lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1P291t-0005l2-75@titan.mandriva.com>
Date: Sat, 02 Oct 2010 22:50:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:192 ] apr-util

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:192
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : apr-util
 Date    : October 2, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A denial of service attack against apr_brigade_split_line() was
 discovered in apr-util (CVE-2010-1623).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623
 http://svn.apache.org/viewvc?view=revision&revision=1003494
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 0f0a7a89ae55aadde220ec2addb62ecb  2008.0/i586/apr-util-dbd-mysql-1.2.10-1.2mdv2008.0.i586.rpm
 95338fe510f971933c3c8073727ce618  2008.0/i586/apr-util-dbd-pgsql-1.2.10-1.2mdv2008.0.i586.rpm
 3b116b31712e8cb25843e5a5fe82bcfc  2008.0/i586/apr-util-dbd-sqlite3-1.2.10-1.2mdv2008.0.i586.rpm
 37703fb6b512baf59b795530a34e2db0  2008.0/i586/libapr-util1-1.2.10-1.2mdv2008.0.i586.rpm
 0c6d489de4654e52abcac77bf2525497  2008.0/i586/libapr-util-devel-1.2.10-1.2mdv2008.0.i586.rpm 
 31f565a4c7e40d22de0d19f6fe27947f  2008.0/SRPMS/apr-util-1.2.10-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 14b4f0ee8d6aa175fa9e31ea2e636644  2008.0/x86_64/apr-util-dbd-mysql-1.2.10-1.2mdv2008.0.x86_64.rpm
 340d47ec560aa3c3c46c26ce4ccf7b80  2008.0/x86_64/apr-util-dbd-pgsql-1.2.10-1.2mdv2008.0.x86_64.rpm
 e5cb7c43589ac3e3cef57c32ed4b48f0  2008.0/x86_64/apr-util-dbd-sqlite3-1.2.10-1.2mdv2008.0.x86_64.rpm
 c049cdabacbbafb05fd775f8c8a4c4f0  2008.0/x86_64/lib64apr-util1-1.2.10-1.2mdv2008.0.x86_64.rpm
 fca193ff0018c87be501b7f1cc17f4a0  2008.0/x86_64/lib64apr-util-devel-1.2.10-1.2mdv2008.0.x86_64.rpm 
 31f565a4c7e40d22de0d19f6fe27947f  2008.0/SRPMS/apr-util-1.2.10-1.2mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 0f656cdddd156450885327bc1ebe8a3d  2009.0/i586/apr-util-dbd-freetds-1.3.4-2.4mdv2009.0.i586.rpm
 0b27531d8603ef0046d1ecbd52bd066b  2009.0/i586/apr-util-dbd-ldap-1.3.4-2.4mdv2009.0.i586.rpm
 b953deb329e282e9581e7e313c07ed76  2009.0/i586/apr-util-dbd-mysql-1.3.4-2.4mdv2009.0.i586.rpm
 447213e5c8f79056ea4feb876100dd8a  2009.0/i586/apr-util-dbd-odbc-1.3.4-2.4mdv2009.0.i586.rpm
 859195910511e75007717a8215a2867d  2009.0/i586/apr-util-dbd-pgsql-1.3.4-2.4mdv2009.0.i586.rpm
 a30f411ba441c03f211897409056cfec  2009.0/i586/apr-util-dbd-sqlite3-1.3.4-2.4mdv2009.0.i586.rpm
 bc7042e923c2417424916b4af22cc011  2009.0/i586/libapr-util1-1.3.4-2.4mdv2009.0.i586.rpm
