Date: 29 Jun 2004 23:09:43 -0000
From: Mandrake Linux Security Team <[email protected]>
To: [email protected]Subject: MDKSA-2004:064 - Updated apache2 packages fix DoS vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: apache2
Advisory ID: MDKSA-2004:064
Date: June 29th, 2004
Affected versions: 10.0, 9.1, 9.2
______________________________________________________________________
Problem Description:
A Denial of Service (Dos) condition was discovered in Apache 2.x by
George Guninski. Exploiting this can lead to httpd consuming an
arbitrary amount of memory. On 64bit systems with more than 4GB of
virtual memory, this may also lead to a heap-based overflow.
The updated packages contain a patch from the ASF to correct the problem.
It is recommended that you stop Apache prior to updating and then
restart it again once the update is complete ("service httpd stop"
and "service httpd start" respectively).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493http://www.guninski.com/httpd1.html
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
9bb54d1b484935a7d1e9af381434beb0 10.0/RPMS/apache2-2.0.48-6.3.100mdk.i586.rpm
6c69ce85f0cc2cb2efb3808525481a9f 10.0/RPMS/apache2-common-2.0.48-6.3.100mdk.i586.rpm
eb0b725b9087d58ef26c7773c3ec3358 10.0/RPMS/apache2-devel-2.0.48-6.3.100mdk.i586.rpm
57c81bd98f97ebb5de1d318221e4777b 10.0/RPMS/apache2-manual-2.0.48-6.3.100mdk.i586.rpm
3e56d813ea846d2600494a460e742d30 10.0/RPMS/apache2-mod_cache-2.0.48-6.3.100mdk.i586.rpm
43303c57bc88292625d93a80e5f0293f 10.0/RPMS/apache2-mod_dav-2.0.48-6.3.100mdk.i586.rpm
fd6affa8f600385ff1b89eb43ddeac7b 10.0/RPMS/apache2-mod_deflate-2.0.48-6.3.100mdk.i586.rpm
13c65409ed88deadd4ae7b6066e73abd 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.3.100mdk.i586.rpm
fb07588a3c29b4c6e234f75c2e263166 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.3.100mdk.i586.rpm
778cee74e05e04289116189f55e3fb02 10.0/RPMS/apache2-mod_ldap-2.0.48-6.3.100mdk.i586.rpm
718e5e96646f5a0e45219ff676ff08bc 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.3.100mdk.i586.rpm
f9166d5b6cba487ac15653b2f40e66a5 10.0/RPMS/apache2-mod_proxy-2.0.48-6.3.100mdk.i586.rpm
57f497d60bac7a8af3b295b9cc2d5f16 10.0/RPMS/apache2-mod_ssl-2.0.48-6.3.100mdk.i586.rpm
3acbc9fd691245729fc2f4a9e5f6ddd2 10.0/RPMS/apache2-modules-2.0.48-6.3.100mdk.i586.rpm
797605516ce3986474b86a5e808c3454 10.0/RPMS/apache2-source-2.0.48-6.3.100mdk.i586.rpm
fac0cf3f11bc915f421be058db96d686 10.0/RPMS/libapr0-2.0.48-6.3.100mdk.i586.rpm
531a3bd6dc8ecf22d120e6555c99f48d 10.0/SRPMS/apache2-2.0.48-6.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
673e83f3846389bc6687f652e92bf150 amd64/10.0/RPMS/apache2-2.0.48-6.3.100mdk.amd64.rpm
3c58b22b41a01f1839a3ce591d8f1a19 amd64/10.0/RPMS/apache2-common-2.0.48-6.3.100mdk.amd64.rpm
f69956201db2070f958b31540aef480d amd64/10.0/RPMS/apache2-devel-2.0.48-6.3.100mdk.amd64.rpm
e5965b4eeeb576a7362a801acf7a2a96 amd64/10.0/RPMS/apache2-manual-2.0.48-6.3.100mdk.amd64.rpm
ff9998b161e406ffe6a6aebd1cd76965 amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.3.100mdk.amd64.rpm
08fe6cc58fa46cbd1c9ee68e73bf2002 amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.3.100mdk.amd64.rpm
a25ed4716ad4956e023f614d3f4717eb amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.3.100mdk.amd64.rpm
536235b4e03bf9e21d37cda2bb8afb44 amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.3.100mdk.amd64.rpm
924cfa3ed08ec0ac840b7db7eed28da6 amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.3.100mdk.amd64.rpm
fb91466cbf174169751e4d81aad2ccd2 amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.3.100mdk.amd64.rpm
e9796bbf779a74448bf434eac98037f3 amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.3.100mdk.amd64.rpm
3ff3d2d978b77a0da075cca96a530f3e amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.3.100mdk.amd64.rpm
ee639f9a9959d0a7dccd1a556a66489e amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.3.100mdk.amd64.rpm
10aec052214fdeadcf952e844c71c051 amd64/10.0/RPMS/apache2-modules-2.0.48-6.3.100mdk.amd64.rpm
d0fe5ea4b4bdcc847fa91a0e6f6b43b8 amd64/10.0/RPMS/apache2-source-2.0.48-6.3.100mdk.amd64.rpm
e846b7cf47886ebd14990f2f9c8a1e8e amd64/10.0/RPMS/lib64apr0-2.0.48-6.3.100mdk.amd64.rpm
531a3bd6dc8ecf22d120e6555c99f48d amd64/10.0/SRPMS/apache2-2.0.48-6.3.100mdk.src.rpm
Mandrakelinux 9.1:
632daacb10d694b6be01efd4e003446c 9.1/RPMS/apache2-2.0.47-1.9.91mdk.i586.rpm
993b18276352c749ea58323f41d1cb59 9.1/RPMS/apache2-common-2.0.47-1.9.91mdk.i586.rpm
0c15ad77ca94a242049b2700aee1df36 9.1/RPMS/apache2-devel-2.0.47-1.9.91mdk.i586.rpm
60aa855018e0e1229c503b859a2e8399 9.1/RPMS/apache2-manual-2.0.47-1.9.91mdk.i586.rpm
f971ab58f2d6068d59371aabf4ac0ac5 9.1/RPMS/apache2-mod_dav-2.0.47-1.9.91mdk.i586.rpm
9ecca9cbe9c95c202ac56047bd3e2458 9.1/RPMS/apache2-mod_ldap-2.0.47-1.9.91mdk.i586.rpm
8da4c7623ca3ae6666b29f915ce67e4b 9.1/RPMS/apache2-mod_ssl-2.0.47-1.9.91mdk.i586.rpm
54cd680d1cbf71c283c5dac67435a9ac 9.1/RPMS/apache2-modules-2.0.47-1.9.91mdk.i586.rpm
74b7b28c97f7dc917f51f68d73ffd660 9.1/RPMS/apache2-source-2.0.47-1.9.91mdk.i586.rpm
27660567f0c93b8ddf40de9482e51cce 9.1/RPMS/libapr0-2.0.47-1.9.91mdk.i586.rpm
bc8765b930559918ac1dd559642f52ab 9.1/SRPMS/apache2-2.0.47-1.9.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
fa0bf6f3744cc8630d90daf666e91a84 ppc/9.1/RPMS/apache2-2.0.47-1.9.91mdk.ppc.rpm
9fde6089d9c964ac7b0f3a35912fceee ppc/9.1/RPMS/apache2-common-2.0.47-1.9.91mdk.ppc.rpm
07c69c9d6cf305e5535733845df5684d ppc/9.1/RPMS/apache2-devel-2.0.47-1.9.91mdk.ppc.rpm
5465e99e1596afdeb6e170d5975ff9f2 ppc/9.1/RPMS/apache2-manual-2.0.47-1.9.91mdk.ppc.rpm
48bdacf66f92256b16f41710c9bd0a22 ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.9.91mdk.ppc.rpm
3156ae2a328f1866a5a00d5870196327 ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.9.91mdk.ppc.rpm
4f98529f9f77dbf85cd18f51f4da7d38 ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.9.91mdk.ppc.rpm
fd3984154879738fc6a45386ad960c76 ppc/9.1/RPMS/apache2-modules-2.0.47-1.9.91mdk.ppc.rpm
6710fe0b4009c11ae4b4dad85990306a ppc/9.1/RPMS/apache2-source-2.0.47-1.9.91mdk.ppc.rpm
e1caf4904920b91ab82ee0a411b4bbc9 ppc/9.1/RPMS/libapr0-2.0.47-1.9.91mdk.ppc.rpm
bc8765b930559918ac1dd559642f52ab ppc/9.1/SRPMS/apache2-2.0.47-1.9.91mdk.src.rpm
Mandrakelinux 9.2:
3c3a320e9a3bac42fa59aa8af7662217 9.2/RPMS/apache2-2.0.47-6.6.92mdk.i586.rpm
768363c2bac1751e91ea5a1d86b9d053 9.2/RPMS/apache2-common-2.0.47-6.6.92mdk.i586.rpm
