<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:043 - Updated apache2 packages fixes a denial of service vulnerability in mod_ssl



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           apache2
 Advisory ID:            MDKSA-2004:043
 Date:                   May 10th, 2004

 Affected versions:      10.0, 9.1, 9.2
 ______________________________________________________________________

 Problem Description:

 A memory leak in mod_ssl in the Apache HTTP Server prior to version           
 2.0.49 allows a remote denial of service attack against an SSL-enabled
 server. 
 
 The updated packages provide a patched mod_ssl to correct these
 problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 532c951a2e856a199362407bbd720bea  10.0/RPMS/apache2-2.0.48-6.1.100mdk.i586.rpm
 aaf7818ed49d7eea93cd8be9bafc9604  
10.0/RPMS/apache2-common-2.0.48-6.1.100mdk.i586.rpm
 42e8e3361a2870ae5c764bee2334d3d2  
10.0/RPMS/apache2-devel-2.0.48-6.1.100mdk.i586.rpm
 93974a49c89c02483887bdbd80108ab2  
10.0/RPMS/apache2-manual-2.0.48-6.1.100mdk.i586.rpm
 ba37cf3b1997eb9449a7b1639c495afe  
10.0/RPMS/apache2-mod_cache-2.0.48-6.1.100mdk.i586.rpm
 16a6141a93fb829f491daf60860f5666  
10.0/RPMS/apache2-mod_dav-2.0.48-6.1.100mdk.i586.rpm
 6a8d97f4e4ac74aad25483b22fad95fc  
10.0/RPMS/apache2-mod_deflate-2.0.48-6.1.100mdk.i586.rpm
 1827a1ecf6250cb6d31c2613ad810463  
10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.1.100mdk.i586.rpm
 5ef4c065e071275a9b291e483b3986e5  
10.0/RPMS/apache2-mod_file_cache-2.0.48-6.1.100mdk.i586.rpm
 9c863cb5101db085b9955824bd452092  
10.0/RPMS/apache2-mod_ldap-2.0.48-6.1.100mdk.i586.rpm
 677d50bcfd6400e2d599a0f6076b68af  
10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.1.100mdk.i586.rpm
 b76151c0bedac4f608617ed2af18abf4  
10.0/RPMS/apache2-mod_proxy-2.0.48-6.1.100mdk.i586.rpm
 e2adf66af1c6741fb2054197c2dbd6a6  
10.0/RPMS/apache2-mod_ssl-2.0.48-6.1.100mdk.i586.rpm
 7a27537ef71bc4d5c54625b060dbedf5  
10.0/RPMS/apache2-modules-2.0.48-6.1.100mdk.i586.rpm
 62e878523dc30fa0eb026b89d53c1194  
10.0/RPMS/apache2-source-2.0.48-6.1.100mdk.i586.rpm
 2a6c31fcaeb7bd382b2014c0e26e7aa1  10.0/RPMS/libapr0-2.0.48-6.1.100mdk.i586.rpm
 10f0202c416df685f75cdf2e9e17371e  10.0/SRPMS/apache2-2.0.48-6.1.100mdk.src.rpm

 Mandrakelinux 9.1:
 224e5dda94a7a7dab82d79f6c46396a8  9.1/RPMS/apache2-2.0.47-1.7.91mdk.i586.rpm
 22968f6ad5b25bff2642ad28021fc4af  
9.1/RPMS/apache2-common-2.0.47-1.7.91mdk.i586.rpm
 f1f68cdc9b7b7d0c54147dc3bf6640fa  
9.1/RPMS/apache2-devel-2.0.47-1.7.91mdk.i586.rpm
 0be71b125b03073f6488f36169559c47  
9.1/RPMS/apache2-manual-2.0.47-1.7.91mdk.i586.rpm
 1ce19c65a7934dfb5fa62ed2115351eb  
9.1/RPMS/apache2-mod_dav-2.0.47-1.7.91mdk.i586.rpm
 7887a7082207cce69fcc2ced053a4044  
9.1/RPMS/apache2-mod_ldap-2.0.47-1.7.91mdk.i586.rpm
 4e719e3ec078fe05b6b58916baf311eb  
9.1/RPMS/apache2-mod_ssl-2.0.47-1.7.91mdk.i586.rpm
 1908bcc959a702a9d7265dc3116a6ead  
9.1/RPMS/apache2-modules-2.0.47-1.7.91mdk.i586.rpm
 5817db5654c325471219ec4b3c98ccf4  
9.1/RPMS/apache2-source-2.0.47-1.7.91mdk.i586.rpm
 fcbc8d2e20e477aa0b63bb6a7e67c55b  9.1/RPMS/libapr0-2.0.47-1.7.91mdk.i586.rpm
 3a63938eae592a0437fb76f64c7efd60  9.1/SRPMS/apache2-2.0.47-1.7.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 b55c0dfd5a5d90ebc2e536c90d20ccf1  ppc/9.1/RPMS/apache2-2.0.47-1.7.91mdk.ppc.rpm
 49400d29d0f7589bbd26f0ae3c4c689d  
ppc/9.1/RPMS/apache2-common-2.0.47-1.7.91mdk.ppc.rpm
 b07803b544d4e001976229d21fbc531e  
ppc/9.1/RPMS/apache2-devel-2.0.47-1.7.91mdk.ppc.rpm
 1fb08c4e5db906dc378b2f1c4899ea33  
ppc/9.1/RPMS/apache2-manual-2.0.47-1.7.91mdk.ppc.rpm
 fda663af745d7ad64279e9572dae211e  
ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.7.91mdk.ppc.rpm
 d4de598464a6428923de3043ffa0c2a6  
ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.7.91mdk.ppc.rpm
 2105ce6164a02e459bb3eeeb07f3c8dd  
ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.7.91mdk.ppc.rpm
 65b7f816e1931d238675d24b8395c610  
ppc/9.1/RPMS/apache2-modules-2.0.47-1.7.91mdk.ppc.rpm
 b1857e8f6b90546a8f0e1640e5af378d  
ppc/9.1/RPMS/apache2-source-2.0.47-1.7.91mdk.ppc.rpm
 68860abfbb9e7ebd1454feebf2b261dd  ppc/9.1/RPMS/libapr0-2.0.47-1.7.91mdk.ppc.rpm
 3a63938eae592a0437fb76f64c7efd60  
ppc/9.1/SRPMS/apache2-2.0.47-1.7.91mdk.src.rpm

