[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1P291t-0005l2-75@titan.mandriva.com>
Date: Sat, 02 Oct 2010 22:50:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:192 ] apr-util
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:192
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apr-util
Date : October 2, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A denial of service attack against apr_brigade_split_line() was
discovered in apr-util (CVE-2010-1623).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623
http://svn.apache.org/viewvc?view=revision&revision=1003494
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
0f0a7a89ae55aadde220ec2addb62ecb 2008.0/i586/apr-util-dbd-mysql-1.2.10-1.2mdv2008.0.i586.rpm
95338fe510f971933c3c8073727ce618 2008.0/i586/apr-util-dbd-pgsql-1.2.10-1.2mdv2008.0.i586.rpm
3b116b31712e8cb25843e5a5fe82bcfc 2008.0/i586/apr-util-dbd-sqlite3-1.2.10-1.2mdv2008.0.i586.rpm
37703fb6b512baf59b795530a34e2db0 2008.0/i586/libapr-util1-1.2.10-1.2mdv2008.0.i586.rpm
0c6d489de4654e52abcac77bf2525497 2008.0/i586/libapr-util-devel-1.2.10-1.2mdv2008.0.i586.rpm
31f565a4c7e40d22de0d19f6fe27947f 2008.0/SRPMS/apr-util-1.2.10-1.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
14b4f0ee8d6aa175fa9e31ea2e636644 2008.0/x86_64/apr-util-dbd-mysql-1.2.10-1.2mdv2008.0.x86_64.rpm
340d47ec560aa3c3c46c26ce4ccf7b80 2008.0/x86_64/apr-util-dbd-pgsql-1.2.10-1.2mdv2008.0.x86_64.rpm
e5cb7c43589ac3e3cef57c32ed4b48f0 2008.0/x86_64/apr-util-dbd-sqlite3-1.2.10-1.2mdv2008.0.x86_64.rpm
c049cdabacbbafb05fd775f8c8a4c4f0 2008.0/x86_64/lib64apr-util1-1.2.10-1.2mdv2008.0.x86_64.rpm
fca193ff0018c87be501b7f1cc17f4a0 2008.0/x86_64/lib64apr-util-devel-1.2.10-1.2mdv2008.0.x86_64.rpm
31f565a4c7e40d22de0d19f6fe27947f 2008.0/SRPMS/apr-util-1.2.10-1.2mdv2008.0.src.rpm
Mandriva Linux 2009.0:
0f656cdddd156450885327bc1ebe8a3d 2009.0/i586/apr-util-dbd-freetds-1.3.4-2.4mdv2009.0.i586.rpm
0b27531d8603ef0046d1ecbd52bd066b 2009.0/i586/apr-util-dbd-ldap-1.3.4-2.4mdv2009.0.i586.rpm
b953deb329e282e9581e7e313c07ed76 2009.0/i586/apr-util-dbd-mysql-1.3.4-2.4mdv2009.0.i586.rpm
447213e5c8f79056ea4feb876100dd8a 2009.0/i586/apr-util-dbd-odbc-1.3.4-2.4mdv2009.0.i586.rpm
859195910511e75007717a8215a2867d 2009.0/i586/apr-util-dbd-pgsql-1.3.4-2.4mdv2009.0.i586.rpm
a30f411ba441c03f211897409056cfec 2009.0/i586/apr-util-dbd-sqlite3-1.3.4-2.4mdv2009.0.i586.rpm
bc7042e923c2417424916b4af22cc011 2009.0/i586/libapr-util1-1.3.4-2.4mdv2009.0.i586.rpm