 cce9d4fa39e9ea354e40dbbab9bf8556  2009.0/i586/libapr-util-devel-1.3.4-2.4mdv2009.0.i586.rpm 
 3aff05faba17156c0c2891c840994afb  2009.0/SRPMS/apr-util-1.3.4-2.4mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 b5584a5d68829432416dd72637614313  2009.0/x86_64/apr-util-dbd-freetds-1.3.4-2.4mdv2009.0.x86_64.rpm
 7512a01982585a0c13a1900d0fb5cfd0  2009.0/x86_64/apr-util-dbd-ldap-1.3.4-2.4mdv2009.0.x86_64.rpm
 ce1b43cee0adea7473e35dd7bb7a8a80  2009.0/x86_64/apr-util-dbd-mysql-1.3.4-2.4mdv2009.0.x86_64.rpm
 c669db3ca0188ff08e6d960d7caecfa6  2009.0/x86_64/apr-util-dbd-odbc-1.3.4-2.4mdv2009.0.x86_64.rpm
 2dbd14c6c46263100ceb452fff4a4703  2009.0/x86_64/apr-util-dbd-pgsql-1.3.4-2.4mdv2009.0.x86_64.rpm
 2b054ec7c879389f507f99d41a1fa55b  2009.0/x86_64/apr-util-dbd-sqlite3-1.3.4-2.4mdv2009.0.x86_64.rpm
 2824b2b491da4991aecef5fd9b7fa68e  2009.0/x86_64/lib64apr-util1-1.3.4-2.4mdv2009.0.x86_64.rpm
 776f7bd8add07ed6c441a4c79c693bcf  2009.0/x86_64/lib64apr-util-devel-1.3.4-2.4mdv2009.0.x86_64.rpm 
 3aff05faba17156c0c2891c840994afb  2009.0/SRPMS/apr-util-1.3.4-2.4mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 001d390f4321be10b4939425b44dec6c  2009.1/i586/apr-util-dbd-freetds-1.3.4-9.3mdv2009.1.i586.rpm
 6e0a9f8d9ce14618ab4f50100af1facf  2009.1/i586/apr-util-dbd-ldap-1.3.4-9.3mdv2009.1.i586.rpm
 9360685a7758c51c691b800ec3426a40  2009.1/i586/apr-util-dbd-mysql-1.3.4-9.3mdv2009.1.i586.rpm
 c81ae900616ce0d7c94f455347e7d6c4  2009.1/i586/apr-util-dbd-odbc-1.3.4-9.3mdv2009.1.i586.rpm
 e891e8f91ce6b5a97b75747978051f65  2009.1/i586/apr-util-dbd-pgsql-1.3.4-9.3mdv2009.1.i586.rpm
 743e80845e68b75df6c73f1fe6c9894f  2009.1/i586/apr-util-dbd-sqlite3-1.3.4-9.3mdv2009.1.i586.rpm
 fce72f37686e7a70cb98d76f471fd2cd  2009.1/i586/libapr-util1-1.3.4-9.3mdv2009.1.i586.rpm
 4a610df132d46c8599bab182dd61665c  2009.1/i586/libapr-util-devel-1.3.4-9.3mdv2009.1.i586.rpm 
 5d4de61925e94c72108f3c26fdd36bd3  2009.1/SRPMS/apr-util-1.3.4-9.3mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 119da8132add44a7541ad668b28ce4d8  2009.1/x86_64/apr-util-dbd-freetds-1.3.4-9.3mdv2009.1.x86_64.rpm
 422cb11ac2c100b11dd2897668816567  2009.1/x86_64/apr-util-dbd-ldap-1.3.4-9.3mdv2009.1.x86_64.rpm
 ec451e6c20a3a3c0f3c7e9f5e9aa502e  2009.1/x86_64/apr-util-dbd-mysql-1.3.4-9.3mdv2009.1.x86_64.rpm
 fc72b14950c52fd5a7056995d259bfc2  2009.1/x86_64/apr-util-dbd-odbc-1.3.4-9.3mdv2009.1.x86_64.rpm
 278986ccd687de4b2c08337364dd497d  2009.1/x86_64/apr-util-dbd-pgsql-1.3.4-9.3mdv2009.1.x86_64.rpm
