To: [email protected]Subject: [ MDVSA-2008:194 ] apache2
Date: Sat, 13 Sep 2008 15:39:01 -0600
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1KecpZ-0000Lj-73@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:194
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apache2
Date : September 13, 2008
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A cross-site scripting vulnerability was found in the mod_proxy_ftp
module in Apache that allowed remote attackers to inject arbitrary
web script or HTML via wildcards in a pathname in an FTP URI
(CVE-2008-2939).
The updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
cb99d8d30c755c2263624e64a238c97b corporate/3.0/i586/apache2-2.0.48-6.18.C30mdk.i586.rpm
0a6626ff589e99899aea1cb6ba2bb568 corporate/3.0/i586/apache2-common-2.0.48-6.18.C30mdk.i586.rpm
e1a2c5e55038bb1aacf3cef6bbb8fab0 corporate/3.0/i586/apache2-devel-2.0.48-6.18.C30mdk.i586.rpm
b2d0e0bc451473385825fc2388026ae4 corporate/3.0/i586/apache2-manual-2.0.48-6.18.C30mdk.i586.rpm
d78741b6fcab8f07976960b105e02bfe corporate/3.0/i586/apache2-mod_cache-2.0.48-6.18.C30mdk.i586.rpm
290b0f2bca9765f895cdb3a876b122eb corporate/3.0/i586/apache2-mod_dav-2.0.48-6.18.C30mdk.i586.rpm
62565a3e6a93e65aad4d51806a457ed0 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.18.C30mdk.i586.rpm
e33734d21a417e096b80134a228a8907 corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.i586.rpm
14841928e53e8f2133d26707f073cf5a corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.18.C30mdk.i586.rpm
695859dc62af2282917471ba5564efd5 corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.18.C30mdk.i586.rpm
8e0f0388b7e995a622b0b1c055d20167 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.i586.rpm
f798de71bbc16988699156be21fb22cc corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.18.C30mdk.i586.rpm
90d80910a1dad80b21f76234983c4648 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.18.C30mdk.i586.rpm
b294270cd780a9908db877daeaab7fd0 corporate/3.0/i586/apache2-modules-2.0.48-6.18.C30mdk.i586.rpm
16f0e826993f524fb0e14744513cd6bd corporate/3.0/i586/apache2-source-2.0.48-6.18.C30mdk.i586.rpm
7d2e73a5d629b9c8ca467303dc35c041 corporate/3.0/i586/libapr0-2.0.48-6.18.C30mdk.i586.rpm
0e474bcf2388dfa4e9b8eec44af8613a corporate/3.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm
Corporate 3.0/X86_64:
839d73dc124b3effbc26badb04390bd5 corporate/3.0/x86_64/apache2-2.0.48-6.18.C30mdk.x86_64.rpm
b68fc8aad0b43452f922833f0195b080 corporate/3.0/x86_64/apache2-common-2.0.48-6.18.C30mdk.x86_64.rpm
74a1af859a3251b4c3a2922367516c1f corporate/3.0/x86_64/apache2-devel-2.0.48-6.18.C30mdk.x86_64.rpm
4e15a214cfc255906f417af5d51f269a corporate/3.0/x86_64/apache2-manual-2.0.48-6.18.C30mdk.x86_64.rpm
0fe9472b70e6dd39fc737f88d887fe00 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.18.C30mdk.x86_64.rpm
24517b150a1de83c3b83166a1956c7ab corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.18.C30mdk.x86_64.rpm
a6e7688aa8659163a7931a85fc431cdf corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.18.C30mdk.x86_64.rpm
85bd4c5ecce52d0de6a36dd8614c4f26 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.x86_64.rpm
b642855a2edf425463a70cfc5c529114 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.18.C30mdk.x86_64.rpm
5efb348be022e755dc3b96c35e918b7d corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.18.C30mdk.x86_64.rpm
def1cb6a2ee3f4341dd39fd1d007f882 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.x86_64.rpm
fcfd2805b8db60cb457b3c895777a916 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.18.C30mdk.x86_64.rpm
073d91c0d9777658e962014440701ef6 corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.18.C30mdk.x86_64.rpm
ee0bf865aee32c3b1f8eff7d0096e475 corporate/3.0/x86_64/apache2-modules-2.0.48-6.18.C30mdk.x86_64.rpm
6733a938a7d2db502fc06db65743ddc3 corporate/3.0/x86_64/apache2-source-2.0.48-6.18.C30mdk.x86_64.rpm
2b7d2fb2c34fefafff86bde620eca69d corporate/3.0/x86_64/lib64apr0-2.0.48-6.18.C30mdk.x86_64.rpm
0e474bcf2388dfa4e9b8eec44af8613a corporate/3.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm
Multi Network Firewall 2.0:
0767fe397bd9e35301bbb89c38f670ce mnf/2.0/i586/apache2-2.0.48-6.18.C30mdk.i586.rpm
738b0e7514d1e69cc01bc4ebfc191b6f mnf/2.0/i586/apache2-common-2.0.48-6.18.C30mdk.i586.rpm
ddff71afd9d60987ec952f411c017a3a mnf/2.0/i586/apache2-devel-2.0.48-6.18.C30mdk.i586.rpm
2d22c245ef43e13e7fdc62e91a43dc6c mnf/2.0/i586/apache2-manual-2.0.48-6.18.C30mdk.i586.rpm
0d2484f67a8524c40ce8c747bf5902db mnf/2.0/i586/apache2-mod_cache-2.0.48-6.18.C30mdk.i586.rpm
c355dabc05d922129aa7af76fc6fa350 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.18.C30mdk.i586.rpm
624a8f0e66f8536c31d1dda8e48bc790 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.18.C30mdk.i586.rpm
8e8e3da47f17ead30794a37b64e0018a mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.i586.rpm
66c58438edb5928ce3cddcab4f870fdd mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.18.C30mdk.i586.rpm
1c3738bd489905b7e9cea22af4693ab9 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.18.C30mdk.i586.rpm
7d49a07cfa1f06297e64fd60e640c3af mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.i586.rpm
4d4123c3751e6ad0a87b9a7e4683b34e mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.18.C30mdk.i586.rpm
740418f2f1a03bb5588603a2fb3f72db mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.18.C30mdk.i586.rpm
33cd3e8bdab33eeb9a8bc1d5dcf87831 mnf/2.0/i586/apache2-modules-2.0.48-6.18.C30mdk.i586.rpm
adad509aeb921896619eff3208e62ca8 mnf/2.0/i586/apache2-source-2.0.48-6.18.C30mdk.i586.rpm
a9703ad89a3b53677ccc2c4f90aae9bf mnf/2.0/i586/libapr0-2.0.48-6.18.C30mdk.i586.rpm
3e93f31336660bfc08664cb01436559d mnf/2.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIzAh9mqjQ0CJFipgRAvjBAJ9W89EjJMDlaapWkHsLCSFdT2NMJwCfV5u+
5FopksLe1/tYWDe+lrD0sPY=
=SZ7O
-----END PGP SIGNATURE-----