cce9d4fa39e9ea354e40dbbab9bf8556 2009.0/i586/libapr-util-devel-1.3.4-2.4mdv2009.0.i586.rpm
3aff05faba17156c0c2891c840994afb 2009.0/SRPMS/apr-util-1.3.4-2.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
b5584a5d68829432416dd72637614313 2009.0/x86_64/apr-util-dbd-freetds-1.3.4-2.4mdv2009.0.x86_64.rpm
7512a01982585a0c13a1900d0fb5cfd0 2009.0/x86_64/apr-util-dbd-ldap-1.3.4-2.4mdv2009.0.x86_64.rpm
ce1b43cee0adea7473e35dd7bb7a8a80 2009.0/x86_64/apr-util-dbd-mysql-1.3.4-2.4mdv2009.0.x86_64.rpm
c669db3ca0188ff08e6d960d7caecfa6 2009.0/x86_64/apr-util-dbd-odbc-1.3.4-2.4mdv2009.0.x86_64.rpm
2dbd14c6c46263100ceb452fff4a4703 2009.0/x86_64/apr-util-dbd-pgsql-1.3.4-2.4mdv2009.0.x86_64.rpm
2b054ec7c879389f507f99d41a1fa55b 2009.0/x86_64/apr-util-dbd-sqlite3-1.3.4-2.4mdv2009.0.x86_64.rpm
2824b2b491da4991aecef5fd9b7fa68e 2009.0/x86_64/lib64apr-util1-1.3.4-2.4mdv2009.0.x86_64.rpm
776f7bd8add07ed6c441a4c79c693bcf 2009.0/x86_64/lib64apr-util-devel-1.3.4-2.4mdv2009.0.x86_64.rpm
3aff05faba17156c0c2891c840994afb 2009.0/SRPMS/apr-util-1.3.4-2.4mdv2009.0.src.rpm
Mandriva Linux 2009.1:
001d390f4321be10b4939425b44dec6c 2009.1/i586/apr-util-dbd-freetds-1.3.4-9.3mdv2009.1.i586.rpm
6e0a9f8d9ce14618ab4f50100af1facf 2009.1/i586/apr-util-dbd-ldap-1.3.4-9.3mdv2009.1.i586.rpm
9360685a7758c51c691b800ec3426a40 2009.1/i586/apr-util-dbd-mysql-1.3.4-9.3mdv2009.1.i586.rpm
c81ae900616ce0d7c94f455347e7d6c4 2009.1/i586/apr-util-dbd-odbc-1.3.4-9.3mdv2009.1.i586.rpm
e891e8f91ce6b5a97b75747978051f65 2009.1/i586/apr-util-dbd-pgsql-1.3.4-9.3mdv2009.1.i586.rpm
743e80845e68b75df6c73f1fe6c9894f 2009.1/i586/apr-util-dbd-sqlite3-1.3.4-9.3mdv2009.1.i586.rpm
fce72f37686e7a70cb98d76f471fd2cd 2009.1/i586/libapr-util1-1.3.4-9.3mdv2009.1.i586.rpm
4a610df132d46c8599bab182dd61665c 2009.1/i586/libapr-util-devel-1.3.4-9.3mdv2009.1.i586.rpm
5d4de61925e94c72108f3c26fdd36bd3 2009.1/SRPMS/apr-util-1.3.4-9.3mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
119da8132add44a7541ad668b28ce4d8 2009.1/x86_64/apr-util-dbd-freetds-1.3.4-9.3mdv2009.1.x86_64.rpm
422cb11ac2c100b11dd2897668816567 2009.1/x86_64/apr-util-dbd-ldap-1.3.4-9.3mdv2009.1.x86_64.rpm
ec451e6c20a3a3c0f3c7e9f5e9aa502e 2009.1/x86_64/apr-util-dbd-mysql-1.3.4-9.3mdv2009.1.x86_64.rpm
fc72b14950c52fd5a7056995d259bfc2 2009.1/x86_64/apr-util-dbd-odbc-1.3.4-9.3mdv2009.1.x86_64.rpm
278986ccd687de4b2c08337364dd497d 2009.1/x86_64/apr-util-dbd-pgsql-1.3.4-9.3mdv2009.1.x86_64.rpm