 b57deb5f7f6e4610241e065e17b06c1d  2009.1/x86_64/apr-util-dbd-sqlite3-1.3.4-9.3mdv2009.1.x86_64.rpm
 b714a6dcb61dd9dc89042c198f34af21  2009.1/x86_64/lib64apr-util1-1.3.4-9.3mdv2009.1.x86_64.rpm
 01b9bf2eeb3a78ce738ac791a3089f03  2009.1/x86_64/lib64apr-util-devel-1.3.4-9.3mdv2009.1.x86_64.rpm 
 5d4de61925e94c72108f3c26fdd36bd3  2009.1/SRPMS/apr-util-1.3.4-9.3mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 7104f899bcc0d33436a8c916d469950f  2010.0/i586/apr-util-dbd-freetds-1.3.9-1.1mdv2010.0.i586.rpm
 cbfba9e9fe72e3534b8a80d3609ddc4c  2010.0/i586/apr-util-dbd-ldap-1.3.9-1.1mdv2010.0.i586.rpm
 eefc82df01c75c8dd213a565dc1ca07e  2010.0/i586/apr-util-dbd-mysql-1.3.9-1.1mdv2010.0.i586.rpm
 7683f369d6978a0655cec399218fac7c  2010.0/i586/apr-util-dbd-odbc-1.3.9-1.1mdv2010.0.i586.rpm
 35c21ae63429aae906c61b1075cb87b5  2010.0/i586/apr-util-dbd-pgsql-1.3.9-1.1mdv2010.0.i586.rpm
 124086ec608347efd1a3d21fcb05a2a9  2010.0/i586/apr-util-dbd-sqlite3-1.3.9-1.1mdv2010.0.i586.rpm
 2ed8516ac72d308629bc66614a067640  2010.0/i586/apr-util-dbm-db-1.3.9-1.1mdv2010.0.i586.rpm
 ce89f9af479706258a09ca920570a23b  2010.0/i586/libapr-util1-1.3.9-1.1mdv2010.0.i586.rpm
 6ce488984efbeffa3ee59d13b8a163ee  2010.0/i586/libapr-util-devel-1.3.9-1.1mdv2010.0.i586.rpm 
 4d89f78015a68e376ffb468d9a1e5a3b  2010.0/SRPMS/apr-util-1.3.9-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 6ef2f004c07e8c85750eaba0249c17dc  2010.0/x86_64/apr-util-dbd-freetds-1.3.9-1.1mdv2010.0.x86_64.rpm
 78efec7bd1638218c39fb77f6461699c  2010.0/x86_64/apr-util-dbd-ldap-1.3.9-1.1mdv2010.0.x86_64.rpm
 4a9af9f05c7ae8fdcc33e2a234132386  2010.0/x86_64/apr-util-dbd-mysql-1.3.9-1.1mdv2010.0.x86_64.rpm
 5000249ae003a1c960c82ee956708525  2010.0/x86_64/apr-util-dbd-odbc-1.3.9-1.1mdv2010.0.x86_64.rpm
 a94630ddf4a6ddac834a10fb2adcf7f4  2010.0/x86_64/apr-util-dbd-pgsql-1.3.9-1.1mdv2010.0.x86_64.rpm
 9beb8d95b2255c339f04e1375274d671  2010.0/x86_64/apr-util-dbd-sqlite3-1.3.9-1.1mdv2010.0.x86_64.rpm
 921a170766b859c3e03f571c716fb8d8  2010.0/x86_64/apr-util-dbm-db-1.3.9-1.1mdv2010.0.x86_64.rpm
 8431b937315bcb9ae31186c304fc7728  2010.0/x86_64/lib64apr-util1-1.3.9-1.1mdv2010.0.x86_64.rpm
 68766b794688d7778689559bbf561440  2010.0/x86_64/lib64apr-util-devel-1.3.9-1.1mdv2010.0.x86_64.rpm 
 4d89f78015a68e376ffb468d9a1e5a3b  2010.0/SRPMS/apr-util-1.3.9-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 c1f6da21eceff9f12ce9e5fdbc139e2c  2010.1/i586/apr-util-dbd-freetds-1.3.9-3.1mdv2010.1.i586.rpm
