<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:064 - Updated apache2 packages fix DoS vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           apache2
 Advisory ID:            MDKSA-2004:064
 Date:                   June 29th, 2004

 Affected versions:      10.0, 9.1, 9.2
 ______________________________________________________________________

 Problem Description:

 A Denial of Service (Dos) condition was discovered in Apache 2.x by
 George Guninski.  Exploiting this can lead to httpd consuming an
 arbitrary amount of memory.  On 64bit systems with more than 4GB of
 virtual memory, this may also lead to a heap-based overflow.
 
 The updated packages contain a patch from the ASF to correct the problem.
 
 It is recommended that you stop Apache prior to updating and then
 restart it again once the update is complete ("service httpd stop"
 and "service httpd start" respectively).
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493
  http://www.guninski.com/httpd1.html
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 9bb54d1b484935a7d1e9af381434beb0  10.0/RPMS/apache2-2.0.48-6.3.100mdk.i586.rpm
 6c69ce85f0cc2cb2efb3808525481a9f  
10.0/RPMS/apache2-common-2.0.48-6.3.100mdk.i586.rpm
 eb0b725b9087d58ef26c7773c3ec3358  
10.0/RPMS/apache2-devel-2.0.48-6.3.100mdk.i586.rpm
 57c81bd98f97ebb5de1d318221e4777b  
10.0/RPMS/apache2-manual-2.0.48-6.3.100mdk.i586.rpm
 3e56d813ea846d2600494a460e742d30  
10.0/RPMS/apache2-mod_cache-2.0.48-6.3.100mdk.i586.rpm
 43303c57bc88292625d93a80e5f0293f  
10.0/RPMS/apache2-mod_dav-2.0.48-6.3.100mdk.i586.rpm
 fd6affa8f600385ff1b89eb43ddeac7b  
10.0/RPMS/apache2-mod_deflate-2.0.48-6.3.100mdk.i586.rpm
 13c65409ed88deadd4ae7b6066e73abd  
10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.3.100mdk.i586.rpm
 fb07588a3c29b4c6e234f75c2e263166  
10.0/RPMS/apache2-mod_file_cache-2.0.48-6.3.100mdk.i586.rpm
 778cee74e05e04289116189f55e3fb02  
10.0/RPMS/apache2-mod_ldap-2.0.48-6.3.100mdk.i586.rpm
 718e5e96646f5a0e45219ff676ff08bc  
10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.3.100mdk.i586.rpm
 f9166d5b6cba487ac15653b2f40e66a5  
10.0/RPMS/apache2-mod_proxy-2.0.48-6.3.100mdk.i586.rpm
 57f497d60bac7a8af3b295b9cc2d5f16  
10.0/RPMS/apache2-mod_ssl-2.0.48-6.3.100mdk.i586.rpm
 3acbc9fd691245729fc2f4a9e5f6ddd2  
10.0/RPMS/apache2-modules-2.0.48-6.3.100mdk.i586.rpm
 797605516ce3986474b86a5e808c3454  
10.0/RPMS/apache2-source-2.0.48-6.3.100mdk.i586.rpm
 fac0cf3f11bc915f421be058db96d686  10.0/RPMS/libapr0-2.0.48-6.3.100mdk.i586.rpm
 531a3bd6dc8ecf22d120e6555c99f48d  10.0/SRPMS/apache2-2.0.48-6.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 673e83f3846389bc6687f652e92bf150  
amd64/10.0/RPMS/apache2-2.0.48-6.3.100mdk.amd64.rpm
 3c58b22b41a01f1839a3ce591d8f1a19  
amd64/10.0/RPMS/apache2-common-2.0.48-6.3.100mdk.amd64.rpm
 f69956201db2070f958b31540aef480d  
amd64/10.0/RPMS/apache2-devel-2.0.48-6.3.100mdk.amd64.rpm
 e5965b4eeeb576a7362a801acf7a2a96  
amd64/10.0/RPMS/apache2-manual-2.0.48-6.3.100mdk.amd64.rpm
 ff9998b161e406ffe6a6aebd1cd76965  
amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.3.100mdk.amd64.rpm
 08fe6cc58fa46cbd1c9ee68e73bf2002  
amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.3.100mdk.amd64.rpm
 a25ed4716ad4956e023f614d3f4717eb  
amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.3.100mdk.amd64.rpm
 536235b4e03bf9e21d37cda2bb8afb44  
amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.3.100mdk.amd64.rpm
 924cfa3ed08ec0ac840b7db7eed28da6  
amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.3.100mdk.amd64.rpm
 fb91466cbf174169751e4d81aad2ccd2  
amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.3.100mdk.amd64.rpm
 e9796bbf779a74448bf434eac98037f3  
amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.3.100mdk.amd64.rpm
 3ff3d2d978b77a0da075cca96a530f3e  
amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.3.100mdk.amd64.rpm
 ee639f9a9959d0a7dccd1a556a66489e  
amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.3.100mdk.amd64.rpm
 10aec052214fdeadcf952e844c71c051  
amd64/10.0/RPMS/apache2-modules-2.0.48-6.3.100mdk.amd64.rpm
 d0fe5ea4b4bdcc847fa91a0e6f6b43b8  
amd64/10.0/RPMS/apache2-source-2.0.48-6.3.100mdk.amd64.rpm
 e846b7cf47886ebd14990f2f9c8a1e8e  
amd64/10.0/RPMS/lib64apr0-2.0.48-6.3.100mdk.amd64.rpm
 531a3bd6dc8ecf22d120e6555c99f48d  
amd64/10.0/SRPMS/apache2-2.0.48-6.3.100mdk.src.rpm

