lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Ol2AK-0007sk-Pw@titan.mandriva.com>
Date: Mon, 16 Aug 2010 18:04:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:153 ] apache

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:153
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : apache
 Date    : August 16, 2010
 Affected: 2009.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in apache:
 
 The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x
 before 2.2.16 allow remote attackers to cause a denial of service
 (process crash) via a request that lacks a path (CVE-2010-1452).
 
 mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix,
 does not close the backend connection if a timeout occurs when reading
 a response from a persistent connection, which allows remote attackers
 to obtain a potentially sensitive response intended for a different
 client in opportunistic circumstances via a normal HTTP request.
 NOTE: this is the same issue as CVE-2010-2068, but for a different
 OS and set of affected versions (CVE-2010-2791).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2791
 http://httpd.apache.org/security/vulnerabilities_22.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 238de136ebd4ef12d69c2bc8a3e3d3be  2009.0/i586/apache-base-2.2.9-12.10mdv2009.0.i586.rpm
 141124279c0755c0299d59587f0eafeb  2009.0/i586/apache-devel-2.2.9-12.10mdv2009.0.i586.rpm
 05cf83c379680e3ed51340b42d084b54  2009.0/i586/apache-htcacheclean-2.2.9-12.10mdv2009.0.i586.rpm
 9e1f554bb3705dedaddba825f1b56403  2009.0/i586/apache-mod_authn_dbd-2.2.9-12.10mdv2009.0.i586.rpm
 9a3655c03604fcd04b4d1e0e34dedffc  2009.0/i586/apache-mod_cache-2.2.9-12.10mdv2009.0.i586.rpm
 0a92ae5396ef3bc58481964474fbbb19  2009.0/i586/apache-mod_dav-2.2.9-12.10mdv2009.0.i586.rpm
 63df221d5cf990cd347466419a8b0377  2009.0/i586/apache-mod_dbd-2.2.9-12.10mdv2009.0.i586.rpm
 1b2dbf225749350a9bb7dcdf20b92227  2009.0/i586/apache-mod_deflate-2.2.9-12.10mdv2009.0.i586.rpm
 5ecc8f17635dd7e7428292628daeda79  2009.0/i586/apache-mod_disk_cache-2.2.9-12.10mdv2009.0.i586.rpm
 8fab3607fe02e1564939f8c20f0d207b  2009.0/i586/apache-mod_file_cache-2.2.9-12.10mdv2009.0.i586.rpm
 88cd61a082b42899bda94777ab7e62aa  2009.0/i586/apache-mod_ldap-2.2.9-12.10mdv2009.0.i586.rpm
 1ff181c8481cda668fcb129052ab094c  2009.0/i586/apache-mod_mem_cache-2.2.9-12.10mdv2009.0.i586.rpm
 6eedc6c5d7727f408882a07d0408bbdd  2009.0/i586/apache-mod_proxy-2.2.9-12.10mdv2009.0.i586.rpm
 ba21753018cb8fb4aa4750e8fe77e022  2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.10mdv2009.0.i586.rpm
 2a90910cff8efc4dd4c61db469548bf5  2009.0/i586/apache-mod_ssl-2.2.9-12.10mdv2009.0.i586.rpm
 35e3bca53a5880a07b24ad72f6dd6d07  2009.0/i586/apache-modules-2.2.9-12.10mdv2009.0.i586.rpm
 62e5846e1811ba312d6bb8f049493788  2009.0/i586/apache-mod_userdir-2.2.9-12.10mdv2009.0.i586.rpm
 0f15da6722a641d7d5e5b911e8c0cece  2009.0/i586/apache-mpm-event-2.2.9-12.10mdv2009.0.i586.rpm
 9b9f2d505afcc686c7d7fd1fb80615f7  2009.0/i586/apache-mpm-itk-2.2.9-12.10mdv2009.0.i586.rpm
 d839ec4ccd71e89115f9f62cd6ceee36  2009.0/i586/apache-mpm-peruser-2.2.9-12.10mdv2009.0.i586.rpm
 e4ae2a88b622053fe3b319343fadaf1e  2009.0/i586/apache-mpm-prefork-2.2.9-12.10mdv2009.0.i586.rpm
 797172063095f4f48199e0f5c6df34df  2009.0/i586/apache-mpm-worker-2.2.9-12.10mdv2009.0.i586.rpm
 56a686181dec3713a922e2beb1b74515  2009.0/i586/apache-source-2.2.9-12.10mdv2009.0.i586.rpm 
 ffc80b53691b9200454d986e66728aa2  2009.0/SRPMS/apache-2.2.9-12.10mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 c578a6e9a29e81df145a388e8696e8f0  2009.0/x86_64/apache-base-2.2.9-12.10mdv2009.0.x86_64.rpm
 168df22318ae9ea5be0f265b9aaa486a  2009.0/x86_64/apache-devel-2.2.9-12.10mdv2009.0.x86_64.rpm
 3fd73c32becdc0c7ea67283c3a056e52  2009.0/x86_64/apache-htcacheclean-2.2.9-12.10mdv2009.0.x86_64.rpm
 875d0e01dd140f65da24a14eb57ae484  2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.10mdv2009.0.x86_64.rpm
 3247dcd354558d0fe035feda4416c8a0  2009.0/x86_64/apache-mod_cache-2.2.9-12.10mdv2009.0.x86_64.rpm
 101c210907cd0e5d289081d80f83892e  2009.0/x86_64/apache-mod_dav-2.2.9-12.10mdv2009.0.x86_64.rpm
 10b7a5d979b99bcbf38fdbe0e036a1cf  2009.0/x86_64/apache-mod_dbd-2.2.9-12.10mdv2009.0.x86_64.rpm
 82c0a9a58e60d6018447052ad22b4507  2009.0/x86_64/apache-mod_deflate-2.2.9-12.10mdv2009.0.x86_64.rpm
 fae88ae076de0bc2528f6b01f96c0608  2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.10mdv2009.0.x86_64.rpm
 a506f22a169f2de5a2705eeb6742fc69  2009.0/x86_64/apache-mod_file_cache-2.2.9-12.10mdv2009.0.x86_64.rpm
 069155f234c22f55c30d20bda33dd40a  2009.0/x86_64/apache-mod_ldap-2.2.9-12.10mdv2009.0.x86_64.rpm
 c4a56e07aabaac67a5fb491b72cbdd5e  2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.10mdv2009.0.x86_64.rpm
 842ce796a5ce358267588e62dc6c1d84  2009.0/x86_64/apache-mod_proxy-2.2.9-12.10mdv2009.0.x86_64.rpm
 de2dfcf5017e07456237ebaebb94b63a  2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.10mdv2009.0.x86_64.rpm
 e7424124fd455d338fe7807085a465f8  2009.0/x86_64/apache-mod_ssl-2.2.9-12.10mdv2009.0.x86_64.rpm
 cc51ff1bc2bb86fa375c64a83cbe5669  2009.0/x86_64/apache-modules-2.2.9-12.10mdv2009.0.x86_64.rpm
 bd9169da6ee818841c99f893d97758ab  2009.0/x86_64/apache-mod_userdir-2.2.9-12.10mdv2009.0.x86_64.rpm
 d786b5b3e993f6b762984939a59188ac  2009.0/x86_64/apache-mpm-event-2.2.9-12.10mdv2009.0.x86_64.rpm
 3663a04f5b3bece171140300beca60a6  2009.0/x86_64/apache-mpm-itk-2.2.9-12.10mdv2009.0.x86_64.rpm
 1893fd3799e3914f79b4e99435f7f28d  2009.0/x86_64/apache-mpm-peruser-2.2.9-12.10mdv2009.0.x86_64.rpm
 08cf47881f23b2f6423c7c0243369468  2009.0/x86_64/apache-mpm-prefork-2.2.9-12.10mdv2009.0.x86_64.rpm
 b79fc5815401552c1ee4dd411ea60e9e  2009.0/x86_64/apache-mpm-worker-2.2.9-12.10mdv2009.0.x86_64.rpm
 d03ac2690298a61b630ec151fef1110b  2009.0/x86_64/apache-source-2.2.9-12.10mdv2009.0.x86_64.rpm 
 ffc80b53691b9200454d986e66728aa2  2009.0/SRPMS/apache-2.2.9-12.10mdv2009.0.src.rpm

 Mandriva Enterprise Server 5:
 cae43472379d49f78134e2058709677a  mes5/i586/apache-base-2.2.9-12.10mdvmes5.1.i586.rpm
 a71d55063dc1c638e2dfeed6379405e7  mes5/i586/apache-devel-2.2.9-12.10mdvmes5.1.i586.rpm
 96c5a3f3408f16608e4aa0eae921eadc  mes5/i586/apache-htcacheclean-2.2.9-12.10mdvmes5.1.i586.rpm
 d91c5806b0647c7de4a7ae5a7acb5901  mes5/i586/apache-mod_authn_dbd-2.2.9-12.10mdvmes5.1.i586.rpm
 51709df2ae1d1bbbb80161d17823ed54  mes5/i586/apache-mod_cache-2.2.9-12.10mdvmes5.1.i586.rpm
 76d66f1632147a1db2a66ec8449676a7  mes5/i586/apache-mod_dav-2.2.9-12.10mdvmes5.1.i586.rpm
 c8fc9d26366cf23cb4e02e0ba7c40ab1  mes5/i586/apache-mod_dbd-2.2.9-12.10mdvmes5.1.i586.rpm
 f407cb9d289d4df8f395b7469221af83  mes5/i586/apache-mod_deflate-2.2.9-12.10mdvmes5.1.i586.rpm
 870246ffc86e5453bebc0adeff740f23  mes5/i586/apache-mod_disk_cache-2.2.9-12.10mdvmes5.1.i586.rpm
 c373b7252a58575f8b100cc9a77897d6  mes5/i586/apache-mod_file_cache-2.2.9-12.10mdvmes5.1.i586.rpm
 72b7c2d21a4aa038d384bb15f1171acd  mes5/i586/apache-mod_ldap-2.2.9-12.10mdvmes5.1.i586.rpm
 7c4d510bdaa58bb13b4281283462d4e8  mes5/i586/apache-mod_mem_cache-2.2.9-12.10mdvmes5.1.i586.rpm
 e88f86183f1edab93caf98a98496237d  mes5/i586/apache-mod_proxy-2.2.9-12.10mdvmes5.1.i586.rpm
 5c6f9547a6ff4faad90cf8f4fa6ad841  mes5/i586/apache-mod_proxy_ajp-2.2.9-12.10mdvmes5.1.i586.rpm
 ebb11a941f84db7fbc28ce274f9e8ba6  mes5/i586/apache-mod_ssl-2.2.9-12.10mdvmes5.1.i586.rpm
 9854699e46d9dfdfcabc5cd034c00b96  mes5/i586/apache-modules-2.2.9-12.10mdvmes5.1.i586.rpm
 51323be198089431321036224db67d03  mes5/i586/apache-mod_userdir-2.2.9-12.10mdvmes5.1.i586.rpm
 c046c955c1c506c03197d392df79c748  mes5/i586/apache-mpm-event-2.2.9-12.10mdvmes5.1.i586.rpm
 704649a20a5017f880eb36f2759fa835  mes5/i586/apache-mpm-itk-2.2.9-12.10mdvmes5.1.i586.rpm
 91003a47a1b7a5be432db522d40c00f8  mes5/i586/apache-mpm-peruser-2.2.9-12.10mdvmes5.1.i586.rpm
 adb996091556269761169421570ca809  mes5/i586/apache-mpm-prefork-2.2.9-12.10mdvmes5.1.i586.rpm
 28d84353ee16bb7945fcfcf8cafd8c66  mes5/i586/apache-mpm-worker-2.2.9-12.10mdvmes5.1.i586.rpm
 f4ebb8202d84b91e93c79f65188ca23e  mes5/i586/apache-source-2.2.9-12.10mdvmes5.1.i586.rpm 
 da98e1bb9ad5504b54849dc44dd0c405  mes5/SRPMS/apache-2.2.9-12.10mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 94082a462cbbedc8c26aab5b6573bf82  mes5/x86_64/apache-base-2.2.9-12.10mdvmes5.1.x86_64.rpm
 315b539457792bc6e30b59564d6c1aa5  mes5/x86_64/apache-devel-2.2.9-12.10mdvmes5.1.x86_64.rpm
 defdf4efb19dfbd2efe8f799957dba00  mes5/x86_64/apache-htcacheclean-2.2.9-12.10mdvmes5.1.x86_64.rpm
 46b8507c6df22032fb25df9f1057d473  mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.10mdvmes5.1.x86_64.rpm
 08732297da7d96414a6e66d0b5fe4f72  mes5/x86_64/apache-mod_cache-2.2.9-12.10mdvmes5.1.x86_64.rpm
 6d059d9fc62ec59c93afb20fe2b1e134  mes5/x86_64/apache-mod_dav-2.2.9-12.10mdvmes5.1.x86_64.rpm
 7a6a0e7b8086db5bfde394f0bbff7299  mes5/x86_64/apache-mod_dbd-2.2.9-12.10mdvmes5.1.x86_64.rpm
 8977f6e2b5b6bb21f456752a215019b0  mes5/x86_64/apache-mod_deflate-2.2.9-12.10mdvmes5.1.x86_64.rpm
 a642f9d74eed23992905d4ca26570b1a  mes5/x86_64/apache-mod_disk_cache-2.2.9-12.10mdvmes5.1.x86_64.rpm
 6c583416f58264f0e6be8a8dfd426715  mes5/x86_64/apache-mod_file_cache-2.2.9-12.10mdvmes5.1.x86_64.rpm
 40092f4dd75fdb25506c136c6ae1cd87  mes5/x86_64/apache-mod_ldap-2.2.9-12.10mdvmes5.1.x86_64.rpm
 c4323601dc144cb51e024cf178dfe414  mes5/x86_64/apache-mod_mem_cache-2.2.9-12.10mdvmes5.1.x86_64.rpm
 584fff4d5eb4b4c55da1d298468fab68  mes5/x86_64/apache-mod_proxy-2.2.9-12.10mdvmes5.1.x86_64.rpm
 cd69b1c53233a546f26ac1a06a56b76f  mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.10mdvmes5.1.x86_64.rpm
 68d9fcdd47f4767dfb4e58f210c31d97  mes5/x86_64/apache-mod_ssl-2.2.9-12.10mdvmes5.1.x86_64.rpm
 86c8a0a66627ad73123a7a8f19442c08  mes5/x86_64/apache-modules-2.2.9-12.10mdvmes5.1.x86_64.rpm
 de0d632919fc6edfd091f3b1871c0ca9  mes5/x86_64/apache-mod_userdir-2.2.9-12.10mdvmes5.1.x86_64.rpm
 0e4d84870327be57163579b66c3ac104  mes5/x86_64/apache-mpm-event-2.2.9-12.10mdvmes5.1.x86_64.rpm
 0959bfed96992d16c58f9ee22c04af07  mes5/x86_64/apache-mpm-itk-2.2.9-12.10mdvmes5.1.x86_64.rpm
 43eb9f6c352bbbe049628bbd41756b9b  mes5/x86_64/apache-mpm-peruser-2.2.9-12.10mdvmes5.1.x86_64.rpm
 919a363ca56831f04f2e622cc1a192f3  mes5/x86_64/apache-mpm-prefork-2.2.9-12.10mdvmes5.1.x86_64.rpm
 ec1d3e1ae8c2bc3e547fd8f095fcfe23  mes5/x86_64/apache-mpm-worker-2.2.9-12.10mdvmes5.1.x86_64.rpm
 7637fb712b7b08cffda967a66c3c47aa  mes5/x86_64/apache-source-2.2.9-12.10mdvmes5.1.x86_64.rpm 
 da98e1bb9ad5504b54849dc44dd0c405  mes5/SRPMS/apache-2.2.9-12.10mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMaTSHmqjQ0CJFipgRAtoCAJ9BGN6CAncvlMzNDaRADUpkjPp7uACg7Mpx
rElFxWU84znmOrOERj6iHh8=
=oTXe
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