b57deb5f7f6e4610241e065e17b06c1d 2009.1/x86_64/apr-util-dbd-sqlite3-1.3.4-9.3mdv2009.1.x86_64.rpm
b714a6dcb61dd9dc89042c198f34af21 2009.1/x86_64/lib64apr-util1-1.3.4-9.3mdv2009.1.x86_64.rpm
01b9bf2eeb3a78ce738ac791a3089f03 2009.1/x86_64/lib64apr-util-devel-1.3.4-9.3mdv2009.1.x86_64.rpm
5d4de61925e94c72108f3c26fdd36bd3 2009.1/SRPMS/apr-util-1.3.4-9.3mdv2009.1.src.rpm
Mandriva Linux 2010.0:
7104f899bcc0d33436a8c916d469950f 2010.0/i586/apr-util-dbd-freetds-1.3.9-1.1mdv2010.0.i586.rpm
cbfba9e9fe72e3534b8a80d3609ddc4c 2010.0/i586/apr-util-dbd-ldap-1.3.9-1.1mdv2010.0.i586.rpm
eefc82df01c75c8dd213a565dc1ca07e 2010.0/i586/apr-util-dbd-mysql-1.3.9-1.1mdv2010.0.i586.rpm
7683f369d6978a0655cec399218fac7c 2010.0/i586/apr-util-dbd-odbc-1.3.9-1.1mdv2010.0.i586.rpm
35c21ae63429aae906c61b1075cb87b5 2010.0/i586/apr-util-dbd-pgsql-1.3.9-1.1mdv2010.0.i586.rpm
124086ec608347efd1a3d21fcb05a2a9 2010.0/i586/apr-util-dbd-sqlite3-1.3.9-1.1mdv2010.0.i586.rpm
2ed8516ac72d308629bc66614a067640 2010.0/i586/apr-util-dbm-db-1.3.9-1.1mdv2010.0.i586.rpm
ce89f9af479706258a09ca920570a23b 2010.0/i586/libapr-util1-1.3.9-1.1mdv2010.0.i586.rpm
6ce488984efbeffa3ee59d13b8a163ee 2010.0/i586/libapr-util-devel-1.3.9-1.1mdv2010.0.i586.rpm
4d89f78015a68e376ffb468d9a1e5a3b 2010.0/SRPMS/apr-util-1.3.9-1.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
6ef2f004c07e8c85750eaba0249c17dc 2010.0/x86_64/apr-util-dbd-freetds-1.3.9-1.1mdv2010.0.x86_64.rpm
78efec7bd1638218c39fb77f6461699c 2010.0/x86_64/apr-util-dbd-ldap-1.3.9-1.1mdv2010.0.x86_64.rpm
4a9af9f05c7ae8fdcc33e2a234132386 2010.0/x86_64/apr-util-dbd-mysql-1.3.9-1.1mdv2010.0.x86_64.rpm
5000249ae003a1c960c82ee956708525 2010.0/x86_64/apr-util-dbd-odbc-1.3.9-1.1mdv2010.0.x86_64.rpm
a94630ddf4a6ddac834a10fb2adcf7f4 2010.0/x86_64/apr-util-dbd-pgsql-1.3.9-1.1mdv2010.0.x86_64.rpm
9beb8d95b2255c339f04e1375274d671 2010.0/x86_64/apr-util-dbd-sqlite3-1.3.9-1.1mdv2010.0.x86_64.rpm
921a170766b859c3e03f571c716fb8d8 2010.0/x86_64/apr-util-dbm-db-1.3.9-1.1mdv2010.0.x86_64.rpm
8431b937315bcb9ae31186c304fc7728 2010.0/x86_64/lib64apr-util1-1.3.9-1.1mdv2010.0.x86_64.rpm
68766b794688d7778689559bbf561440 2010.0/x86_64/lib64apr-util-devel-1.3.9-1.1mdv2010.0.x86_64.rpm
4d89f78015a68e376ffb468d9a1e5a3b 2010.0/SRPMS/apr-util-1.3.9-1.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
c1f6da21eceff9f12ce9e5fdbc139e2c 2010.1/i586/apr-util-dbd-freetds-1.3.9-3.1mdv2010.1.i586.rpm
