lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1ROAvW-0005y7-5D@titan.mandriva.com>
Date: Wed, 09 Nov 2011 17:23:02 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:168 ] apache

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:168
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : apache
 Date    : November 9, 2011
 Affected: 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in apache:
 
 The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21,
 when used with mod_proxy_balancer in certain configurations, allows
 remote attackers to cause a denial of service (temporary error state
 in the backend server) via a malformed HTTP request (CVE-2011-3348).
 
 The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory
 introduced regressions in the way httpd handled certain Range HTTP
 header values.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348
 https://issues.apache.org/bugzilla/show_bug.cgi?id=51878
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 efa3019014628e3c480750c1f2004a7c  2010.1/i586/apache-base-2.2.15-3.5mdv2010.2.i586.rpm
 3087616095041b2a0ec35a4f07b0db39  2010.1/i586/apache-devel-2.2.15-3.5mdv2010.2.i586.rpm
 f64f79810c740c6ea48a62b6efaa2e57  2010.1/i586/apache-htcacheclean-2.2.15-3.5mdv2010.2.i586.rpm
 54193e742de9f3c09033686110dbcf12  2010.1/i586/apache-mod_authn_dbd-2.2.15-3.5mdv2010.2.i586.rpm
 5190c0b547fdabd83f11f2c0b3c4c59c  2010.1/i586/apache-mod_cache-2.2.15-3.5mdv2010.2.i586.rpm
 797c23a6d7bd773b56f12ef80e598bd3  2010.1/i586/apache-mod_dav-2.2.15-3.5mdv2010.2.i586.rpm
 2489ede1721764643b2942292de4e43a  2010.1/i586/apache-mod_dbd-2.2.15-3.5mdv2010.2.i586.rpm
 32132cdd5a453e1d35b34ad86756469b  2010.1/i586/apache-mod_deflate-2.2.15-3.5mdv2010.2.i586.rpm
 bb94bf4569a6979b23bbf29e51172deb  2010.1/i586/apache-mod_disk_cache-2.2.15-3.5mdv2010.2.i586.rpm
 c0465fd2bf450d8229c92ebd7b96e796  2010.1/i586/apache-mod_file_cache-2.2.15-3.5mdv2010.2.i586.rpm
 8fe0536c0567db805b18eee9b6fbae4c  2010.1/i586/apache-mod_ldap-2.2.15-3.5mdv2010.2.i586.rpm
 f9f7679d70d4c06573737e401c9efa56  2010.1/i586/apache-mod_mem_cache-2.2.15-3.5mdv2010.2.i586.rpm
 bb61c23cadc265c1182e4d08beaf6834  2010.1/i586/apache-mod_proxy-2.2.15-3.5mdv2010.2.i586.rpm
 724885ee3820d7b0ae7c20a188fb8c54  2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.5mdv2010.2.i586.rpm
 2582960ff8ed44b516dba77a8ca3f79e  2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.5mdv2010.2.i586.rpm
 54829077b157f55baa47bcb05769c039  2010.1/i586/apache-mod_reqtimeout-2.2.15-3.5mdv2010.2.i586.rpm
 2e977bb1f6a182a2c70912167265ce50  2010.1/i586/apache-mod_ssl-2.2.15-3.5mdv2010.2.i586.rpm
 a5bf2b114ee2d72336adce28811c3037  2010.1/i586/apache-modules-2.2.15-3.5mdv2010.2.i586.rpm
 83b2206a476ef960dd2267e42b2121af  2010.1/i586/apache-mod_userdir-2.2.15-3.5mdv2010.2.i586.rpm
 e5c81b0d5dee76dfe644188c719208fd  2010.1/i586/apache-mpm-event-2.2.15-3.5mdv2010.2.i586.rpm
 1f565927f0329db6a6dcbfc146862d7d  2010.1/i586/apache-mpm-itk-2.2.15-3.5mdv2010.2.i586.rpm
 9fe74c5aa75109bd04e60278d3ce4f27  2010.1/i586/apache-mpm-peruser-2.2.15-3.5mdv2010.2.i586.rpm
 3a253e811772ae2eeed3ed028bb05dec  2010.1/i586/apache-mpm-prefork-2.2.15-3.5mdv2010.2.i586.rpm
 ada4b77b392aa8a5b6c283d1d3394f19  2010.1/i586/apache-mpm-worker-2.2.15-3.5mdv2010.2.i586.rpm
 f777f009148573676e3bda6fa9d3472a  2010.1/i586/apache-source-2.2.15-3.5mdv2010.2.i586.rpm 
 30b49a94b9485639515c5323a58a87b2  2010.1/SRPMS/apache-2.2.15-3.5mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 904ac3e39e1544ac03201c638f272461  2010.1/x86_64/apache-base-2.2.15-3.5mdv2010.2.x86_64.rpm
 48164409c194bc836764f105d332b9b2  2010.1/x86_64/apache-devel-2.2.15-3.5mdv2010.2.x86_64.rpm
 7f9ba9d3b24e352fd9c6dbb770d1c0e2  2010.1/x86_64/apache-htcacheclean-2.2.15-3.5mdv2010.2.x86_64.rpm
 bfc5629f34ceec77cc9f63cbacedec8b  2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.5mdv2010.2.x86_64.rpm
 e4f47be08c6bf1e1e12f8f8263014238  2010.1/x86_64/apache-mod_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
 01f8ba996efc43df6e94cf3ba7b960ee  2010.1/x86_64/apache-mod_dav-2.2.15-3.5mdv2010.2.x86_64.rpm
 07b4081d62a107a075f1b2e13a505496  2010.1/x86_64/apache-mod_dbd-2.2.15-3.5mdv2010.2.x86_64.rpm
 42dc96e272815486f57db1fc5b5006c3  2010.1/x86_64/apache-mod_deflate-2.2.15-3.5mdv2010.2.x86_64.rpm
 5ab4bcddcd345aee9938a53f8c66f652  2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
 8bc139a4c4ce0381292885d35e0dc9a8  2010.1/x86_64/apache-mod_file_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
 d7add6101b8b2393c9e16bbe4570e474  2010.1/x86_64/apache-mod_ldap-2.2.15-3.5mdv2010.2.x86_64.rpm
 4276d115ba3061e90c55b3614fc094e9  2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
 f12d0cfb139cfe7b46b2a6d6d0dbea74  2010.1/x86_64/apache-mod_proxy-2.2.15-3.5mdv2010.2.x86_64.rpm
 527aa8011d33407b6e7419f51b1ba1f4  2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.5mdv2010.2.x86_64.rpm
 4b4fbeb9ae7243582d7a6d0f702c2f22  2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.5mdv2010.2.x86_64.rpm
 fc812b63a2078aa8ee8cd6bbee447589  2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.5mdv2010.2.x86_64.rpm
 5b13aaae983d8d37ade193afe05f97d0  2010.1/x86_64/apache-mod_ssl-2.2.15-3.5mdv2010.2.x86_64.rpm
 c00c4fd9fd7bb6179f96e65567c6197d  2010.1/x86_64/apache-modules-2.2.15-3.5mdv2010.2.x86_64.rpm
 0280efe603339cea73a9989d1e216d2e  2010.1/x86_64/apache-mod_userdir-2.2.15-3.5mdv2010.2.x86_64.rpm
 53d1ba40692126ce9d98110e754bdece  2010.1/x86_64/apache-mpm-event-2.2.15-3.5mdv2010.2.x86_64.rpm
 74caa9e8aee48eb0506d91acd2c8075e  2010.1/x86_64/apache-mpm-itk-2.2.15-3.5mdv2010.2.x86_64.rpm
 73e3ada13fe3df988d00ae0a7c31a8e4  2010.1/x86_64/apache-mpm-peruser-2.2.15-3.5mdv2010.2.x86_64.rpm
 81ab4347551eb3c860b01985e614e309  2010.1/x86_64/apache-mpm-prefork-2.2.15-3.5mdv2010.2.x86_64.rpm
 16164f1d9cbaf6e4d80874ef53a8b6fa  2010.1/x86_64/apache-mpm-worker-2.2.15-3.5mdv2010.2.x86_64.rpm
 990b96231afbdc851ff03ccbb0e1203d  2010.1/x86_64/apache-source-2.2.15-3.5mdv2010.2.x86_64.rpm 
 30b49a94b9485639515c5323a58a87b2  2010.1/SRPMS/apache-2.2.15-3.5mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 000a1b64448acad341d2bead5a7b2b40  mes5/i586/apache-base-2.2.9-12.14mdvmes5.2.i586.rpm
 4c904a9851b0a6b54c936952e21d4f9a  mes5/i586/apache-devel-2.2.9-12.14mdvmes5.2.i586.rpm
 f8772da8100473cdb73c580764a052ff  mes5/i586/apache-htcacheclean-2.2.9-12.14mdvmes5.2.i586.rpm
 df5ff9f23abbf7bfdfe3290dd229fa3c  mes5/i586/apache-mod_authn_dbd-2.2.9-12.14mdvmes5.2.i586.rpm
 495e3856b6a6c6deed0879a74ff96e91  mes5/i586/apache-mod_cache-2.2.9-12.14mdvmes5.2.i586.rpm
 19bf954e5808bb55904eb15e0da83eaa  mes5/i586/apache-mod_dav-2.2.9-12.14mdvmes5.2.i586.rpm
 69b7ed150f649056ca9ed5c8dbb69ab9  mes5/i586/apache-mod_dbd-2.2.9-12.14mdvmes5.2.i586.rpm
 e0ef096233b8ab089944bd97a636d984  mes5/i586/apache-mod_deflate-2.2.9-12.14mdvmes5.2.i586.rpm
 ba8efbb0753f0c4b9e0542714c0dc38d  mes5/i586/apache-mod_disk_cache-2.2.9-12.14mdvmes5.2.i586.rpm
 778ee556b1cccf580aafe55104718ced  mes5/i586/apache-mod_file_cache-2.2.9-12.14mdvmes5.2.i586.rpm
 7e779a0c3ab9bf94a0f07a37b5a1ad76  mes5/i586/apache-mod_ldap-2.2.9-12.14mdvmes5.2.i586.rpm
 f1a30b1609adfd75a1d1aa81145cc2b1  mes5/i586/apache-mod_mem_cache-2.2.9-12.14mdvmes5.2.i586.rpm
 fe9fcfd8ca9b7129de9535aee2917f3f  mes5/i586/apache-mod_proxy-2.2.9-12.14mdvmes5.2.i586.rpm
 95943de5218e180dcdc4088e5757f6db  mes5/i586/apache-mod_proxy_ajp-2.2.9-12.14mdvmes5.2.i586.rpm
 318c98c15a80c6f54b5eafcb0f35c3dd  mes5/i586/apache-mod_ssl-2.2.9-12.14mdvmes5.2.i586.rpm
 a4d215acc80c76d8fa7296a1a9e71e66  mes5/i586/apache-modules-2.2.9-12.14mdvmes5.2.i586.rpm
 6dd522fae06c5b507125966862f3baeb  mes5/i586/apache-mod_userdir-2.2.9-12.14mdvmes5.2.i586.rpm
 f142012531d29a89eb26bdf94fed9e77  mes5/i586/apache-mpm-event-2.2.9-12.14mdvmes5.2.i586.rpm
 12f441381a02a93615f570de2984296d  mes5/i586/apache-mpm-itk-2.2.9-12.14mdvmes5.2.i586.rpm
 e6fe55d8db2ea5fb88ea1b39f76b0bdb  mes5/i586/apache-mpm-peruser-2.2.9-12.14mdvmes5.2.i586.rpm
 74ba90b3e16d7dc1bf44f28e83666086  mes5/i586/apache-mpm-prefork-2.2.9-12.14mdvmes5.2.i586.rpm
 89059e7700f61272a5a1bed0a5aa9854  mes5/i586/apache-mpm-worker-2.2.9-12.14mdvmes5.2.i586.rpm
 dceffe55d15d99932e04cf2b1f8f12c3  mes5/i586/apache-source-2.2.9-12.14mdvmes5.2.i586.rpm 
 1803c43f9aaa75ba96abb9b82b3f9cfd  mes5/SRPMS/apache-2.2.9-12.14mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 050aa909a942ddf054f913066552fbcc  mes5/x86_64/apache-base-2.2.9-12.14mdvmes5.2.x86_64.rpm
 2d9fa3f4003f8577fc372493a216ff4a  mes5/x86_64/apache-devel-2.2.9-12.14mdvmes5.2.x86_64.rpm
 68305995effc2bd9a1cc6c234da9ce88  mes5/x86_64/apache-htcacheclean-2.2.9-12.14mdvmes5.2.x86_64.rpm
 895e327ff7b75ba1489904c7f50c9219  mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.14mdvmes5.2.x86_64.rpm
 92f1a4e37e02079b707844c119f396cf  mes5/x86_64/apache-mod_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
 61c1d304dd3fc85717d1fdc74c62402a  mes5/x86_64/apache-mod_dav-2.2.9-12.14mdvmes5.2.x86_64.rpm
 b4f161ec2d9745ea40e6be83ec670ad4  mes5/x86_64/apache-mod_dbd-2.2.9-12.14mdvmes5.2.x86_64.rpm
 b3dd2d1cd1d3a4236c022254e7f5dae5  mes5/x86_64/apache-mod_deflate-2.2.9-12.14mdvmes5.2.x86_64.rpm
 6992b43e842ff1a77132c1667204a1f1  mes5/x86_64/apache-mod_disk_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
 68885f5adf906884bfede7be9b98c0de  mes5/x86_64/apache-mod_file_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
 38152f4ed136292e725f0cac2a836a23  mes5/x86_64/apache-mod_ldap-2.2.9-12.14mdvmes5.2.x86_64.rpm
 d4e4ab43908f41d33106e069e85e19f0  mes5/x86_64/apache-mod_mem_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
 4c54f275dd6dc1f4ef56c0fa26f1f262  mes5/x86_64/apache-mod_proxy-2.2.9-12.14mdvmes5.2.x86_64.rpm
 ab35ab1aedb6b0fe30143af8ebb1c51b  mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.14mdvmes5.2.x86_64.rpm
 86d6ca8156a2ec224dd2c8f064bfa685  mes5/x86_64/apache-mod_ssl-2.2.9-12.14mdvmes5.2.x86_64.rpm
 f0771cbbcad7bbbbb230ba17b49a00ec  mes5/x86_64/apache-modules-2.2.9-12.14mdvmes5.2.x86_64.rpm
 9d6ed0960614673c4085a2d9a90876b9  mes5/x86_64/apache-mod_userdir-2.2.9-12.14mdvmes5.2.x86_64.rpm
 2dfc496e8aea977d133823ccbb72f754  mes5/x86_64/apache-mpm-event-2.2.9-12.14mdvmes5.2.x86_64.rpm
 f1a306cc23d666161058585337e598e6  mes5/x86_64/apache-mpm-itk-2.2.9-12.14mdvmes5.2.x86_64.rpm
 ede25d1a607e03b8e65b3ecb46fd7b2b  mes5/x86_64/apache-mpm-peruser-2.2.9-12.14mdvmes5.2.x86_64.rpm
 67c5a299b3ed4c15341a54cbbc06a2bc  mes5/x86_64/apache-mpm-prefork-2.2.9-12.14mdvmes5.2.x86_64.rpm
 abd16d61836ee16d267d3cf29c68bdbf  mes5/x86_64/apache-mpm-worker-2.2.9-12.14mdvmes5.2.x86_64.rpm
 07dcbb776ca1b4261aa945b9daed5c3c  mes5/x86_64/apache-source-2.2.9-12.14mdvmes5.2.x86_64.rpm 
 1803c43f9aaa75ba96abb9b82b3f9cfd  mes5/SRPMS/apache-2.2.9-12.14mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOuoyXmqjQ0CJFipgRAnR9AKCyVUZGycLkHzYaojJWEYZEDJHEFgCfU3oa
SBbMFvjmZIC1PWkEhcd2oiU=
=HxW0
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