lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1KecpZ-0000Lo-Cj@titan.mandriva.com>
Date: Sat, 13 Sep 2008 15:39:01 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:194 ] apache2


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:194
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : apache2
 Date    : September 13, 2008
 Affected: Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A cross-site scripting vulnerability was found in the mod_proxy_ftp
 module in Apache that allowed remote attackers to inject arbitrary
 web script or HTML via wildcards in a pathname in an FTP URI
 (CVE-2008-2939).
 
 The updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
 _______________________________________________________________________

 Updated Packages:

 Corporate 3.0:
 cb99d8d30c755c2263624e64a238c97b  corporate/3.0/i586/apache2-2.0.48-6.18.C30mdk.i586.rpm
 0a6626ff589e99899aea1cb6ba2bb568  corporate/3.0/i586/apache2-common-2.0.48-6.18.C30mdk.i586.rpm
 e1a2c5e55038bb1aacf3cef6bbb8fab0  corporate/3.0/i586/apache2-devel-2.0.48-6.18.C30mdk.i586.rpm
 b2d0e0bc451473385825fc2388026ae4  corporate/3.0/i586/apache2-manual-2.0.48-6.18.C30mdk.i586.rpm
 d78741b6fcab8f07976960b105e02bfe  corporate/3.0/i586/apache2-mod_cache-2.0.48-6.18.C30mdk.i586.rpm
 290b0f2bca9765f895cdb3a876b122eb  corporate/3.0/i586/apache2-mod_dav-2.0.48-6.18.C30mdk.i586.rpm
 62565a3e6a93e65aad4d51806a457ed0  corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.18.C30mdk.i586.rpm
 e33734d21a417e096b80134a228a8907  corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.i586.rpm
 14841928e53e8f2133d26707f073cf5a  corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.18.C30mdk.i586.rpm
 695859dc62af2282917471ba5564efd5  corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.18.C30mdk.i586.rpm
 8e0f0388b7e995a622b0b1c055d20167  corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.i586.rpm
 f798de71bbc16988699156be21fb22cc  corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.18.C30mdk.i586.rpm
 90d80910a1dad80b21f76234983c4648  corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.18.C30mdk.i586.rpm
 b294270cd780a9908db877daeaab7fd0  corporate/3.0/i586/apache2-modules-2.0.48-6.18.C30mdk.i586.rpm
 16f0e826993f524fb0e14744513cd6bd  corporate/3.0/i586/apache2-source-2.0.48-6.18.C30mdk.i586.rpm
 7d2e73a5d629b9c8ca467303dc35c041  corporate/3.0/i586/libapr0-2.0.48-6.18.C30mdk.i586.rpm 
 0e474bcf2388dfa4e9b8eec44af8613a  corporate/3.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 839d73dc124b3effbc26badb04390bd5  corporate/3.0/x86_64/apache2-2.0.48-6.18.C30mdk.x86_64.rpm
 b68fc8aad0b43452f922833f0195b080  corporate/3.0/x86_64/apache2-common-2.0.48-6.18.C30mdk.x86_64.rpm
 74a1af859a3251b4c3a2922367516c1f  corporate/3.0/x86_64/apache2-devel-2.0.48-6.18.C30mdk.x86_64.rpm
 4e15a214cfc255906f417af5d51f269a  corporate/3.0/x86_64/apache2-manual-2.0.48-6.18.C30mdk.x86_64.rpm
 0fe9472b70e6dd39fc737f88d887fe00  corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.18.C30mdk.x86_64.rpm
 24517b150a1de83c3b83166a1956c7ab  corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.18.C30mdk.x86_64.rpm
 a6e7688aa8659163a7931a85fc431cdf  corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.18.C30mdk.x86_64.rpm
 85bd4c5ecce52d0de6a36dd8614c4f26  corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.x86_64.rpm
 b642855a2edf425463a70cfc5c529114  corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.18.C30mdk.x86_64.rpm
 5efb348be022e755dc3b96c35e918b7d  corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.18.C30mdk.x86_64.rpm
 def1cb6a2ee3f4341dd39fd1d007f882  corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.x86_64.rpm
 fcfd2805b8db60cb457b3c895777a916  corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.18.C30mdk.x86_64.rpm
 073d91c0d9777658e962014440701ef6  corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.18.C30mdk.x86_64.rpm
 ee0bf865aee32c3b1f8eff7d0096e475  corporate/3.0/x86_64/apache2-modules-2.0.48-6.18.C30mdk.x86_64.rpm
 6733a938a7d2db502fc06db65743ddc3  corporate/3.0/x86_64/apache2-source-2.0.48-6.18.C30mdk.x86_64.rpm
 2b7d2fb2c34fefafff86bde620eca69d  corporate/3.0/x86_64/lib64apr0-2.0.48-6.18.C30mdk.x86_64.rpm 
 0e474bcf2388dfa4e9b8eec44af8613a  corporate/3.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 0767fe397bd9e35301bbb89c38f670ce  mnf/2.0/i586/apache2-2.0.48-6.18.C30mdk.i586.rpm
 738b0e7514d1e69cc01bc4ebfc191b6f  mnf/2.0/i586/apache2-common-2.0.48-6.18.C30mdk.i586.rpm
 ddff71afd9d60987ec952f411c017a3a  mnf/2.0/i586/apache2-devel-2.0.48-6.18.C30mdk.i586.rpm
 2d22c245ef43e13e7fdc62e91a43dc6c  mnf/2.0/i586/apache2-manual-2.0.48-6.18.C30mdk.i586.rpm
 0d2484f67a8524c40ce8c747bf5902db  mnf/2.0/i586/apache2-mod_cache-2.0.48-6.18.C30mdk.i586.rpm
 c355dabc05d922129aa7af76fc6fa350  mnf/2.0/i586/apache2-mod_dav-2.0.48-6.18.C30mdk.i586.rpm
 624a8f0e66f8536c31d1dda8e48bc790  mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.18.C30mdk.i586.rpm
 8e8e3da47f17ead30794a37b64e0018a  mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.i586.rpm
 66c58438edb5928ce3cddcab4f870fdd  mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.18.C30mdk.i586.rpm
 1c3738bd489905b7e9cea22af4693ab9  mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.18.C30mdk.i586.rpm
 7d49a07cfa1f06297e64fd60e640c3af  mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.i586.rpm
 4d4123c3751e6ad0a87b9a7e4683b34e  mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.18.C30mdk.i586.rpm
 740418f2f1a03bb5588603a2fb3f72db  mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.18.C30mdk.i586.rpm
 33cd3e8bdab33eeb9a8bc1d5dcf87831  mnf/2.0/i586/apache2-modules-2.0.48-6.18.C30mdk.i586.rpm
 adad509aeb921896619eff3208e62ca8  mnf/2.0/i586/apache2-source-2.0.48-6.18.C30mdk.i586.rpm
 a9703ad89a3b53677ccc2c4f90aae9bf  mnf/2.0/i586/libapr0-2.0.48-6.18.C30mdk.i586.rpm 
 3e93f31336660bfc08664cb01436559d  mnf/2.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIzAh9mqjQ0CJFipgRAvjBAJ9W89EjJMDlaapWkHsLCSFdT2NMJwCfV5u+
5FopksLe1/tYWDe+lrD0sPY=
=SZ7O
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