MDKSA-2004:135 - Updated apache2 packages fix request DoS
Date: 17 Nov 2004 16:41:50 -0000
From: Mandrake Linux Security Team <security@linux-mandrake.com.>
To: [email protected]
Subject: MDKSA-2004:135 - Updated apache2 packages fix request DoS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: apache2
Advisory ID: MDKSA-2004:135
Date: November 15th, 2004
Affected versions: 10.0, 10.1, 9.2
______________________________________________________________________
Problem Description:
A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan
Trivedi; he found that by sending a large amount of specially-
crafted HTTP GET requests, a remote attacker could cause a Denial of
Service on the httpd server. This vulnerability is due to improper
enforcement of the field length limit in the header-parsing code.
The updated packages have been patched to prevent this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942
http://xforce.iss.net/xforce/xfdb/17930
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
f59e6d0fc8c92b3ac3d8b39635da3633 10.0/RPMS/apache2-2.0.48-6.8.100mdk.i586.rpm
5592a7be4c4127538a5e0abaf56ddd3d 10.0/RPMS/apache2-common-2.0.48-6.8.100mdk.i586.rpm
c593e119362b4987861ba3e60eadc8d6 10.0/RPMS/apache2-devel-2.0.48-6.8.100mdk.i586.rpm
623e060906c1d42d0b163edc0a3da720 10.0/RPMS/apache2-manual-2.0.48-6.8.100mdk.i586.rpm
45d7ea390fa297e75890745152d7e5ab 10.0/RPMS/apache2-mod_cache-2.0.48-6.8.100mdk.i586.rpm
29f52c3ebd003e2f40b93ebfb9232eb1 10.0/RPMS/apache2-mod_dav-2.0.48-6.8.100mdk.i586.rpm
e10251cb9284c3608246562436dbb810 10.0/RPMS/apache2-mod_deflate-2.0.48-6.8.100mdk.i586.rpm
bbafb2da31fc4f74e0f50daf3837e980 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.8.100mdk.i586.rpm
b4e0fc5f44800be9f533f49b02df98d1 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.8.100mdk.i586.rpm
165ea1b87ebdcb354104119151ef3224 10.0/RPMS/apache2-mod_ldap-2.0.48-6.8.100mdk.i586.rpm
d520e26d61f087fa1fb5a883bc91b55a 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.8.100mdk.i586.rpm
fcd79d7f5311613a55bc7d93a3065bb7 10.0/RPMS/apache2-mod_proxy-2.0.48-6.8.100mdk.i586.rpm
93b11dfa47fd2f50be4aa031ce5e5d31 10.0/RPMS/apache2-mod_ssl-2.0.48-6.8.100mdk.i586.rpm
2a5b02bf2b63f56912939f1fd9c690c9 10.0/RPMS/apache2-modules-2.0.48-6.8.100mdk.i586.rpm
d05928f34f67f97d5299933147005c80 10.0/RPMS/apache2-source-2.0.48-6.8.100mdk.i586.rpm
658a009f02e56daf3ae70ab8eec58da4 10.0/RPMS/libapr0-2.0.48-6.8.100mdk.i586.rpm
8de7f690532038f5efd72c8527d38c4d 10.0/SRPMS/apache2-2.0.48-6.8.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
e7804f074b0dc2801990fc0aef753e54 amd64/10.0/RPMS/apache2-2.0.48-6.8.100mdk.amd64.rpm
c80dba0761efacb3798021b22de8ec2b amd64/10.0/RPMS/apache2-common-2.0.48-6.8.100mdk.amd64.rpm
2a14dfc90d7e4dbbe3ec346608996211 amd64/10.0/RPMS/apache2-devel-2.0.48-6.8.100mdk.amd64.rpm
85755952a6b394088e1951b7156fb2ca amd64/10.0/RPMS/apache2-manual-2.0.48-6.8.100mdk.amd64.rpm
4ff901cbf27d7c931f5b0a66a89cd994 amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.8.100mdk.amd64.rpm
9ec303b8c3b4c35be1ff7c0fce9d3792 amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.8.100mdk.amd64.rpm
6fe45b12fc46724d194bebba4b2f6204 amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.8.100mdk.amd64.rpm
b62d04892bfc7a13aa871c7756069ec5 amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.8.100mdk.amd64.rpm
ca66b434e16a47350fdb8705874e8f4b amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.8.100mdk.amd64.rpm
684c7bc97456a5c2253883254766561f amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.8.100mdk.amd64.rpm
3b7bf8878063d12e0ad475cdb79f3102 amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.8.100mdk.amd64.rpm
116fd17e52822ab212399eb5cdc1f664 amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.8.100mdk.amd64.rpm
a0e901e05ec786161ab047c2392318dd amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.8.100mdk.amd64.rpm
5beaaaf7d348acfd0fb2f78a06982798 amd64/10.0/RPMS/apache2-modules-2.0.48-6.8.100mdk.amd64.rpm
2613e81648633bbbc10f884f1abadb72 amd64/10.0/RPMS/apache2-source-2.0.48-6.8.100mdk.amd64.rpm
457c1e2e15d1928c4a21448d3a61eb79 amd64/10.0/RPMS/lib64apr0-2.0.48-6.8.100mdk.amd64.rpm
8de7f690532038f5efd72c8527d38c4d amd64/10.0/SRPMS/apache2-2.0.48-6.8.100mdk.src.rpm
Mandrakelinux 10.1:
16039f8491bf2fbdd238978e6363d2a9 10.1/RPMS/apache2-2.0.50-7.2.101mdk.i586.rpm
4d6b79af111ab3dafd8329c7bd67fc14 10.1/RPMS/apache2-common-2.0.50-7.2.101mdk.i586.rpm
8dea7dc4b57de4f20bd355c93253473b 10.1/RPMS/apache2-devel-2.0.50-7.2.101mdk.i586.rpm
011decc40287db6e6a379cb341c59919 10.1/RPMS/apache2-manual-2.0.50-7.2.101mdk.i586.rpm
e1e52e7fb5f230e4048933e564b323ed 10.1/RPMS/apache2-mod_cache-2.0.50-7.2.101mdk.i586.rpm
958306ad451ffc8421cc3efa8c659de0 10.1/RPMS/apache2-mod_dav-2.0.50-7.2.101mdk.i586.rpm
d0863e950273d41fd57a4fa64f18eb7e 10.1/RPMS/apache2-mod_deflate-2.0.50-7.2.101mdk.i586.rpm
78dc9759a7eee64ee61f2fd986eb432f 10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.2.101mdk.i586.rpm
029950eaf6594273de25983c6bee9072 10.1/RPMS/apache2-mod_file_cache-2.0.50-7.2.101mdk.i586.rpm
dccac914196bd561e922b1cebc0a6a7f 10.1/RPMS/apache2-mod_ldap-2.0.50-7.2.101mdk.i586.rpm
2a7e89547db4b274577a034bb6867e08 10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.2.101mdk.i586.rpm
8bbe293404cc0994473dd0aa7365998d 10.1/RPMS/apache2-mod_proxy-2.0.50-7.2.101mdk.i586.rpm
1d1b03966960ce3394f6b3194ca3dc41 10.1/RPMS/apache2-modules-2.0.50-7.2.101mdk.i586.rpm
c87789fffe89c9981c3291b6a35a1e05 10.1/RPMS/apache2-source-2.0.50-7.2.101mdk.i586.rpm
089e5a780b8f5e4865a7cbe793eeeddf 10.1/RPMS/apache2-worker-2.0.50-7.2.101mdk.i586.rpm
02d809e58f808c057d785ef4f3f21c14 10.1/SRPMS/apache2-2.0.50-7.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
4fe0c117b8cac54079608155b81c224d x86_64/10.1/RPMS/apache2-2.0.50-7.2.101mdk.x86_64.rpm
24efba0385e75945e5a8ae15890bd77c x86_64/10.1/RPMS/apache2-common-2.0.50-7.2.101mdk.x86_64.rpm
472d4e2cbb9fcaafd7ebd863a6cc89bd x86_64/10.1/RPMS/apache2-devel-2.0.50-7.2.101mdk.x86_64.rpm
ef8986383f71285fd0ec58a0ca93280b x86_64/10.1/RPMS/apache2-manual-2.0.50-7.2.101mdk.x86_64.rpm
c74a80012899ceeacbb7d047cd2dbe8d x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.2.101mdk.x86_64.rpm
be2295b2379419fdc9a03cf6e23a3aab x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.2.101mdk.x86_64.rpm
46ee547ae1c7cd611ded4a5601d51863 x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.2.101mdk.x86_64.rpm
35a7619d714a5c77d890efe53106ccbf x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.2.101mdk.x86_64.rpm
6bb3e3b81f7f23dd21a22d0a53d434a4 x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.2.101mdk.x86_64.rpm
4f669ee2e99a5276fe0bd5d6abff4af2 x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.2.101mdk.x86_64.rpm
1d9c7818cb5f12124c8bba86d834fab4 x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.2.101mdk.x86_64.rpm
de17aaf377740cba7c9aff49cb65a2c3 x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.2.101mdk.x86_64.rpm
e0ae0791e22f3152f7d072545cfb650c x86_64/10.1/RPMS/apache2-modules-2.0.50-7.2.101mdk.x86_64.rpm
7c7559306af15dd4099b378a62831fd2 x86_64/10.1/RPMS/apache2-source-2.0.50-7.2.101mdk.x86_64.rpm
44c0eb326c9ab8079daad071b1c4b7d8 x86_64/10.1/RPMS/apache2-worker-2.0.50-7.2.101mdk.x86_64.rpm
02d809e58f808c057d785ef4f3f21c14 x86_64/10.1/SRPMS/apache2-2.0.50-7.2.101mdk.src.rpm
Mandrakelinux 9.2:
81e826dbbb53f1afd028aaf942ef34fa 9.2/RPMS/apache2-2.0.47-6.12.92mdk.i586.rpm
5eb09aa53c4797127dcaff29a51466e1 9.2/RPMS/apache2-common-2.0.47-6.12.92mdk.i586.rpm
4ae975b3a71f235f571a9416669d33cc 9.2/RPMS/apache2-devel-2.0.47-6.12.92mdk.i586.rpm
aeead62b4b1cde7856abb59973de12f3 9.2/RPMS/apache2-manual-2.0.47-6.12.92mdk.i586.rpm
e507fd59b128eb7695de8e48266856f1 9.2/RPMS/apache2-mod_cache-2.0.47-6.12.92mdk.i586.rpm
a587b79ba673bce2e861983974326401 9.2/RPMS/apache2-mod_dav-2.0.47-6.12.92mdk.i586.rpm
67f29703706ea7186b736557b587b479 9.2/RPMS/apache2-mod_deflate-2.0.47-6.12.92mdk.i586.rpm
9cea90e1f78d730ef2f642156b21e342 9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.12.92mdk.i586.rpm
fb984479331fcdffdd99e7fc6a7171e8 9.2/RPMS/apache2-mod_file_cache-2.0.47-6.12.92mdk.i586.rpm
a60783a916377523c30beee23e89fd71 9.2/RPMS/apache2-mod_ldap-2.0.47-6.12.92mdk.i586.rpm
6bb69cbc91edcc26bfc75db3be69ac24 9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.12.92mdk.i586.rpm
2fd2cb92a11e721263a13acc1a060335 9.2/RPMS/apache2-mod_proxy-2.0.47-6.12.92mdk.i586.rpm
7c378068f81b284dedf9da276316e2cd 9.2/RPMS/apache2-mod_ssl-2.0.47-6.12.92mdk.i586.rpm
dd88112fed3c6f8685b6d189d2dd9fef 9.2/RPMS/apache2-modules-2.0.47-6.12.92mdk.i586.rpm
2822ffc39d200625a4c6ee5b8a82e955 9.2/RPMS/apache2-source-2.0.47-6.12.92mdk.i586.rpm
97506f5f8cdddc345fad3e0b3b9d0114 9.2/RPMS/libapr0-2.0.47-6.12.92mdk.i586.rpm
c91e0454eab442bde69f34e7758ad5e3 9.2/SRPMS/apache2-2.0.47-6.12.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
ffdc84af32a7b7899d59ff8dfc307091 amd64/9.2/RPMS/apache2-2.0.47-6.12.92mdk.amd64.rpm
4599284dcff811b2f020a9cf9165b738 amd64/9.2/RPMS/apache2-common-2.0.47-6.12.92mdk.amd64.rpm
f3e1196c739fd7d5480b0feb035e39d3 amd64/9.2/RPMS/apache2-devel-2.0.47-6.12.92mdk.amd64.rpm
b7be6cec985f47da1a5e13235a7fe936 amd64/9.2/RPMS/apache2-manual-2.0.47-6.12.92mdk.amd64.rpm
c28fc0911d0ce71f2ab7acbd2d2fffaa amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.12.92mdk.amd64.rpm
9cd863be9bf4d75d95e9fba6470fb201 amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.12.92mdk.amd64.rpm
799fc0969241847ee7a1c2de1b00863c amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.12.92mdk.amd64.rpm
085a637a70c683a1d5b9bdca1db4aab5 amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.12.92mdk.amd64.rpm
277f9fe3f0a3c4ae97339b5a7a601d00 amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.12.92mdk.amd64.rpm
ebd239d0bcf564be6f3f72182220129b amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.12.92mdk.amd64.rpm
5212481a4e767c166514388454d6736f amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.12.92mdk.amd64.rpm
37af1d940d37958526585657b00e0828 amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.12.92mdk.amd64.rpm
493f6ea8512ecb0591ca529ed0d322ee amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.12.92mdk.amd64.rpm
da5c26d25fbada62a6059d09617ea47a amd64/9.2/RPMS/apache2-modules-2.0.47-6.12.92mdk.amd64.rpm
b1ddbf6124a02e0174b0090d39488496 amd64/9.2/RPMS/apache2-source-2.0.47-6.12.92mdk.amd64.rpm
cd73c4d51a0b3694b943f231156dceca amd64/9.2/RPMS/lib64apr0-2.0.47-6.12.92mdk.amd64.rpm
c91e0454eab442bde69f34e7758ad5e3 amd64/9.2/SRPMS/apache2-2.0.47-6.12.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBm39OmqjQ0CJFipgRAunbAJ43VXKSFHuI6vsxi+KmNHHho30yOwCfYFTq
gHEToqoAA9nABdJsligZpsg=
=oVcK
-----END PGP SIGNATURE-----