From: Mandriva Security Team <xsecurity@mandriva.com.>
To: [email protected]Subject: MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities
Message-Id: <E1Ev3oG-0000qT-N1@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Fri, 06 Jan 2006 19:28:00 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:009
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apache2-mod_auth_pgsql
Date : January 6, 2006
Affected: 10.1, 10.2, 2006.0
_______________________________________________________________________
Problem Description:
iDefense discovered several format string vulnerabilities in the way
that mod_auth_pgsql logs information which could potentially be used
by a remote attacker to execute arbitrary code as the apache user if
mod_auth_pgsql is used for user authentication.
The provided packages have been patched to prevent this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3656
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.1:
5fd1e2329146f2c03845fe516acaa123 10.1/RPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.i586.rpm
c7cfefd7de46d13ee74f25e35f2fd76a 10.1/SRPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
631ed3b26fddd6f5198d4a33aa31326c x86_64/10.1/RPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.x86_64.rpm
c7cfefd7de46d13ee74f25e35f2fd76a x86_64/10.1/SRPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm
Mandriva Linux 10.2:
477fd516e48926f13a66cc0a92366598 10.2/RPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.i586.rpm
12baf2fcd6739141f29c4f6000f83e28 10.2/SRPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
7d5ba837da8f1681587c431fe219f9fa x86_64/10.2/RPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.x86_64.rpm
12baf2fcd6739141f29c4f6000f83e28 x86_64/10.2/SRPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.src.rpm
Mandriva Linux 2006.0:
abe116d3afce2e1dd6c29a4a922ecf0a 2006.0/RPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.i586.rpm
c6755d865f6de4cf51a9f6918798aafc 2006.0/SRPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
a8e95a35a1eda50cc392193496c15721 x86_64/2006.0/RPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.x86_64.rpm
c6755d865f6de4cf51a9f6918798aafc x86_64/2006.0/SRPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDvvqymqjQ0CJFipgRAl5jAJwInb6yP+dO/9iXRdSeJxETV3Li+wCg7glF
tYByE5LQ2FHucxwe8fXvt2A=
=DB3Z
-----END PGP SIGNATURE-----