 02448a005cab83d33dc1caa5acb09354  2010.1/i586/apr-util-dbd-ldap-1.3.9-3.1mdv2010.1.i586.rpm
 ac43c4ba22c1bb989b8472099acc72bc  2010.1/i586/apr-util-dbd-mysql-1.3.9-3.1mdv2010.1.i586.rpm
 43357c5c03ba2087262f89c18345c0ce  2010.1/i586/apr-util-dbd-odbc-1.3.9-3.1mdv2010.1.i586.rpm
 e9446e8917d7534c5b9e8940244ea67a  2010.1/i586/apr-util-dbd-pgsql-1.3.9-3.1mdv2010.1.i586.rpm
 e4b9edb06489f316c72932d3a995a4bb  2010.1/i586/apr-util-dbd-sqlite3-1.3.9-3.1mdv2010.1.i586.rpm
 1a55fe7dc1a04f59af8ea2e71faa97de  2010.1/i586/apr-util-dbm-db-1.3.9-3.1mdv2010.1.i586.rpm
 eba84956ada0732d44d90d77a611bfc4  2010.1/i586/libapr-util1-1.3.9-3.1mdv2010.1.i586.rpm
 3b00ce82ba97bf93b705e60a9d4357cf  2010.1/i586/libapr-util-devel-1.3.9-3.1mdv2010.1.i586.rpm 
 dd5ef7f688dead375e68317c0fed321e  2010.1/SRPMS/apr-util-1.3.9-3.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 04b62364aa944ce3e0a7c1b538ef1946  2010.1/x86_64/apr-util-dbd-freetds-1.3.9-3.1mdv2010.1.x86_64.rpm
 a8ae3d5f09428067ca0e10bb24e7c20b  2010.1/x86_64/apr-util-dbd-ldap-1.3.9-3.1mdv2010.1.x86_64.rpm
 b16193bf6bdc2a4de1c09b09c4fc22e4  2010.1/x86_64/apr-util-dbd-mysql-1.3.9-3.1mdv2010.1.x86_64.rpm
 6762861af1375dfea380a617cc87442d  2010.1/x86_64/apr-util-dbd-odbc-1.3.9-3.1mdv2010.1.x86_64.rpm
 b39be4553beb8d25cb2d08483c2dcabe  2010.1/x86_64/apr-util-dbd-pgsql-1.3.9-3.1mdv2010.1.x86_64.rpm
 f91c0e9e31da23c9aa178dd2fcddebb9  2010.1/x86_64/apr-util-dbd-sqlite3-1.3.9-3.1mdv2010.1.x86_64.rpm
 caab16e8c0b8b90cfd78fb0ac14d0e97  2010.1/x86_64/apr-util-dbm-db-1.3.9-3.1mdv2010.1.x86_64.rpm
 455cacb44b17d813b7c9f7cb1d161b65  2010.1/x86_64/lib64apr-util1-1.3.9-3.1mdv2010.1.x86_64.rpm
 172c3e83a4bad8b5819d46cb90076fea  2010.1/x86_64/lib64apr-util-devel-1.3.9-3.1mdv2010.1.x86_64.rpm 
 dd5ef7f688dead375e68317c0fed321e  2010.1/SRPMS/apr-util-1.3.9-3.1mdv2010.1.src.rpm

 Corporate 4.0:
 37c7afc1d2b2d7d5dd2a946982ef738a  corporate/4.0/i586/apr-util-dbd-mysql-1.2.7-6.3.20060mlcs4.i586.rpm
 b3d072af8d55034a4438fcf39758045a  corporate/4.0/i586/apr-util-dbd-pgsql-1.2.7-6.3.20060mlcs4.i586.rpm
 acded08fd4d734ec0af5553356509dbb  corporate/4.0/i586/apr-util-dbd-sqlite3-1.2.7-6.3.20060mlcs4.i586.rpm
 36f03264536ce6751ded2c5c57b9844b  corporate/4.0/i586/libapr-util1-1.2.7-6.3.20060mlcs4.i586.rpm
 ea63f8860d6dcfb945a6dfb7165d44f6  corporate/4.0/i586/libapr-util1-devel-1.2.7-6.3.20060mlcs4.i586.rpm 
 d92771b20285bc9a35950bdef2b72b2a  corporate/4.0/SRPMS/apr-util-1.2.7-6.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 76bf5cc4c9b7faeb65bb556e0cc59fc2  corporate/4.0/x86_64/apr-util-dbd-mysql-1.2.7-6.3.20060mlcs4.x86_64.rpm