02448a005cab83d33dc1caa5acb09354 2010.1/i586/apr-util-dbd-ldap-1.3.9-3.1mdv2010.1.i586.rpm
ac43c4ba22c1bb989b8472099acc72bc 2010.1/i586/apr-util-dbd-mysql-1.3.9-3.1mdv2010.1.i586.rpm
43357c5c03ba2087262f89c18345c0ce 2010.1/i586/apr-util-dbd-odbc-1.3.9-3.1mdv2010.1.i586.rpm
e9446e8917d7534c5b9e8940244ea67a 2010.1/i586/apr-util-dbd-pgsql-1.3.9-3.1mdv2010.1.i586.rpm
e4b9edb06489f316c72932d3a995a4bb 2010.1/i586/apr-util-dbd-sqlite3-1.3.9-3.1mdv2010.1.i586.rpm
1a55fe7dc1a04f59af8ea2e71faa97de 2010.1/i586/apr-util-dbm-db-1.3.9-3.1mdv2010.1.i586.rpm
eba84956ada0732d44d90d77a611bfc4 2010.1/i586/libapr-util1-1.3.9-3.1mdv2010.1.i586.rpm
3b00ce82ba97bf93b705e60a9d4357cf 2010.1/i586/libapr-util-devel-1.3.9-3.1mdv2010.1.i586.rpm
dd5ef7f688dead375e68317c0fed321e 2010.1/SRPMS/apr-util-1.3.9-3.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
04b62364aa944ce3e0a7c1b538ef1946 2010.1/x86_64/apr-util-dbd-freetds-1.3.9-3.1mdv2010.1.x86_64.rpm
a8ae3d5f09428067ca0e10bb24e7c20b 2010.1/x86_64/apr-util-dbd-ldap-1.3.9-3.1mdv2010.1.x86_64.rpm
b16193bf6bdc2a4de1c09b09c4fc22e4 2010.1/x86_64/apr-util-dbd-mysql-1.3.9-3.1mdv2010.1.x86_64.rpm
6762861af1375dfea380a617cc87442d 2010.1/x86_64/apr-util-dbd-odbc-1.3.9-3.1mdv2010.1.x86_64.rpm
b39be4553beb8d25cb2d08483c2dcabe 2010.1/x86_64/apr-util-dbd-pgsql-1.3.9-3.1mdv2010.1.x86_64.rpm
f91c0e9e31da23c9aa178dd2fcddebb9 2010.1/x86_64/apr-util-dbd-sqlite3-1.3.9-3.1mdv2010.1.x86_64.rpm
caab16e8c0b8b90cfd78fb0ac14d0e97 2010.1/x86_64/apr-util-dbm-db-1.3.9-3.1mdv2010.1.x86_64.rpm
455cacb44b17d813b7c9f7cb1d161b65 2010.1/x86_64/lib64apr-util1-1.3.9-3.1mdv2010.1.x86_64.rpm
172c3e83a4bad8b5819d46cb90076fea 2010.1/x86_64/lib64apr-util-devel-1.3.9-3.1mdv2010.1.x86_64.rpm
dd5ef7f688dead375e68317c0fed321e 2010.1/SRPMS/apr-util-1.3.9-3.1mdv2010.1.src.rpm
Corporate 4.0:
37c7afc1d2b2d7d5dd2a946982ef738a corporate/4.0/i586/apr-util-dbd-mysql-1.2.7-6.3.20060mlcs4.i586.rpm
b3d072af8d55034a4438fcf39758045a corporate/4.0/i586/apr-util-dbd-pgsql-1.2.7-6.3.20060mlcs4.i586.rpm
acded08fd4d734ec0af5553356509dbb corporate/4.0/i586/apr-util-dbd-sqlite3-1.2.7-6.3.20060mlcs4.i586.rpm
36f03264536ce6751ded2c5c57b9844b corporate/4.0/i586/libapr-util1-1.2.7-6.3.20060mlcs4.i586.rpm
ea63f8860d6dcfb945a6dfb7165d44f6 corporate/4.0/i586/libapr-util1-devel-1.2.7-6.3.20060mlcs4.i586.rpm
d92771b20285bc9a35950bdef2b72b2a corporate/4.0/SRPMS/apr-util-1.2.7-6.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
76bf5cc4c9b7faeb65bb556e0cc59fc2 corporate/4.0/x86_64/apr-util-dbd-mysql-1.2.7-6.3.20060mlcs4.x86_64.rpm
