From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities
Message-Id: <E1Euh6C-00087c-Oo@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Thu, 05 Jan 2006 19:13:00 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:007
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apache2
Date : January 5, 2006
Affected: 10.1, 10.2, 2006.0
_______________________________________________________________________
Problem Description:
A flaw was discovered in mod_imap when using the Referer directive with
image maps that could be used by a remote attacker to perform a cross-
site scripting attack, in certain site configurations, if a victim
could be forced to visit a malicious URL using certain web browsers
(CVE-2005-3352).
Also, a NULL pointer dereference flaw was found in mod_ssl that affects
server configurations where an SSL virtual host was configured with
access controls and a custom 400 error document. This could allow a
remote attacker to send a carefully crafted request to trigger the
issue and cause a crash, but only with the non-default worker MPM
(CVE-2005-3357).
The provided packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.1:
99d7e03e08f46bb8d2c6246cccc7f03a 10.1/RPMS/apache2-2.0.50-7.6.101mdk.i586.rpm
7338a879c51aad4c89484443c2b806ce 10.1/RPMS/apache2-common-2.0.50-7.6.101mdk.i586.rpm
e016511ca52a8afe34438d8262207768 10.1/RPMS/apache2-devel-2.0.50-7.6.101mdk.i586.rpm
bdebdafd3768e26c0d58ad1fc6cae9ff 10.1/RPMS/apache2-manual-2.0.50-7.6.101mdk.i586.rpm
b9f4c1a36d9e89f41de503b0f8428719 10.1/RPMS/apache2-mod_cache-2.0.50-7.6.101mdk.i586.rpm
7b6411056d388050ef4c98d3c1de3e24 10.1/RPMS/apache2-mod_dav-2.0.50-7.6.101mdk.i586.rpm
fd87e01a054073ab1a1ef9de5bb3ac54 10.1/RPMS/apache2-mod_deflate-2.0.50-7.6.101mdk.i586.rpm
ecf73bf07822403bbae9c453adad28b3 10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.6.101mdk.i586.rpm
7174d7461248d61ae8294406937482f3 10.1/RPMS/apache2-mod_file_cache-2.0.50-7.6.101mdk.i586.rpm
daa7a98f93d00a64bb0a7a52324471cd 10.1/RPMS/apache2-mod_ldap-2.0.50-7.6.101mdk.i586.rpm
68ee307aedbe6af498d87fe112f835dc 10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.6.101mdk.i586.rpm
610525fcf03a696c50192991d0a28c9b 10.1/RPMS/apache2-mod_proxy-2.0.50-7.6.101mdk.i586.rpm
5a2d76582859bc52306c6f22725f2ab7 10.1/RPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.i586.rpm
1749b95a9ad45825cb085f82144794df 10.1/RPMS/apache2-modules-2.0.50-7.6.101mdk.i586.rpm
55a3abf1039dfb0c4d547685b3605fd4 10.1/RPMS/apache2-source-2.0.50-7.6.101mdk.i586.rpm
e7e0c2080af16bc3215ff67a841f6323 10.1/RPMS/apache2-worker-2.0.50-7.6.101mdk.i586.rpm
50bb5f9723f0146fe82d312f7fbeb2cf 10.1/SRPMS/apache2-2.0.50-7.6.101mdk.src.rpm
21c1f068fe82b86e3396b37f7ec96782 10.1/SRPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
43085852f7b6e5a55e4220cbd6493b74 x86_64/10.1/RPMS/apache2-2.0.50-7.6.101mdk.x86_64.rpm
2715904b29d6433d25f6ea35715d5484 x86_64/10.1/RPMS/apache2-common-2.0.50-7.6.101mdk.x86_64.rpm
71828de67a3c26f4061eeebef8e6de2b x86_64/10.1/RPMS/apache2-devel-2.0.50-7.6.101mdk.x86_64.rpm
d37b18f9791c65466e5fafdf0287720e x86_64/10.1/RPMS/apache2-manual-2.0.50-7.6.101mdk.x86_64.rpm
088b8334c6efef6f17a1602be41b6045 x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.6.101mdk.x86_64.rpm
9326eca120d7ac3e71337bad1f85fef0 x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.6.101mdk.x86_64.rpm
36818cef250fc94d074f0fc0f2c6d8c7 x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.6.101mdk.x86_64.rpm
63d37c81fe0b48ccd91d79e4c90dd5ec x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.6.101mdk.x86_64.rpm
f7daa039d6878f063ca97468d9328fa8 x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.6.101mdk.x86_64.rpm
13e394bc675d106270fe8fca27f7acbd x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.6.101mdk.x86_64.rpm
8b1fd1bd22e33a25be158b7e152aba60 x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.6.101mdk.x86_64.rpm
f88328582773c7129bf2a341d9cb88db x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.6.101mdk.x86_64.rpm
62170db76a317250d37884dfd07e3f1c x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.x86_64.rpm
eeedff56c6e4f15df683f9c98f0c7e8c x86_64/10.1/RPMS/apache2-modules-2.0.50-7.6.101mdk.x86_64.rpm
aedf2f9b3ab9b65889546ce8dddb7930 x86_64/10.1/RPMS/apache2-source-2.0.50-7.6.101mdk.x86_64.rpm
99a1557b76f495547ada02c17044b472 x86_64/10.1/RPMS/apache2-worker-2.0.50-7.6.101mdk.x86_64.rpm
50bb5f9723f0146fe82d312f7fbeb2cf x86_64/10.1/SRPMS/apache2-2.0.50-7.6.101mdk.src.rpm
21c1f068fe82b86e3396b37f7ec96782 x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.src.rpm
Mandriva Linux 10.2:
a333c0076408d381172729a3931b17a3 10.2/RPMS/apache2-2.0.53-9.4.102mdk.i586.rpm
7e566b7644bfe3bbb1303f0e37cb628f 10.2/RPMS/apache2-common-2.0.53-9.4.102mdk.i586.rpm
ccd22632bbf16a56a84da384b5305129 10.2/RPMS/apache2-devel-2.0.53-9.4.102mdk.i586.rpm
70a1d15adde5528d7b0f665a3ff417fa 10.2/RPMS/apache2-manual-2.0.53-9.4.102mdk.i586.rpm
493f14509e35e304ddac110c3cddf35e 10.2/RPMS/apache2-mod_cache-2.0.53-9.4.102mdk.i586.rpm
794dddbfe413f7164404a2796c563af6 10.2/RPMS/apache2-mod_dav-2.0.53-9.4.102mdk.i586.rpm
9e99b957feb9c25266783d73a6cead4e 10.2/RPMS/apache2-mod_deflate-2.0.53-9.4.102mdk.i586.rpm
bbea1ff737de001b9e8824ade6464c66 10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.4.102mdk.i586.rpm
df8f7bc21c3c093004af7d6e64d83353 10.2/RPMS/apache2-mod_file_cache-2.0.53-9.4.102mdk.i586.rpm
e206646de8e097a4ddc077592eec6ac2 10.2/RPMS/apache2-mod_ldap-2.0.53-9.4.102mdk.i586.rpm
264d47c6eaae58b7b919926571f0813b 10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.4.102mdk.i586.rpm
5bbdc04926add1d2e0ee25cd84b08416 10.2/RPMS/apache2-mod_proxy-2.0.53-9.4.102mdk.i586.rpm
9812f26d7fc8a7f78fadb5d8d2e4dc76 10.2/RPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.i586.rpm
c944feb9397c469b029a047aca7fe907 10.2/RPMS/apache2-modules-2.0.53-9.4.102mdk.i586.rpm
dc00d356dad2e8859e526b10435376e8 10.2/RPMS/apache2-peruser-2.0.53-9.4.102mdk.i586.rpm
364990940ed6e5c3db23fc8fc1cb88e1 10.2/RPMS/apache2-source-2.0.53-9.4.102mdk.i586.rpm
ed7da603004ed00a9c31c7b2e5740de8 10.2/RPMS/apache2-worker-2.0.53-9.4.102mdk.i586.rpm
c27d53f234ab8c96a69c9c275c6f1f0a 10.2/SRPMS/apache2-2.0.53-9.4.102mdk.src.rpm
2c26a3a648da8cfd2e4bde1c9bc750f0 10.2/SRPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
0fcbb0c7eb9cef2036620ed5c11fbf6f x86_64/10.2/RPMS/apache2-2.0.53-9.4.102mdk.x86_64.rpm
3d102f0fa1141027d29630ea6411ce5a x86_64/10.2/RPMS/apache2-common-2.0.53-9.4.102mdk.x86_64.rpm
ccaa8d4880ea65e7719eee95aa7b90c9 x86_64/10.2/RPMS/apache2-devel-2.0.53-9.4.102mdk.x86_64.rpm
fafc80a0e194e93bd953dcdee0720818 x86_64/10.2/RPMS/apache2-manual-2.0.53-9.4.102mdk.x86_64.rpm
26687c7bfe86b91b42dc07613df73fee x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.4.102mdk.x86_64.rpm
077b06db86a6ab2196438b15aaa31759 x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.4.102mdk.x86_64.rpm
ae41f94f76bff884bd2486de55458baf x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.4.102mdk.x86_64.rpm
6a8189940aa47a10818d9bd719fcc692 x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.4.102mdk.x86_64.rpm
6621cd9d22659033024dcdb02c7e52ba x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.4.102mdk.x86_64.rpm
1fb8e1694f110fd3d1c6dccf876bf41c x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.4.102mdk.x86_64.rpm
91d3a68b8b932631b29476a7a146abfe x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.4.102mdk.x86_64.rpm
adb92885445936c836bc7f13361a90a5 x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.4.102mdk.x86_64.rpm
15e330d09dacde2f4fe20416bc7ecff4 x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.x86_64.rpm
ee60914821883fdbca75ec50b9536929 x86_64/10.2/RPMS/apache2-modules-2.0.53-9.4.102mdk.x86_64.rpm
67ef23ffa11a16c85677d00f92bfec5e x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.4.102mdk.x86_64.rpm
b0a16af065114c3a0331c7e3e992153a x86_64/10.2/RPMS/apache2-source-2.0.53-9.4.102mdk.x86_64.rpm
aa7123321a5aef41c57d9669fa600909 x86_64/10.2/RPMS/apache2-worker-2.0.53-9.4.102mdk.x86_64.rpm
c27d53f234ab8c96a69c9c275c6f1f0a x86_64/10.2/SRPMS/apache2-2.0.53-9.4.102mdk.src.rpm
2c26a3a648da8cfd2e4bde1c9bc750f0 x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.src.rpm
Mandriva Linux 2006.0:
698cc58241479ed3420b7ea05e004caf 2006.0/RPMS/apache-base-2.0.54-13.2.20060mdk.i586.rpm
50b24b5c0b57d8855b12b1df63907a55 2006.0/RPMS/apache-devel-2.0.54-13.2.20060mdk.i586.rpm
d45773a5afbd7e95b8fbf4a5742d7421 2006.0/RPMS/apache-mod_cache-2.0.54-13.2.20060mdk.i586.rpm
1ed0c6065f7ff959fff70886994db98c 2006.0/RPMS/apache-mod_dav-2.0.54-13.2.20060mdk.i586.rpm
11cdcc4a223fdd3d451c17394a4ab19f 2006.0/RPMS/apache-mod_deflate-2.0.54-13.2.20060mdk.i586.rpm
77554cf3457a32465a9977b51f0f8089 2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.2.20060mdk.i586.rpm
d39cefb6075e3de9c459aa97774cd1c0 2006.0/RPMS/apache-mod_file_cache-2.0.54-13.2.20060mdk.i586.rpm
46246bc1f89e93a8cd317079052cad8b 2006.0/RPMS/apache-mod_ldap-2.0.54-13.2.20060mdk.i586.rpm
6059a50db5752ade252619303d179ac9 2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.2.20060mdk.i586.rpm
52eb38740e1753591a2efe1f165c9a52 2006.0/RPMS/apache-mod_proxy-2.0.54-13.2.20060mdk.i586.rpm
c58f95e19b34e5fffaacec10e999c614 2006.0/RPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.i586.rpm
08d836daa888cd101f00c562931d1d96 2006.0/RPMS/apache-modules-2.0.54-13.2.20060mdk.i586.rpm
fcbf7783e8a0959b78308bc0fcb28c66 2006.0/RPMS/apache-mod_userdir-2.0.54-13.2.20060mdk.i586.rpm
44577d0be1ea6dd781310dc6d82b8357 2006.0/RPMS/apache-mpm-peruser-2.0.54-13.2.20060mdk.i586.rpm
2c7c4b9e077fa21d3be5379feb4a1bf5 2006.0/RPMS/apache-mpm-prefork-2.0.54-13.2.20060mdk.i586.rpm
b5194b3fdc57e710f671695a003d7a86 2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.i586.rpm
c15e6970096ec90359fb5f950838c361 2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.i586.rpm
f55dcf60da3a4e0bc6a9c7c22f153e32 2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm
377a0a4c5813cca0cfd1ec6c1be57964 2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
19f2682c0c8ea82d5d053057ebbea331 x86_64/2006.0/RPMS/apache-base-2.0.54-13.2.20060mdk.x86_64.rpm
3b74fc5aef89568e65f512a52056d98c x86_64/2006.0/RPMS/apache-devel-2.0.54-13.2.20060mdk.x86_64.rpm
0573fef90fc16c5507371b57b78b8163 x86_64/2006.0/RPMS/apache-mod_cache-2.0.54-13.2.20060mdk.x86_64.rpm
2322bbe1b74c5ff49d54cc68839e86ce x86_64/2006.0/RPMS/apache-mod_dav-2.0.54-13.2.20060mdk.x86_64.rpm
e318276c19d2d08fafe6f838b459f214 x86_64/2006.0/RPMS/apache-mod_deflate-2.0.54-13.2.20060mdk.x86_64.rpm
109e024c0fc738fd04336f9fe640a704 x86_64/2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.2.20060mdk.x86_64.rpm
bec4ad366bf9a556387f36bd4586ee1f x86_64/2006.0/RPMS/apache-mod_file_cache-2.0.54-13.2.20060mdk.x86_64.rpm
aa3de6fb4e051150b8c7afee465ac079 x86_64/2006.0/RPMS/apache-mod_ldap-2.0.54-13.2.20060mdk.x86_64.rpm
7ee80c338ffee9b2e4bcf942a5b4684a x86_64/2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.2.20060mdk.x86_64.rpm
65da37880faf3811a35ba596fab84245 x86_64/2006.0/RPMS/apache-mod_proxy-2.0.54-13.2.20060mdk.x86_64.rpm
17be071c0d39a17f0f6d4c9ddf051c42 x86_64/2006.0/RPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.x86_64.rpm
b913963f3ffafce4ddf9d87187f5ccf8 x86_64/2006.0/RPMS/apache-modules-2.0.54-13.2.20060mdk.x86_64.rpm
faf591ab4124eedd3b7121595035087a x86_64/2006.0/RPMS/apache-mod_userdir-2.0.54-13.2.20060mdk.x86_64.rpm
533dff0067505fc71673a112719a3891 x86_64/2006.0/RPMS/apache-mpm-peruser-2.0.54-13.2.20060mdk.x86_64.rpm
3ea58408fb222e88d7b819967ec5ecf7 x86_64/2006.0/RPMS/apache-mpm-prefork-2.0.54-13.2.20060mdk.x86_64.rpm
e2dbb1c9a18e5766a08adc3ddb4f1fb6 x86_64/2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.x86_64.rpm
aa027a7ca0870145495edc79c9e3f7cb x86_64/2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.x86_64.rpm
f55dcf60da3a4e0bc6a9c7c22f153e32 x86_64/2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm
377a0a4c5813cca0cfd1ec6c1be57964 x86_64/2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDvaVJmqjQ0CJFipgRAumhAKDP71yr4yV2o8y7Kc28fAfQ7SgSPwCfZ0oH
xg4Z4FlR5dChy37D4YzZA2Y=
=GH6L
-----END PGP SIGNATURE-----