Date: Tue, 19 Jun 2007 17:50:14 -0600
From: [email protected]Subject: [ MDKSA-2007:127 ] - Updated apache packages fix mod_mem_cache issue
To: [email protected]
Reply-To: [email protected]
Message-id: <E1I0nSg-0004Z0-CA@artemis.annvix.ca.>
X-SA-Exim-Connect-IP: 10.0.5.11
X-SA-Exim-Mail-From: [email protected]
X-SA-Exim-Version: 4.2.1 (built Fri, 02 Feb 2007 19:02:33 -0700)
X-SA-Exim-Scanned: Yes (on hades.annvix.org)
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:127
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apache
Date : June 19, 2007
Affected: 2007.1
_______________________________________________________________________
Problem Description:
The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously-used data, which could be
used to obtain potentially sensitive information by unauthorized users.
Updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
df215cfeb60037cfa93256a75127b65a 2007.1/i586/apache-base-2.2.4-6.1mdv2007.1.i586.rpm
6cd861555039d06cd807b376b39650ad 2007.1/i586/apache-devel-2.2.4-6.1mdv2007.1.i586.rpm
9479c5f3735db0cc7f9c66e7ccd1a206 2007.1/i586/apache-htcacheclean-2.2.4-6.1mdv2007.1.i586.rpm
dc12e7ca2fd3733dcd3efb012acad4cc 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.1mdv2007.1.i586.rpm
4535f149502f37cab65aacebd7581471 2007.1/i586/apache-mod_cache-2.2.4-6.1mdv2007.1.i586.rpm
5085f9e8d2aa6e38766efb4a9154d306 2007.1/i586/apache-mod_dav-2.2.4-6.1mdv2007.1.i586.rpm
5ee61567d1288d16ed2307893554b1b7 2007.1/i586/apache-mod_dbd-2.2.4-6.1mdv2007.1.i586.rpm
af13cd68fc98ffbc9e87cb0d65a5cd5b 2007.1/i586/apache-mod_deflate-2.2.4-6.1mdv2007.1.i586.rpm
1e57f2992f30eb325896c5e8782ae2ea 2007.1/i586/apache-mod_disk_cache-2.2.4-6.1mdv2007.1.i586.rpm
1c42fbe45621eaf9ac3feb6f49180340 2007.1/i586/apache-mod_file_cache-2.2.4-6.1mdv2007.1.i586.rpm
84e50eb41ff1ceb96c967220073c245e 2007.1/i586/apache-mod_ldap-2.2.4-6.1mdv2007.1.i586.rpm
d9180cbce5786167ea09c1ec95b6fc7d 2007.1/i586/apache-mod_mem_cache-2.2.4-6.1mdv2007.1.i586.rpm
b4e17906ac249e5b02d31c7ec52cb49d 2007.1/i586/apache-mod_proxy-2.2.4-6.1mdv2007.1.i586.rpm
dfb17e965b455ce2eac1c484364e1471 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.1mdv2007.1.i586.rpm
f9853d6370b283ef32279200770fd13b 2007.1/i586/apache-mod_ssl-2.2.4-6.1mdv2007.1.i586.rpm
27b683c0dbc1ad12c05948d152b551ec 2007.1/i586/apache-mod_userdir-2.2.4-6.1mdv2007.1.i586.rpm
6ecbb209db716ce8ae0f8668f132cf26 2007.1/i586/apache-modules-2.2.4-6.1mdv2007.1.i586.rpm
5946ff0a4c99c9be909c4540cd971c76 2007.1/i586/apache-mpm-event-2.2.4-6.1mdv2007.1.i586.rpm
bfc5894f8f209d4a3acc1b18ede81e4c 2007.1/i586/apache-mpm-itk-2.2.4-6.1mdv2007.1.i586.rpm
c8a70a6a37ad584804399fd5af0b090c 2007.1/i586/apache-mpm-prefork-2.2.4-6.1mdv2007.1.i586.rpm
b59dc391e2e9d696328497c9291784f4 2007.1/i586/apache-mpm-worker-2.2.4-6.1mdv2007.1.i586.rpm
b05a56d0ab3ca75c55fd3f420a716c42 2007.1/i586/apache-source-2.2.4-6.1mdv2007.1.i586.rpm
24487530b467d8135e6ce36fc8cacb99 2007.1/SRPMS/apache-2.2.4-6.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
548305181ded6a4071662fdbbd610e0b 2007.1/x86_64/apache-base-2.2.4-6.1mdv2007.1.x86_64.rpm
ec465046db3e57e2a06904816faa8e2d 2007.1/x86_64/apache-devel-2.2.4-6.1mdv2007.1.x86_64.rpm
791eb1195bd01c52702e6310f032316e 2007.1/x86_64/apache-htcacheclean-2.2.4-6.1mdv2007.1.x86_64.rpm
a0fe2302b171a519255687bf85601ddb 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.1mdv2007.1.x86_64.rpm
9c96d9f32465d62c4404061e4d0012d0 2007.1/x86_64/apache-mod_cache-2.2.4-6.1mdv2007.1.x86_64.rpm
95884e90d15554745bf62c760101994b 2007.1/x86_64/apache-mod_dav-2.2.4-6.1mdv2007.1.x86_64.rpm
7c152275d08a67fb28f4a975fc33c5b4 2007.1/x86_64/apache-mod_dbd-2.2.4-6.1mdv2007.1.x86_64.rpm
490d50a3dc85cffef3a433138620f9c2 2007.1/x86_64/apache-mod_deflate-2.2.4-6.1mdv2007.1.x86_64.rpm
c9a3cc01541535f9bbd02efdd433e81b 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.1mdv2007.1.x86_64.rpm
4e11d73fe34c4686a9e3c7ef2558097e 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.1mdv2007.1.x86_64.rpm
b38388ee91ccbdd853c57619e5320e77 2007.1/x86_64/apache-mod_ldap-2.2.4-6.1mdv2007.1.x86_64.rpm
da76a4efd01613ef08521bcd5be12530 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.1mdv2007.1.x86_64.rpm
9d96a768da7e259fc11a0910eaef928b 2007.1/x86_64/apache-mod_proxy-2.2.4-6.1mdv2007.1.x86_64.rpm
c4f13735ac30fc9f1b25c35c4c94a249 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.1mdv2007.1.x86_64.rpm
8ebbd94f20f1a128ea991b9ead983842 2007.1/x86_64/apache-mod_ssl-2.2.4-6.1mdv2007.1.x86_64.rpm
245e8ce6f31412f7b42add83f0420f83 2007.1/x86_64/apache-mod_userdir-2.2.4-6.1mdv2007.1.x86_64.rpm
45ab84161e1db80129d9ad240893e694 2007.1/x86_64/apache-modules-2.2.4-6.1mdv2007.1.x86_64.rpm
5441fda9615d1fa5b222557ee721988a 2007.1/x86_64/apache-mpm-event-2.2.4-6.1mdv2007.1.x86_64.rpm
dad68718c59d2634e5d5bfa492f46784 2007.1/x86_64/apache-mpm-itk-2.2.4-6.1mdv2007.1.x86_64.rpm
59b064d4490d0996db8aeb1f25a3add9 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.1mdv2007.1.x86_64.rpm
e36d1a4b62f64c4a07027e4ec219e5c4 2007.1/x86_64/apache-mpm-worker-2.2.4-6.1mdv2007.1.x86_64.rpm
bfc9e51db070106e3b0aaa90e7ab3afe 2007.1/x86_64/apache-source-2.2.4-6.1mdv2007.1.x86_64.rpm
24487530b467d8135e6ce36fc8cacb99 2007.1/SRPMS/apache-2.2.4-6.1mdv2007.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGeEF1mqjQ0CJFipgRAk70AKCVARB8sDsHXzyCteiUrQNB4C6HfACgsedy
uzvbMIjWDoMk04wQB/HLLmM=
=4Juv
-----END PGP SIGNATURE-----