| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 04 Jul 2007 21:56:57 -0600 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDKSA-2007:141 ] - Updated apache packages fix multiple security issues -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:141 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache Date : July 4, 2007 Affected: Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled (CVE-2006-5752). A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM (CVE-2007-1863). Updated packages have been patched to prevent the above issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 _______________________________________________________________________ Updated Packages: Corporate 3.0: 33b4ae40c9eedadc7ea05bbb79a8a023 corporate/3.0/i586/apache2-2.0.48-6.14.C30mdk.i586.rpm 0d2db18ac10c77ab4486c3b3f693b3c9 corporate/3.0/i586/apache2-common-2.0.48-6.14.C30mdk.i586.rpm 530dc14f5f5c28f0c41c28263be70c66 corporate/3.0/i586/apache2-devel-2.0.48-6.14.C30mdk.i586.rpm 23d8731286c81b5ef69e6c743d064751 corporate/3.0/i586/apache2-manual-2.0.48-6.14.C30mdk.i586.rpm fecdea1f465f55798f44dfb54f5d505d corporate/3.0/i586/apache2-mod_cache-2.0.48-6.14.C30mdk.i586.rpm 76b1905e2f629f6b7f44965157edc9f8 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.14.C30mdk.i586.rpm d444c58838c9b6bfb165f20e3947fa71 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.14.C30mdk.i586.rpm bbf3e12adee9e972716c6d9b3b00024a corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.14.C30mdk.i586.rpm 0a4de57e75712e4972cec7be5ea028c1 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.14.C30mdk.i586.rpm d3ad1ad4b8d2e6ac0326f319d22c4736 corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.14.C30mdk.i586.rpm 38c489f26dbc7fafb4fb7014310648f8 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.14.C30mdk.i586.rpm 84a4b113c4eb28004920fda04bf6e4c5 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.14.C30mdk.i586.rpm 39a8ff0956dd1087e14958ce141efaec corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.14.C30mdk.i586.rpm d240e12e5c70884a03d4a4e93c121678 corporate/3.0/i586/apache2-modules-2.0.48-6.14.C30mdk.i586.rpm 8df7637f83d086df49f35caa9efb823e corporate/3.0/i586/apache2-source-2.0.48-6.14.C30mdk.i586.rpm d27c0cc4ee311add44ab39386cda6327 corporate/3.0/i586/libapr0-2.0.48-6.14.C30mdk.i586.rpm 412819e938a35e65159856b6df26d0a3 corporate/3.0/SRPMS/apache2-2.0.48-6.14.C30mdk.src.rpm Corporate 3.0/X86_64: dfccabfd0496f8c43190e8a3fb8126c4 corporate/3.0/x86_64/apache2-2.0.48-6.14.C30mdk.x86_64.rpm 611a03bcb215fea9cdbcb9947e4c2fe5 corporate/3.0/x86_64/apache2-common-2.0.48-6.14.C30mdk.x86_64.rpm 5a0b8194418b87bb5c876689074dae73 corporate/3.0/x86_64/apache2-devel-2.0.48-6.14.C30mdk.x86_64.rpm 243acf8278d50e8aa3603ee66888bee5 corporate/3.0/x86_64/apache2-manual-2.0.48-6.14.C30mdk.x86_64.rpm 3c7e59abeaadf6e7b79625aa7c2a8feb corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.14.C30mdk.x86_64.rpm ea0051d179e89eb578784da0a06ba515 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.14.C30mdk.x86_64.rpm cedc742db5f95e6cfa514ca272a0beb8 corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.14.C30mdk.x86_64.rpm 52ea68be3a7d00bfcfb295bf7c838fd8 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.14.C30mdk.x86_64.rpm a34a7ef7a90245843abd29a901982458 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.14.C30mdk.x86_64.rpm ebf80868b29fbcec3cfe98f97c9c039a corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.14.C30mdk.x86_64.rpm 9498d52515df024b731c77e86ec8ca80 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.14.C30mdk.x86_64.rpm 4d2f6004a024770a542110ddb458d331 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.14.C30mdk.x86_64.rpm 0ba5b39fe791c256f1bcfc31f0283244 corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.14.C30mdk.x86_64.rpm da4637c7b4465764f4813d2c2aee33c2 corporate/3.0/x86_64/apache2-modules-2.0.48-6.14.C30mdk.x86_64.rpm 8404598ff3c49d98ba12067f32cce34c corporate/3.0/x86_64/apache2-source-2.0.48-6.14.C30mdk.x86_64.rpm 6fcf4bc783925e54682204f364bfd8ff corporate/3.0/x86_64/lib64apr0-2.0.48-6.14.C30mdk.x86_64.rpm 412819e938a35e65159856b6df26d0a3 corporate/3.0/SRPMS/apache2-2.0.48-6.14.C30mdk.src.rpm Multi Network Firewall 2.0: 3b66d4eaf4091aede0930ec9301064a0 mnf/2.0/i586/apache2-2.0.48-6.14.M20mdk.i586.rpm c94a8966ab3b67071429c14c1eb899f2 mnf/2.0/i586/apache2-common-2.0.48-6.14.M20mdk.i586.rpm dadac33ef4982ab11d5598997d4e4d1d mnf/2.0/i586/apache2-devel-2.0.48-6.14.M20mdk.i586.rpm 9dbe03b9bebae8ce4e4703e210e2c1fa mnf/2.0/i586/apache2-manual-2.0.48-6.14.M20mdk.i586.rpm 7c977a7a26bbeaafa3a799ebd0559ea5 mnf/2.0/i586/apache2-mod_cache-2.0.48-6.14.M20mdk.i586.rpm 2e47db770a1a974710d5dae1ca290936 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.14.M20mdk.i586.rpm e0319ec65d680b04fc0768dcb62e009c mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.14.M20mdk.i586.rpm 56487fcc42cf1213f629eb8e2c0166a8 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.14.M20mdk.i586.rpm f04b85763fe99b9a8675693540abbba9 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.14.M20mdk.i586.rpm d64c6bb4f71752fffcfea7fa6df6e9d5 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.14.M20mdk.i586.rpm 032d38f08b994e8056b7a45b41d6779b mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.14.M20mdk.i586.rpm 4daa1573e3b352ae0876ced8a816ddc1 mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.14.M20mdk.i586.rpm 68aa23dad66ad710e96750abab87c359 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.14.M20mdk.i586.rpm 95b0de0c80b432e4fe82e745408417e6 mnf/2.0/i586/apache2-modules-2.0.48-6.14.M20mdk.i586.rpm d80dca1b0b2a7870f3d65424342b8f1b mnf/2.0/i586/apache2-source-2.0.48-6.14.M20mdk.i586.rpm 4ef56c99d09113cb3139bf3b89b35d86 mnf/2.0/i586/libapr0-2.0.48-6.14.M20mdk.i586.rpm 542f190bea765d0d80dc660396078538 mnf/2.0/SRPMS/apache2-2.0.48-6.14.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGjEEPmqjQ0CJFipgRAuYaAJ49WMOSIRzYWAfA2I5MZqJ5UHOCiQCfWKIT MjP/AAbsJuhDQISFHH01wow= =xNXK -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists