lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1I0nSg-0004Z5-IB@artemis.annvix.ca>
Date: Tue, 19 Jun 2007 17:50:14 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:127 ] - Updated apache packages fix
	mod_mem_cache issue


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:127
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : apache
 Date    : June 19, 2007
 Affected: 2007.1
 _______________________________________________________________________
 
 Problem Description:
 
 The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
 properly copy all levels of header data, which can cause Apache to
 return HTTP headers containing previously-used data, which could be
 used to obtain potentially sensitive information by unauthorized users.
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 df215cfeb60037cfa93256a75127b65a  2007.1/i586/apache-base-2.2.4-6.1mdv2007.1.i586.rpm
 6cd861555039d06cd807b376b39650ad  2007.1/i586/apache-devel-2.2.4-6.1mdv2007.1.i586.rpm
 9479c5f3735db0cc7f9c66e7ccd1a206  2007.1/i586/apache-htcacheclean-2.2.4-6.1mdv2007.1.i586.rpm
 dc12e7ca2fd3733dcd3efb012acad4cc  2007.1/i586/apache-mod_authn_dbd-2.2.4-6.1mdv2007.1.i586.rpm
 4535f149502f37cab65aacebd7581471  2007.1/i586/apache-mod_cache-2.2.4-6.1mdv2007.1.i586.rpm
 5085f9e8d2aa6e38766efb4a9154d306  2007.1/i586/apache-mod_dav-2.2.4-6.1mdv2007.1.i586.rpm
 5ee61567d1288d16ed2307893554b1b7  2007.1/i586/apache-mod_dbd-2.2.4-6.1mdv2007.1.i586.rpm
 af13cd68fc98ffbc9e87cb0d65a5cd5b  2007.1/i586/apache-mod_deflate-2.2.4-6.1mdv2007.1.i586.rpm
 1e57f2992f30eb325896c5e8782ae2ea  2007.1/i586/apache-mod_disk_cache-2.2.4-6.1mdv2007.1.i586.rpm
 1c42fbe45621eaf9ac3feb6f49180340  2007.1/i586/apache-mod_file_cache-2.2.4-6.1mdv2007.1.i586.rpm
 84e50eb41ff1ceb96c967220073c245e  2007.1/i586/apache-mod_ldap-2.2.4-6.1mdv2007.1.i586.rpm
 d9180cbce5786167ea09c1ec95b6fc7d  2007.1/i586/apache-mod_mem_cache-2.2.4-6.1mdv2007.1.i586.rpm
 b4e17906ac249e5b02d31c7ec52cb49d  2007.1/i586/apache-mod_proxy-2.2.4-6.1mdv2007.1.i586.rpm
 dfb17e965b455ce2eac1c484364e1471  2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.1mdv2007.1.i586.rpm
 f9853d6370b283ef32279200770fd13b  2007.1/i586/apache-mod_ssl-2.2.4-6.1mdv2007.1.i586.rpm
 27b683c0dbc1ad12c05948d152b551ec  2007.1/i586/apache-mod_userdir-2.2.4-6.1mdv2007.1.i586.rpm
 6ecbb209db716ce8ae0f8668f132cf26  2007.1/i586/apache-modules-2.2.4-6.1mdv2007.1.i586.rpm
 5946ff0a4c99c9be909c4540cd971c76  2007.1/i586/apache-mpm-event-2.2.4-6.1mdv2007.1.i586.rpm
 bfc5894f8f209d4a3acc1b18ede81e4c  2007.1/i586/apache-mpm-itk-2.2.4-6.1mdv2007.1.i586.rpm
 c8a70a6a37ad584804399fd5af0b090c  2007.1/i586/apache-mpm-prefork-2.2.4-6.1mdv2007.1.i586.rpm
 b59dc391e2e9d696328497c9291784f4  2007.1/i586/apache-mpm-worker-2.2.4-6.1mdv2007.1.i586.rpm
 b05a56d0ab3ca75c55fd3f420a716c42  2007.1/i586/apache-source-2.2.4-6.1mdv2007.1.i586.rpm 
 24487530b467d8135e6ce36fc8cacb99  2007.1/SRPMS/apache-2.2.4-6.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 548305181ded6a4071662fdbbd610e0b  2007.1/x86_64/apache-base-2.2.4-6.1mdv2007.1.x86_64.rpm
 ec465046db3e57e2a06904816faa8e2d  2007.1/x86_64/apache-devel-2.2.4-6.1mdv2007.1.x86_64.rpm
 791eb1195bd01c52702e6310f032316e  2007.1/x86_64/apache-htcacheclean-2.2.4-6.1mdv2007.1.x86_64.rpm
 a0fe2302b171a519255687bf85601ddb  2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.1mdv2007.1.x86_64.rpm
 9c96d9f32465d62c4404061e4d0012d0  2007.1/x86_64/apache-mod_cache-2.2.4-6.1mdv2007.1.x86_64.rpm
 95884e90d15554745bf62c760101994b  2007.1/x86_64/apache-mod_dav-2.2.4-6.1mdv2007.1.x86_64.rpm
 7c152275d08a67fb28f4a975fc33c5b4  2007.1/x86_64/apache-mod_dbd-2.2.4-6.1mdv2007.1.x86_64.rpm
 490d50a3dc85cffef3a433138620f9c2  2007.1/x86_64/apache-mod_deflate-2.2.4-6.1mdv2007.1.x86_64.rpm
 c9a3cc01541535f9bbd02efdd433e81b  2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.1mdv2007.1.x86_64.rpm
 4e11d73fe34c4686a9e3c7ef2558097e  2007.1/x86_64/apache-mod_file_cache-2.2.4-6.1mdv2007.1.x86_64.rpm
 b38388ee91ccbdd853c57619e5320e77  2007.1/x86_64/apache-mod_ldap-2.2.4-6.1mdv2007.1.x86_64.rpm
 da76a4efd01613ef08521bcd5be12530  2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.1mdv2007.1.x86_64.rpm
 9d96a768da7e259fc11a0910eaef928b  2007.1/x86_64/apache-mod_proxy-2.2.4-6.1mdv2007.1.x86_64.rpm
 c4f13735ac30fc9f1b25c35c4c94a249  2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.1mdv2007.1.x86_64.rpm
 8ebbd94f20f1a128ea991b9ead983842  2007.1/x86_64/apache-mod_ssl-2.2.4-6.1mdv2007.1.x86_64.rpm
 245e8ce6f31412f7b42add83f0420f83  2007.1/x86_64/apache-mod_userdir-2.2.4-6.1mdv2007.1.x86_64.rpm
 45ab84161e1db80129d9ad240893e694  2007.1/x86_64/apache-modules-2.2.4-6.1mdv2007.1.x86_64.rpm
 5441fda9615d1fa5b222557ee721988a  2007.1/x86_64/apache-mpm-event-2.2.4-6.1mdv2007.1.x86_64.rpm
 dad68718c59d2634e5d5bfa492f46784  2007.1/x86_64/apache-mpm-itk-2.2.4-6.1mdv2007.1.x86_64.rpm
 59b064d4490d0996db8aeb1f25a3add9  2007.1/x86_64/apache-mpm-prefork-2.2.4-6.1mdv2007.1.x86_64.rpm
 e36d1a4b62f64c4a07027e4ec219e5c4  2007.1/x86_64/apache-mpm-worker-2.2.4-6.1mdv2007.1.x86_64.rpm
 bfc9e51db070106e3b0aaa90e7ab3afe  2007.1/x86_64/apache-source-2.2.4-6.1mdv2007.1.x86_64.rpm 
 24487530b467d8135e6ce36fc8cacb99  2007.1/SRPMS/apache-2.2.4-6.1mdv2007.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGeEF1mqjQ0CJFipgRAk70AKCVARB8sDsHXzyCteiUrQNB4C6HfACgsedy
uzvbMIjWDoMk04wQB/HLLmM=
=4Juv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