f271acf4919d8bd17955edf6a8e9aeaa corporate/4.0/x86_64/apr-util-dbd-pgsql-1.2.7-6.3.20060mlcs4.x86_64.rpm
e7292a6383fc575c8233ee39fbfa043f corporate/4.0/x86_64/apr-util-dbd-sqlite3-1.2.7-6.3.20060mlcs4.x86_64.rpm
df2bb4a6432f2c12507569696a71104d corporate/4.0/x86_64/lib64apr-util1-1.2.7-6.3.20060mlcs4.x86_64.rpm
205e677a87b282e8a85ef3116ebce4ed corporate/4.0/x86_64/lib64apr-util1-devel-1.2.7-6.3.20060mlcs4.x86_64.rpm
d92771b20285bc9a35950bdef2b72b2a corporate/4.0/SRPMS/apr-util-1.2.7-6.3.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
99959b762a9e8c29e7a7a8041aaa73e6 mes5/i586/apr-util-dbd-freetds-1.3.4-2.4mdvmes5.1.i586.rpm
5e2d4d7cce62ba53d020389423f1b2af mes5/i586/apr-util-dbd-ldap-1.3.4-2.4mdvmes5.1.i586.rpm
0415313632f4df4518b024703f1b3915 mes5/i586/apr-util-dbd-mysql-1.3.4-2.4mdvmes5.1.i586.rpm
64f80ec4486143424fd313c06a4c9d48 mes5/i586/apr-util-dbd-odbc-1.3.4-2.4mdvmes5.1.i586.rpm
a87a16a3d1879576b30fa32bc3a87b3a mes5/i586/apr-util-dbd-pgsql-1.3.4-2.4mdvmes5.1.i586.rpm
e0c797c2d43cea44b10e42def4ab2257 mes5/i586/apr-util-dbd-sqlite3-1.3.4-2.4mdvmes5.1.i586.rpm
abad5a5f2f5a82616a189cbdb01d27dc mes5/i586/libapr-util1-1.3.4-2.4mdvmes5.1.i586.rpm
13b3f835de86c79c07275eccdcd8f19e mes5/i586/libapr-util-devel-1.3.4-2.4mdvmes5.1.i586.rpm
a7b8f4cbbbce29d309628ba9b43ba647 mes5/SRPMS/apr-util-1.3.4-2.4mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
20c75ba7bf7f2886ad994e94c1e1a688 mes5/x86_64/apr-util-dbd-freetds-1.3.4-2.4mdvmes5.1.x86_64.rpm
e41e3b30ce6dee38ab658dff6a785fa6 mes5/x86_64/apr-util-dbd-ldap-1.3.4-2.4mdvmes5.1.x86_64.rpm
0e8608ef763527c8bc1242bbcc061da8 mes5/x86_64/apr-util-dbd-mysql-1.3.4-2.4mdvmes5.1.x86_64.rpm
31a7b8fe04018448a0bb40641d7b1da8 mes5/x86_64/apr-util-dbd-odbc-1.3.4-2.4mdvmes5.1.x86_64.rpm
e8379a5953bee84c8a4ccf5e56eeb3a5 mes5/x86_64/apr-util-dbd-pgsql-1.3.4-2.4mdvmes5.1.x86_64.rpm
3996de5f56896841e445a6cc56d3ab61 mes5/x86_64/apr-util-dbd-sqlite3-1.3.4-2.4mdvmes5.1.x86_64.rpm
6399751a3c9ab86ccd1c60043ced4de2 mes5/x86_64/lib64apr-util1-1.3.4-2.4mdvmes5.1.x86_64.rpm
91e6585e482c43542c4fb08512f171b6 mes5/x86_64/lib64apr-util-devel-1.3.4-2.4mdvmes5.1.x86_64.rpm
a7b8f4cbbbce29d309628ba9b43ba647 mes5/SRPMS/apr-util-1.3.4-2.4mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMp2gfmqjQ0CJFipgRAt4MAKDyY5474rouxr68uwdAJFM5ccGCWQCgluf4
+3Ue46VyQAyCWIdyaxpp9no=
=hI/k
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists