| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Jan 2008 15:29:34 -0700 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2008:015 ] - Updated apache 2.0.x packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:015 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache Date : January 16, 2008 Affected: Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A number of vulnerabilities were found and fixed in the Apache 2.0.x packages: A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publically available (CVE-2007-5000). A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publically available (CVE-2007-6388). A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled (CVE-2008-0005). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 _______________________________________________________________________ Updated Packages: Corporate 3.0: e0fabb0a832dc1204854ed23627c9071 corporate/3.0/i586/apache2-2.0.48-6.17.C30mdk.i586.rpm 2d99e3d8fcd7056dd0233dbc147e37e7 corporate/3.0/i586/apache2-common-2.0.48-6.17.C30mdk.i586.rpm 7bf8862eb0fff56e54a5e90e9933679b corporate/3.0/i586/apache2-devel-2.0.48-6.17.C30mdk.i586.rpm 1297ae9bf0bba4b2783641ba6ac576ee corporate/3.0/i586/apache2-manual-2.0.48-6.17.C30mdk.i586.rpm 3a418eec92eca0b9770c8197a8f80f07 corporate/3.0/i586/apache2-mod_cache-2.0.48-6.17.C30mdk.i586.rpm 67f3a6a03a4726eb573c2155aaefdb76 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.17.C30mdk.i586.rpm 0b5cd07f4aa2ff89ed4c3fae36c5ca2b corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.17.C30mdk.i586.rpm 61b4e239c6cba376a4a62a52d7582158 corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.17.C30mdk.i586.rpm a6080f99a53ca66a9fcd56ee9ac09e21 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.17.C30mdk.i586.rpm 9652c8a568641754e49b971d79c8e52c corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.17.C30mdk.i586.rpm b3886d86008a0f46c9791d331938c11a corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.17.C30mdk.i586.rpm 3d1b7594ce0bee796de8d2937223f382 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.17.C30mdk.i586.rpm 3fd1abda5d04c8342288fd37fbbbd362 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.17.C30mdk.i586.rpm e8e643e3e779a8cc07399fb4ad1f6c15 corporate/3.0/i586/apache2-modules-2.0.48-6.17.C30mdk.i586.rpm e4b634876a9e7845ecf3679075c84ce1 corporate/3.0/i586/apache2-source-2.0.48-6.17.C30mdk.i586.rpm b3d0f3e54d76055f233caa5540a62036 corporate/3.0/i586/libapr0-2.0.48-6.17.C30mdk.i586.rpm 660176a97677746d6417ca0cf3351518 corporate/3.0/SRPMS/apache2-2.0.48-6.17.C30mdk.src.rpm Corporate 3.0/X86_64: e616f6ca90aaed6b7877c8e84ce61a6c corporate/3.0/x86_64/apache2-2.0.48-6.17.C30mdk.x86_64.rpm 9e5731c7d1635e92fdb026785a35e1fc corporate/3.0/x86_64/apache2-common-2.0.48-6.17.C30mdk.x86_64.rpm 3b7456191eb49e6aed0b239338890d50 corporate/3.0/x86_64/apache2-devel-2.0.48-6.17.C30mdk.x86_64.rpm ccfdfa7286c3be4e37b763eb8c56d9af corporate/3.0/x86_64/apache2-manual-2.0.48-6.17.C30mdk.x86_64.rpm 72ca899935c0b83b71e143d94cdc66f0 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.17.C30mdk.x86_64.rpm 5455176128af28271ceccac00947414b corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.17.C30mdk.x86_64.rpm f82082e4458ffdcf5f905af8da6fad68 corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.17.C30mdk.x86_64.rpm a76d5d5aa57817d48c244d1a19db386a corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.17.C30mdk.x86_64.rpm 38bff396839955a9b2a52679b8e9730f corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.17.C30mdk.x86_64.rpm 8064518036a784af67f787edfd38b429 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.17.C30mdk.x86_64.rpm 5d780cd9a1448870ef2fb712a87e3b18 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.17.C30mdk.x86_64.rpm 0eb257d14aa0b920f0b8fed66fcb0758 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.17.C30mdk.x86_64.rpm a04aa093320e9c2c3b0d288a442c5821 corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.17.C30mdk.x86_64.rpm 59b737044482d22b2299a32d6651fb8b corporate/3.0/x86_64/apache2-modules-2.0.48-6.17.C30mdk.x86_64.rpm 6745332fed3a6cd7cf6ec6a3ea2ab52e corporate/3.0/x86_64/apache2-source-2.0.48-6.17.C30mdk.x86_64.rpm 36a6313cf1bf1425e03d904a5f527831 corporate/3.0/x86_64/lib64apr0-2.0.48-6.17.C30mdk.x86_64.rpm 660176a97677746d6417ca0cf3351518 corporate/3.0/SRPMS/apache2-2.0.48-6.17.C30mdk.src.rpm Multi Network Firewall 2.0: 0d7296bc37c70931a79d5981c292b82f mnf/2.0/i586/apache2-2.0.48-6.17.M20mdk.i586.rpm e3db0e869074f6fbc15cbcdf66806c3e mnf/2.0/i586/apache2-common-2.0.48-6.17.M20mdk.i586.rpm 4a49046ee1c2e5bb3417783051caa28a mnf/2.0/i586/apache2-devel-2.0.48-6.17.M20mdk.i586.rpm 68838daa22fe4e47dd399d281e946b3f mnf/2.0/i586/apache2-manual-2.0.48-6.17.M20mdk.i586.rpm f51d2cc5178d9eb235681d0aeeea339c mnf/2.0/i586/apache2-mod_cache-2.0.48-6.17.M20mdk.i586.rpm e69c01851c2d17962479701d335f6d2a mnf/2.0/i586/apache2-mod_dav-2.0.48-6.17.M20mdk.i586.rpm 8294205320ee4047018adaacf79792f1 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.17.M20mdk.i586.rpm 66da17f8628f646f51b1f45a90eeb874 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.17.M20mdk.i586.rpm 631223e65b60be8067a7204e30ee5694 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.17.M20mdk.i586.rpm 8362b6016b1b2c6c3d6e4d6e450fec23 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.17.M20mdk.i586.rpm 44d23d4a8ba891c35b77c90a183df588 mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.17.M20mdk.i586.rpm 086599e69c35f1836d37a17086d28ec2 mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.17.M20mdk.i586.rpm 20edb85556832d8d50b9320a8ea5ae53 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.17.M20mdk.i586.rpm 4e3eff355f26f4c441ad176a661ef483 mnf/2.0/i586/apache2-modules-2.0.48-6.17.M20mdk.i586.rpm de7fb4b98c0ae60caaf9e77bc8e4edf8 mnf/2.0/i586/apache2-source-2.0.48-6.17.M20mdk.i586.rpm 35a34eeb8b961d7813286955ba593f76 mnf/2.0/i586/libapr0-2.0.48-6.17.M20mdk.i586.rpm 705f99d354c34a20a6dd66421316096e mnf/2.0/SRPMS/apache2-2.0.48-6.17.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHjloPmqjQ0CJFipgRAsbpAKCb8ORrZQhVKCr66fR0RkPWZ1og6gCdG4L1 /0us5LoRpUVY43LbjUwmweE= =HDyE -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists