Date: 11 May 2004 01:55:11 -0000
From: Mandrake Linux Security Team <[email protected]>
To: [email protected]Subject: MDKSA-2004:043 - Updated apache2 packages fixes a denial of service vulnerability in mod_ssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: apache2
Advisory ID: MDKSA-2004:043
Date: May 10th, 2004
Affected versions: 10.0, 9.1, 9.2
______________________________________________________________________
Problem Description:
A memory leak in mod_ssl in the Apache HTTP Server prior to version
2.0.49 allows a remote denial of service attack against an SSL-enabled
server.
The updated packages provide a patched mod_ssl to correct these
problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
532c951a2e856a199362407bbd720bea 10.0/RPMS/apache2-2.0.48-6.1.100mdk.i586.rpm
aaf7818ed49d7eea93cd8be9bafc9604 10.0/RPMS/apache2-common-2.0.48-6.1.100mdk.i586.rpm
42e8e3361a2870ae5c764bee2334d3d2 10.0/RPMS/apache2-devel-2.0.48-6.1.100mdk.i586.rpm
93974a49c89c02483887bdbd80108ab2 10.0/RPMS/apache2-manual-2.0.48-6.1.100mdk.i586.rpm
ba37cf3b1997eb9449a7b1639c495afe 10.0/RPMS/apache2-mod_cache-2.0.48-6.1.100mdk.i586.rpm
16a6141a93fb829f491daf60860f5666 10.0/RPMS/apache2-mod_dav-2.0.48-6.1.100mdk.i586.rpm
6a8d97f4e4ac74aad25483b22fad95fc 10.0/RPMS/apache2-mod_deflate-2.0.48-6.1.100mdk.i586.rpm
1827a1ecf6250cb6d31c2613ad810463 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.1.100mdk.i586.rpm
5ef4c065e071275a9b291e483b3986e5 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.1.100mdk.i586.rpm
9c863cb5101db085b9955824bd452092 10.0/RPMS/apache2-mod_ldap-2.0.48-6.1.100mdk.i586.rpm
677d50bcfd6400e2d599a0f6076b68af 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.1.100mdk.i586.rpm
b76151c0bedac4f608617ed2af18abf4 10.0/RPMS/apache2-mod_proxy-2.0.48-6.1.100mdk.i586.rpm
e2adf66af1c6741fb2054197c2dbd6a6 10.0/RPMS/apache2-mod_ssl-2.0.48-6.1.100mdk.i586.rpm
7a27537ef71bc4d5c54625b060dbedf5 10.0/RPMS/apache2-modules-2.0.48-6.1.100mdk.i586.rpm
62e878523dc30fa0eb026b89d53c1194 10.0/RPMS/apache2-source-2.0.48-6.1.100mdk.i586.rpm
2a6c31fcaeb7bd382b2014c0e26e7aa1 10.0/RPMS/libapr0-2.0.48-6.1.100mdk.i586.rpm
10f0202c416df685f75cdf2e9e17371e 10.0/SRPMS/apache2-2.0.48-6.1.100mdk.src.rpm
Mandrakelinux 9.1:
224e5dda94a7a7dab82d79f6c46396a8 9.1/RPMS/apache2-2.0.47-1.7.91mdk.i586.rpm
22968f6ad5b25bff2642ad28021fc4af 9.1/RPMS/apache2-common-2.0.47-1.7.91mdk.i586.rpm
f1f68cdc9b7b7d0c54147dc3bf6640fa 9.1/RPMS/apache2-devel-2.0.47-1.7.91mdk.i586.rpm
0be71b125b03073f6488f36169559c47 9.1/RPMS/apache2-manual-2.0.47-1.7.91mdk.i586.rpm
1ce19c65a7934dfb5fa62ed2115351eb 9.1/RPMS/apache2-mod_dav-2.0.47-1.7.91mdk.i586.rpm
7887a7082207cce69fcc2ced053a4044 9.1/RPMS/apache2-mod_ldap-2.0.47-1.7.91mdk.i586.rpm
4e719e3ec078fe05b6b58916baf311eb 9.1/RPMS/apache2-mod_ssl-2.0.47-1.7.91mdk.i586.rpm
1908bcc959a702a9d7265dc3116a6ead 9.1/RPMS/apache2-modules-2.0.47-1.7.91mdk.i586.rpm
5817db5654c325471219ec4b3c98ccf4 9.1/RPMS/apache2-source-2.0.47-1.7.91mdk.i586.rpm
fcbc8d2e20e477aa0b63bb6a7e67c55b 9.1/RPMS/libapr0-2.0.47-1.7.91mdk.i586.rpm
3a63938eae592a0437fb76f64c7efd60 9.1/SRPMS/apache2-2.0.47-1.7.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
b55c0dfd5a5d90ebc2e536c90d20ccf1 ppc/9.1/RPMS/apache2-2.0.47-1.7.91mdk.ppc.rpm
49400d29d0f7589bbd26f0ae3c4c689d ppc/9.1/RPMS/apache2-common-2.0.47-1.7.91mdk.ppc.rpm
b07803b544d4e001976229d21fbc531e ppc/9.1/RPMS/apache2-devel-2.0.47-1.7.91mdk.ppc.rpm
1fb08c4e5db906dc378b2f1c4899ea33 ppc/9.1/RPMS/apache2-manual-2.0.47-1.7.91mdk.ppc.rpm
fda663af745d7ad64279e9572dae211e ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.7.91mdk.ppc.rpm
d4de598464a6428923de3043ffa0c2a6 ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.7.91mdk.ppc.rpm
2105ce6164a02e459bb3eeeb07f3c8dd ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.7.91mdk.ppc.rpm
65b7f816e1931d238675d24b8395c610 ppc/9.1/RPMS/apache2-modules-2.0.47-1.7.91mdk.ppc.rpm
b1857e8f6b90546a8f0e1640e5af378d ppc/9.1/RPMS/apache2-source-2.0.47-1.7.91mdk.ppc.rpm
68860abfbb9e7ebd1454feebf2b261dd ppc/9.1/RPMS/libapr0-2.0.47-1.7.91mdk.ppc.rpm
3a63938eae592a0437fb76f64c7efd60 ppc/9.1/SRPMS/apache2-2.0.47-1.7.91mdk.src.rpm
Mandrakelinux 9.2:
789a99411d67d1ce4ea4476739fe8f05 9.2/RPMS/apache2-2.0.47-6.4.92mdk.i586.rpm
4a69dbc249db52654ce08c458bb12590 9.2/RPMS/apache2-common-2.0.47-6.4.92mdk.i586.rpm
e637e85cf0e7d26a3db224ca275873d4 9.2/RPMS/apache2-devel-2.0.47-6.4.92mdk.i586.rpm
aeba5b682e253a78068a7ee65de2f66c 9.2/RPMS/apache2-manual-2.0.47-6.4.92mdk.i586.rpm
81d435af697858141a8fabc90b33ae26 9.2/RPMS/apache2-mod_cache-2.0.47-6.4.92mdk.i586.rpm
b893135ff384838c0a349ea2eac4d3de 9.2/RPMS/apache2-mod_dav-2.0.47-6.4.92mdk.i586.rpm
9a20ef3b0904bf445b3ece28b7080164 9.2/RPMS/apache2-mod_deflate-2.0.47-6.4.92mdk.i586.rpm
ddec306b01653022bc65631bf05e5fde 9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.4.92mdk.i586.rpm
ffd1676b2b7b86846634979f4b168859 9.2/RPMS/apache2-mod_file_cache-2.0.47-6.4.92mdk.i586.rpm
bac512f8f990400ad0dbef903b38448b 9.2/RPMS/apache2-mod_ldap-2.0.47-6.4.92mdk.i586.rpm
7eda96296894a887d4d7618a24dc5aec 9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.4.92mdk.i586.rpm
6a79afc9bd5f1850be2bd82d244d8ccb 9.2/RPMS/apache2-mod_proxy-2.0.47-6.4.92mdk.i586.rpm
61972ba631c361f0e3f0863a26001d20 9.2/RPMS/apache2-mod_ssl-2.0.47-6.4.92mdk.i586.rpm
d97100f8181716eeb5d2ab4d20bb8bc1 9.2/RPMS/apache2-modules-2.0.47-6.4.92mdk.i586.rpm
08905fea2a078dbb36f953c17f334dce 9.2/RPMS/apache2-source-2.0.47-6.4.92mdk.i586.rpm
93c6a24dd9f4af88157e193df63a47c6 9.2/RPMS/libapr0-2.0.47-6.4.92mdk.i586.rpm
7d51dac774f2d887b4856990dc9fd5b1 9.2/SRPMS/apache2-2.0.47-6.4.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
7348baec2a9ee27adb7d3f0b9338a88d amd64/9.2/RPMS/apache2-2.0.47-6.4.92mdk.amd64.rpm
9397b3136c547cd44108572b95a77070 amd64/9.2/RPMS/apache2-common-2.0.47-6.4.92mdk.amd64.rpm
96fb3738db8400f305ec9dcb7d1ac6fa amd64/9.2/RPMS/apache2-devel-2.0.47-6.4.92mdk.amd64.rpm
41e476759a14a345664c23ff41352032 amd64/9.2/RPMS/apache2-manual-2.0.47-6.4.92mdk.amd64.rpm
6e7981bb03b337e006332b3954505353 amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.4.92mdk.amd64.rpm
9ac5aa7d5d4789c405606ffb94c73c27 amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.4.92mdk.amd64.rpm
69f831614c30c05396219c1f005e2a8f amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.4.92mdk.amd64.rpm
732d8e9b68178cff1ff84d461782471c amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.4.92mdk.amd64.rpm
de7d183e50e3f8d1f21b3096e3b673a6 amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.4.92mdk.amd64.rpm
a6e91e4734ced8e5374efaa1f2ca3a4c amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.4.92mdk.amd64.rpm
23efa2aebf4f31a22e039f30f30c13ae amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.4.92mdk.amd64.rpm
ec40d800c099decec00a5aae69b3b703 amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.4.92mdk.amd64.rpm
2fbf446a8c3d9bda09598415cb3c641d amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.4.92mdk.amd64.rpm
c6ab1265bf1ea5c2d34ac42293f5e12c amd64/9.2/RPMS/apache2-modules-2.0.47-6.4.92mdk.amd64.rpm
b1d8ff422f5fd0dd161208018717f0e0 amd64/9.2/RPMS/apache2-source-2.0.47-6.4.92mdk.amd64.rpm
9995904303e6275524baf47b16adbe39 amd64/9.2/RPMS/lib64apr0-2.0.47-6.4.92mdk.amd64.rpm
7d51dac774f2d887b4856990dc9fd5b1 amd64/9.2/SRPMS/apache2-2.0.47-6.4.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesecure.net/en/advisories/
Mandrakesoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAoDJ/mqjQ0CJFipgRAsQVAJsEYlxxTysU87oT7QR/xGZ92VS/4gCeMHqo
g+D3ZxJoS222nPW/1iqLfkE=
=/uFP
-----END PGP SIGNATURE-----