 Mandrakelinux 9.2:
 789a99411d67d1ce4ea4476739fe8f05  9.2/RPMS/apache2-2.0.47-6.4.92mdk.i586.rpm
 4a69dbc249db52654ce08c458bb12590  
9.2/RPMS/apache2-common-2.0.47-6.4.92mdk.i586.rpm
 e637e85cf0e7d26a3db224ca275873d4  
9.2/RPMS/apache2-devel-2.0.47-6.4.92mdk.i586.rpm
 aeba5b682e253a78068a7ee65de2f66c  
9.2/RPMS/apache2-manual-2.0.47-6.4.92mdk.i586.rpm
 81d435af697858141a8fabc90b33ae26  
9.2/RPMS/apache2-mod_cache-2.0.47-6.4.92mdk.i586.rpm
 b893135ff384838c0a349ea2eac4d3de  
9.2/RPMS/apache2-mod_dav-2.0.47-6.4.92mdk.i586.rpm
 9a20ef3b0904bf445b3ece28b7080164  
9.2/RPMS/apache2-mod_deflate-2.0.47-6.4.92mdk.i586.rpm
 ddec306b01653022bc65631bf05e5fde  
9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.4.92mdk.i586.rpm
 ffd1676b2b7b86846634979f4b168859  
9.2/RPMS/apache2-mod_file_cache-2.0.47-6.4.92mdk.i586.rpm
 bac512f8f990400ad0dbef903b38448b  
9.2/RPMS/apache2-mod_ldap-2.0.47-6.4.92mdk.i586.rpm
 7eda96296894a887d4d7618a24dc5aec  
9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.4.92mdk.i586.rpm
 6a79afc9bd5f1850be2bd82d244d8ccb  
9.2/RPMS/apache2-mod_proxy-2.0.47-6.4.92mdk.i586.rpm
 61972ba631c361f0e3f0863a26001d20  
9.2/RPMS/apache2-mod_ssl-2.0.47-6.4.92mdk.i586.rpm
 d97100f8181716eeb5d2ab4d20bb8bc1  
9.2/RPMS/apache2-modules-2.0.47-6.4.92mdk.i586.rpm
 08905fea2a078dbb36f953c17f334dce  
9.2/RPMS/apache2-source-2.0.47-6.4.92mdk.i586.rpm
 93c6a24dd9f4af88157e193df63a47c6  9.2/RPMS/libapr0-2.0.47-6.4.92mdk.i586.rpm
 7d51dac774f2d887b4856990dc9fd5b1  9.2/SRPMS/apache2-2.0.47-6.4.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 7348baec2a9ee27adb7d3f0b9338a88d  
amd64/9.2/RPMS/apache2-2.0.47-6.4.92mdk.amd64.rpm
 9397b3136c547cd44108572b95a77070  
amd64/9.2/RPMS/apache2-common-2.0.47-6.4.92mdk.amd64.rpm
 96fb3738db8400f305ec9dcb7d1ac6fa  
amd64/9.2/RPMS/apache2-devel-2.0.47-6.4.92mdk.amd64.rpm
 41e476759a14a345664c23ff41352032  
amd64/9.2/RPMS/apache2-manual-2.0.47-6.4.92mdk.amd64.rpm
 6e7981bb03b337e006332b3954505353  
amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.4.92mdk.amd64.rpm
 9ac5aa7d5d4789c405606ffb94c73c27  
amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.4.92mdk.amd64.rpm
 69f831614c30c05396219c1f005e2a8f  
amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.4.92mdk.amd64.rpm
 732d8e9b68178cff1ff84d461782471c  
amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.4.92mdk.amd64.rpm
 de7d183e50e3f8d1f21b3096e3b673a6  
amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.4.92mdk.amd64.rpm
 a6e91e4734ced8e5374efaa1f2ca3a4c  
amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.4.92mdk.amd64.rpm
 23efa2aebf4f31a22e039f30f30c13ae  
amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.4.92mdk.amd64.rpm
 ec40d800c099decec00a5aae69b3b703  
amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.4.92mdk.amd64.rpm
 2fbf446a8c3d9bda09598415cb3c641d  
amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.4.92mdk.amd64.rpm
 c6ab1265bf1ea5c2d34ac42293f5e12c  
amd64/9.2/RPMS/apache2-modules-2.0.47-6.4.92mdk.amd64.rpm
 b1d8ff422f5fd0dd161208018717f0e0  
amd64/9.2/RPMS/apache2-source-2.0.47-6.4.92mdk.amd64.rpm
 9995904303e6275524baf47b16adbe39  
amd64/9.2/RPMS/lib64apr0-2.0.47-6.4.92mdk.amd64.rpm
 7d51dac774f2d887b4856990dc9fd5b1  
amd64/9.2/SRPMS/apache2-2.0.47-6.4.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAoDJ/mqjQ0CJFipgRAsQVAJsEYlxxTysU87oT7QR/xGZ92VS/4gCeMHqo
g+D3ZxJoS222nPW/1iqLfkE=
=/uFP
-----END PGP SIGNATURE-----