lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HbjLa-00017W-4u@artemis.annvix.ca>
Date: Wed, 11 Apr 2007 14:23:18 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:083 ] - Updated apache-mod_perl
	packages fix DoS vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:083
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : apache-mod_perl
 Date    : April 11, 2007
 Affected: 2006.0, 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm
 in mod_perl 2.x, does not properly escape PATH_INFO before use in a
 regular expression, which allows remote attackers to cause a denial
 of service (resource consumption) via a crafted URI.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 36fc6ebd1647bf1cd0d404f19342ad7e  2006.0/i586/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.i586.rpm
 02dce36084140d70e829e47d960ea576  2006.0/i586/apache-mod_perl-devel-2.0.54_2.0.1-6.1.20060mdk.i586.rpm 
 0b880a7578f7f0d4378f9e21204696c9  2006.0/SRPMS/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 fa69d3b6658b440e244404c8a27dc31a  2006.0/x86_64/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.x86_64.rpm
 e2cd324ddefb059d9e15c7cf29378dd6  2006.0/x86_64/apache-mod_perl-devel-2.0.54_2.0.1-6.1.20060mdk.x86_64.rpm 
 0b880a7578f7f0d4378f9e21204696c9  2006.0/SRPMS/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 a5144771fa71b818e2d89f8c417c5243  2007.0/i586/apache-mod_perl-2.0.2-8.1mdv2007.0.i586.rpm
 a165f6820d6c1ffd2cfc671aa2a44310  2007.0/i586/apache-mod_perl-devel-2.0.2-8.1mdv2007.0.i586.rpm 
 a3829703a55a306a1132d496e63ec652  2007.0/SRPMS/apache-mod_perl-2.0.2-8.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 af928b60d4291c583bad0f4c04ca6169  2007.0/x86_64/apache-mod_perl-2.0.2-8.1mdv2007.0.x86_64.rpm
 e54445500f5ca4a28a3a4bbb2223d792  2007.0/x86_64/apache-mod_perl-devel-2.0.2-8.1mdv2007.0.x86_64.rpm 
 a3829703a55a306a1132d496e63ec652  2007.0/SRPMS/apache-mod_perl-2.0.2-8.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 e52c43b0f7a66915e4c76aae38d3877b  2007.1/i586/apache-mod_perl-2.0.3-3.1mdv2007.1.i586.rpm
 01fcca2beb3f2c79d9f4ac8aae13c631  2007.1/i586/apache-mod_perl-devel-2.0.3-3.1mdv2007.1.i586.rpm 
 3d752f5e1d08baf118da6ce8407a4ee7  2007.1/SRPMS/apache-mod_perl-2.0.3-3.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 e969fb39acb7ce53cf8528fbc6283a9d  2007.1/x86_64/apache-mod_perl-2.0.3-3.1mdv2007.1.x86_64.rpm
 4d43ab40be1bd7b404866ae0af6e2663  2007.1/x86_64/apache-mod_perl-devel-2.0.3-3.1mdv2007.1.x86_64.rpm 
 3d752f5e1d08baf118da6ce8407a4ee7  2007.1/SRPMS/apache-mod_perl-2.0.3-3.1mdv2007.1.src.rpm

 Corporate 3.0:
 e5e446755e5b3b403e573ee356bd01be  corporate/3.0/i586/HTML-Embperl-1.3.29_1.3.6-3.2.C30mdk.i586.rpm
 1399d977fdae6085bc59102b8577c052  corporate/3.0/i586/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.i586.rpm
 c49b2f2564a381aa22dd02b9d4f7c607  corporate/3.0/i586/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.i586.rpm
 f2534e8cd62267e0cfffb147323e816c  corporate/3.0/i586/apache2-mod_perl-devel-2.0.48_1.99_11-3.1.C30mdk.i586.rpm
 cd85d71d94598d066a912b57ea8b1534  corporate/3.0/i586/mod_perl-common-1.3.29_1.29-3.2.C30mdk.i586.rpm
 32700fd599acc6d2e012f00155586bc1  corporate/3.0/i586/mod_perl-devel-1.3.29_1.29-3.2.C30mdk.i586.rpm 
 0ff32be9c7e314b93142b25c0ccfc3ff  corporate/3.0/SRPMS/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.src.rpm
 672b33503464c59bdda5025f1004ab0b  corporate/3.0/SRPMS/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 afc8e04510079792d9bf6a2c43dad3cf  corporate/3.0/x86_64/HTML-Embperl-1.3.29_1.3.6-3.2.C30mdk.x86_64.rpm
 35977f84e3a1ce37e0f5a50814675c7a  corporate/3.0/x86_64/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.x86_64.rpm
 a8c7bd9351bcc6c83b204646df7bffdd  corporate/3.0/x86_64/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.x86_64.rpm
 397ad0e9ea70f6f0bcdae436b7dd4e53  corporate/3.0/x86_64/apache2-mod_perl-devel-2.0.48_1.99_11-3.1.C30mdk.x86_64.rpm
 42c4e59c5174e84b7b7659de0f6d0b3e  corporate/3.0/x86_64/mod_perl-common-1.3.29_1.29-3.2.C30mdk.x86_64.rpm
 7acc7a6c50b41a4c9900910a0c1b3ec0  corporate/3.0/x86_64/mod_perl-devel-1.3.29_1.29-3.2.C30mdk.x86_64.rpm 
 0ff32be9c7e314b93142b25c0ccfc3ff  corporate/3.0/SRPMS/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.src.rpm
 672b33503464c59bdda5025f1004ab0b  corporate/3.0/SRPMS/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.src.rpm

 Corporate 4.0:
 c7dbc8d2b1f4a7959cc8ba28b229512c  corporate/4.0/i586/apache-mod_perl-2.0.2-8.1.20060mlcs4.i586.rpm
 88e16a7e0755a3a1fe987f6f2c44336c  corporate/4.0/i586/apache-mod_perl-devel-2.0.2-8.1.20060mlcs4.i586.rpm 
 b540d29b6047b936c56df54fc112840a  corporate/4.0/SRPMS/apache-mod_perl-2.0.2-8.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 737b44aec85fe3177a10c95e42394f08  corporate/4.0/x86_64/apache-mod_perl-2.0.2-8.1.20060mlcs4.x86_64.rpm
 f0244a54e2366d511486a2b4a0243ccb  corporate/4.0/x86_64/apache-mod_perl-devel-2.0.2-8.1.20060mlcs4.x86_64.rpm 
 b540d29b6047b936c56df54fc112840a  corporate/4.0/SRPMS/apache-mod_perl-2.0.2-8.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGHRdnmqjQ0CJFipgRAmM3AJ0dCUFSNgHIopnkGxxq7QmSq14USACgzUh5
ZiE5MNK/HPOqatceHTXd/fk=
=VF/5
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