lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1L8MTM-0000Jx-GJ@titan.mandriva.com>
Date: Thu, 04 Dec 2008 15:15:00 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:237 ] apache2


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:237
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : apache2
 Date    : December 4, 2008
 Affected: Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered in the mod_proxy module in Apache where
 it did not limit the number of forwarded interim responses, allowing
 remote HTTP servers to cause a denial of service (memory consumption)
 via a large number of interim responses (CVE-2008-2364).
 
 This update also provides HTTP/1.1 compliance fixes.
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
 _______________________________________________________________________

 Updated Packages:

 Corporate 3.0:
 532973a116bcdf63ed72042b819b59cc  corporate/3.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm
 e2913623f1876d02e426bbca997f3435  corporate/3.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm
 2e583f46edd8e83d8071e1912fbcced6  corporate/3.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm
 83b6d9adea62a2c186f2acfb7372a8f0  corporate/3.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm
 f797d9dd78f6a75328f3156f4d97de54  corporate/3.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm
 1e13b9cf9ed69f69f1700d89e7b0a625  corporate/3.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm
 eeacd8fa60a510fe23a949303aefa934  corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm
 12978be0a831fb2164e8663e0aa96c16  corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm
 ff7133c4d2f3a18d5ca86398b6a3b482  corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm
 de43091c378ef1b0a465f409d4198c7d  corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm
 2a884bf3c648fe6e45bd1858e7ac8fca  corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm
 435c1058b34b3e5603e8502315d3f1be  corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm
 5a54d1929057b311ab83863fcfc6785b  corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm
 37bb90e385c1571579d604120cd1c1d4  corporate/3.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm
 377a8d1250fb1276e0c52fe89b63775a  corporate/3.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm
 2c6db35de4997018b043181957072182  corporate/3.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm 
 30da5c4069b7b8ea5b3bb13734ca0058  corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 43cb9996c4ad55ead2a2bba2a618b939  corporate/3.0/x86_64/apache2-2.0.48-6.19.C30mdk.x86_64.rpm
 898f1420c5fe218c748281c238da9d00  corporate/3.0/x86_64/apache2-common-2.0.48-6.19.C30mdk.x86_64.rpm
 b7ca472734ea5776cfecf1dd2315f71d  corporate/3.0/x86_64/apache2-devel-2.0.48-6.19.C30mdk.x86_64.rpm
 8ebd24059163cd8f8e22eb0203682e41  corporate/3.0/x86_64/apache2-manual-2.0.48-6.19.C30mdk.x86_64.rpm
 ac6f64c5aabbf463be38023dfb2e30e0  corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.19.C30mdk.x86_64.rpm
 2e66000edd688d563645ecf526724899  corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.19.C30mdk.x86_64.rpm
 d82ba16ad19ebfbb412f033537fe7dfb  corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.19.C30mdk.x86_64.rpm
 e83174382435df2220f7563545543342  corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.x86_64.rpm
 af5d024a4cff0c216d0c02dcbe08ab83  corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.19.C30mdk.x86_64.rpm
 b6a74826d456381f9c3807d7cdaef8ff  corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.19.C30mdk.x86_64.rpm
 3e0c99c91a186db1650ab277fb266ddf  corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.x86_64.rpm
 5bcf1224653b851df20d07d6fbb248b6  corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.19.C30mdk.x86_64.rpm
 c07af351ea84b7d8a0b0de879c9aad2e  corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.19.C30mdk.x86_64.rpm
 fa40774c92468aa0080979674ff473c5  corporate/3.0/x86_64/apache2-modules-2.0.48-6.19.C30mdk.x86_64.rpm
 a387e498b01b876ee31066aa3a73970a  corporate/3.0/x86_64/apache2-source-2.0.48-6.19.C30mdk.x86_64.rpm
 659d44dc9615de5b556d35425d628bf7  corporate/3.0/x86_64/lib64apr0-2.0.48-6.19.C30mdk.x86_64.rpm 
 30da5c4069b7b8ea5b3bb13734ca0058  corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 93eef0301be074129e8c8f67381c09ad  mnf/2.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm
 0dd927e4efb8dc43f2168227d22c1407  mnf/2.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm
 366c8a236e33babca8447b3c3f926c83  mnf/2.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm
 73490cae06d07885512ff28fb24c1d6c  mnf/2.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm
 8bf01fed207bf8ae9c265be3d3f0e0f5  mnf/2.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm
 b06f622b9c96bfa10cdc4d2067e5826f  mnf/2.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm
 c5600da4764bcb84733c16034871ced1  mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm
 cccdb0578c7443e46154a8f64b78a86b  mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm
 67fb4bcf03bef82c78fb42ec3de85b55  mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm
 20cb9f0132cd5181f6cff7699373d488  mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm
 1f0f71765b82dd9086c99a2ec98ce458  mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm
 26d8d7db3f8a8ed9dd22add69cc908cd  mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm
 538e1d3b6eab0b6770de516d9c6e59e4  mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm
 82674d6c664adb4e9a8539703ee113d7  mnf/2.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm
 d1dc24f4698a7cef16c292ba19302ca1  mnf/2.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm
 b83a8c4eda842c3e358d16d22febbe80  mnf/2.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm 
 5ff603859246c39086f9b6ad300f97c6  mnf/2.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJOCuNmqjQ0CJFipgRAt+pAKDO9fruRTCR1580NTYdYmnky057aACdFVGo
NmJlapeQ2vPQcDIjsktx95s=
=5zLR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