.3.28-3.3.92mdk.amd64.rpm
 75307fd56c0260e77399c46730506bd8  amd64/9.2/RPMS/apache-source-1.3.28-3.3.92mdk.amd64.rpm
 908ea9a964fec711bc25fbc7b7e9dc0f  amd64/9.2/SRPMS/apache-1.3.28-3.3.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFA4ffTmqjQ0CJFipgRAlhhAKCiL3x4ky36IOmPxdRwn17UI/rrugCfcjOZ
tOR0bKodwHzWnRnb0sP3fBk=
=rAKF
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