 f271acf4919d8bd17955edf6a8e9aeaa  corporate/4.0/x86_64/apr-util-dbd-pgsql-1.2.7-6.3.20060mlcs4.x86_64.rpm
 e7292a6383fc575c8233ee39fbfa043f  corporate/4.0/x86_64/apr-util-dbd-sqlite3-1.2.7-6.3.20060mlcs4.x86_64.rpm
 df2bb4a6432f2c12507569696a71104d  corporate/4.0/x86_64/lib64apr-util1-1.2.7-6.3.20060mlcs4.x86_64.rpm
 205e677a87b282e8a85ef3116ebce4ed  corporate/4.0/x86_64/lib64apr-util1-devel-1.2.7-6.3.20060mlcs4.x86_64.rpm 
 d92771b20285bc9a35950bdef2b72b2a  corporate/4.0/SRPMS/apr-util-1.2.7-6.3.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 99959b762a9e8c29e7a7a8041aaa73e6  mes5/i586/apr-util-dbd-freetds-1.3.4-2.4mdvmes5.1.i586.rpm
 5e2d4d7cce62ba53d020389423f1b2af  mes5/i586/apr-util-dbd-ldap-1.3.4-2.4mdvmes5.1.i586.rpm
 0415313632f4df4518b024703f1b3915  mes5/i586/apr-util-dbd-mysql-1.3.4-2.4mdvmes5.1.i586.rpm
 64f80ec4486143424fd313c06a4c9d48  mes5/i586/apr-util-dbd-odbc-1.3.4-2.4mdvmes5.1.i586.rpm
 a87a16a3d1879576b30fa32bc3a87b3a  mes5/i586/apr-util-dbd-pgsql-1.3.4-2.4mdvmes5.1.i586.rpm
 e0c797c2d43cea44b10e42def4ab2257  mes5/i586/apr-util-dbd-sqlite3-1.3.4-2.4mdvmes5.1.i586.rpm
 abad5a5f2f5a82616a189cbdb01d27dc  mes5/i586/libapr-util1-1.3.4-2.4mdvmes5.1.i586.rpm
 13b3f835de86c79c07275eccdcd8f19e  mes5/i586/libapr-util-devel-1.3.4-2.4mdvmes5.1.i586.rpm 
 a7b8f4cbbbce29d309628ba9b43ba647  mes5/SRPMS/apr-util-1.3.4-2.4mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 20c75ba7bf7f2886ad994e94c1e1a688  mes5/x86_64/apr-util-dbd-freetds-1.3.4-2.4mdvmes5.1.x86_64.rpm
 e41e3b30ce6dee38ab658dff6a785fa6  mes5/x86_64/apr-util-dbd-ldap-1.3.4-2.4mdvmes5.1.x86_64.rpm
 0e8608ef763527c8bc1242bbcc061da8  mes5/x86_64/apr-util-dbd-mysql-1.3.4-2.4mdvmes5.1.x86_64.rpm
 31a7b8fe04018448a0bb40641d7b1da8  mes5/x86_64/apr-util-dbd-odbc-1.3.4-2.4mdvmes5.1.x86_64.rpm
 e8379a5953bee84c8a4ccf5e56eeb3a5  mes5/x86_64/apr-util-dbd-pgsql-1.3.4-2.4mdvmes5.1.x86_64.rpm
 3996de5f56896841e445a6cc56d3ab61  mes5/x86_64/apr-util-dbd-sqlite3-1.3.4-2.4mdvmes5.1.x86_64.rpm
 6399751a3c9ab86ccd1c60043ced4de2  mes5/x86_64/lib64apr-util1-1.3.4-2.4mdvmes5.1.x86_64.rpm
 91e6585e482c43542c4fb08512f171b6  mes5/x86_64/lib64apr-util-devel-1.3.4-2.4mdvmes5.1.x86_64.rpm 
 a7b8f4cbbbce29d309628ba9b43ba647  mes5/SRPMS/apr-util-1.3.4-2.4mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMp2gfmqjQ0CJFipgRAt4MAKDyY5474rouxr68uwdAJFM5ccGCWQCgluf4
+3Ue46VyQAyCWIdyaxpp9no=
=hI/k
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