54cd20b20723d1f4be8ed89a2cb21256 9.2/RPMS/apache2-devel-2.0.47-6.6.92mdk.i586.rpm
73bad4b96d5d06c8561decbc0f05ba60 9.2/RPMS/apache2-manual-2.0.47-6.6.92mdk.i586.rpm
49101ee9dcc265f2af805f5949c7d475 9.2/RPMS/apache2-mod_cache-2.0.47-6.6.92mdk.i586.rpm
a1bc780b6315d15468517541bb12c931 9.2/RPMS/apache2-mod_dav-2.0.47-6.6.92mdk.i586.rpm
120b1c6c8d4e610bb943079339a39abc 9.2/RPMS/apache2-mod_deflate-2.0.47-6.6.92mdk.i586.rpm
4aabc893a3b4eae844bc52be172fa235 9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.6.92mdk.i586.rpm
c40dafc718fccf55cdcb8f8912e31ebf 9.2/RPMS/apache2-mod_file_cache-2.0.47-6.6.92mdk.i586.rpm
30b5e609115d728e22611af0af7fc53a 9.2/RPMS/apache2-mod_ldap-2.0.47-6.6.92mdk.i586.rpm
e207aef3f2ace93c1a447de6a809fafd 9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.6.92mdk.i586.rpm
2b316ee7a4e1a14fdb1289528bf9cbe6 9.2/RPMS/apache2-mod_proxy-2.0.47-6.6.92mdk.i586.rpm
a24e786add8f637b1e1db021faf3cbe7 9.2/RPMS/apache2-mod_ssl-2.0.47-6.6.92mdk.i586.rpm
f71278ed5ee3d9054b8817829895d6c4 9.2/RPMS/apache2-modules-2.0.47-6.6.92mdk.i586.rpm
c55d38587e4806256ea5c1c3ff831a7b 9.2/RPMS/apache2-source-2.0.47-6.6.92mdk.i586.rpm
9bea7cc13b17d13809e9adb3c0ca3903 9.2/RPMS/libapr0-2.0.47-6.6.92mdk.i586.rpm
982201cb7edca8782b7d9e1804943266 9.2/SRPMS/apache2-2.0.47-6.6.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
f3af83a8c2072870b757ba08e6c6561c amd64/9.2/RPMS/apache2-2.0.47-6.6.92mdk.amd64.rpm
606390b3cf67bf72f82b4491fd93e32d amd64/9.2/RPMS/apache2-common-2.0.47-6.6.92mdk.amd64.rpm
2c66f2a6f9a3d904a0aef33d8e3bf276 amd64/9.2/RPMS/apache2-devel-2.0.47-6.6.92mdk.amd64.rpm
ee88e6043f58ae4c5a46a780fd9169b0 amd64/9.2/RPMS/apache2-manual-2.0.47-6.6.92mdk.amd64.rpm
113d08c2533bda842050fe4b6fec44c4 amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.6.92mdk.amd64.rpm
555215d073c58cbf81e7611d43a1b83f amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.6.92mdk.amd64.rpm
b0646857acd3046ea2eacee3a4a3042f amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.6.92mdk.amd64.rpm
23272a4e750380a33f2937fc8e9a1acc amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.6.92mdk.amd64.rpm
2e81028f0ef25338bcb598478dd1ede0 amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.6.92mdk.amd64.rpm
55f72e980e2ae7cf281372cce125ba1e amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.6.92mdk.amd64.rpm
72f7dd0cc33096e5449c90b9729fec01 amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.6.92mdk.amd64.rpm
f02cecf1ae9c11218166b5a52687c37c amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.6.92mdk.amd64.rpm
a2c94f2d1f0e9206c9c4d62918aa1620 amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.6.92mdk.amd64.rpm
99d6479faab168fd76a8a978073cd62c amd64/9.2/RPMS/apache2-modules-2.0.47-6.6.92mdk.amd64.rpm
686eb9bdd2581fb41d4da968eebe4af3 amd64/9.2/RPMS/apache2-source-2.0.47-6.6.92mdk.amd64.rpm
2ba622adc7aea5213aa8944f4201f46a amd64/9.2/RPMS/lib64apr0-2.0.47-6.6.92mdk.amd64.rpm
982201cb7edca8782b7d9e1804943266 amd64/9.2/SRPMS/apache2-2.0.47-6.6.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFA4fa3mqjQ0CJFipgRAtrUAKC8+oxtHuYRQ+tNtlTLhroOMktXuQCbB3Ny
I0rXXQqrJi4dRY8VscTwYEI=
=rLEo
-----END PGP SIGNATURE-----