 Mandrakelinux 9.1:
 632daacb10d694b6be01efd4e003446c  9.1/RPMS/apache2-2.0.47-1.9.91mdk.i586.rpm
 993b18276352c749ea58323f41d1cb59  
9.1/RPMS/apache2-common-2.0.47-1.9.91mdk.i586.rpm
 0c15ad77ca94a242049b2700aee1df36  
9.1/RPMS/apache2-devel-2.0.47-1.9.91mdk.i586.rpm
 60aa855018e0e1229c503b859a2e8399  
9.1/RPMS/apache2-manual-2.0.47-1.9.91mdk.i586.rpm
 f971ab58f2d6068d59371aabf4ac0ac5  
9.1/RPMS/apache2-mod_dav-2.0.47-1.9.91mdk.i586.rpm
 9ecca9cbe9c95c202ac56047bd3e2458  
9.1/RPMS/apache2-mod_ldap-2.0.47-1.9.91mdk.i586.rpm
 8da4c7623ca3ae6666b29f915ce67e4b  
9.1/RPMS/apache2-mod_ssl-2.0.47-1.9.91mdk.i586.rpm
 54cd680d1cbf71c283c5dac67435a9ac  
9.1/RPMS/apache2-modules-2.0.47-1.9.91mdk.i586.rpm
 74b7b28c97f7dc917f51f68d73ffd660  
9.1/RPMS/apache2-source-2.0.47-1.9.91mdk.i586.rpm
 27660567f0c93b8ddf40de9482e51cce  9.1/RPMS/libapr0-2.0.47-1.9.91mdk.i586.rpm
 bc8765b930559918ac1dd559642f52ab  9.1/SRPMS/apache2-2.0.47-1.9.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 fa0bf6f3744cc8630d90daf666e91a84  ppc/9.1/RPMS/apache2-2.0.47-1.9.91mdk.ppc.rpm
 9fde6089d9c964ac7b0f3a35912fceee  
ppc/9.1/RPMS/apache2-common-2.0.47-1.9.91mdk.ppc.rpm
 07c69c9d6cf305e5535733845df5684d  
ppc/9.1/RPMS/apache2-devel-2.0.47-1.9.91mdk.ppc.rpm
 5465e99e1596afdeb6e170d5975ff9f2  
ppc/9.1/RPMS/apache2-manual-2.0.47-1.9.91mdk.ppc.rpm
 48bdacf66f92256b16f41710c9bd0a22  
ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.9.91mdk.ppc.rpm
 3156ae2a328f1866a5a00d5870196327  
ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.9.91mdk.ppc.rpm
 4f98529f9f77dbf85cd18f51f4da7d38  
ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.9.91mdk.ppc.rpm
 fd3984154879738fc6a45386ad960c76  
ppc/9.1/RPMS/apache2-modules-2.0.47-1.9.91mdk.ppc.rpm
 6710fe0b4009c11ae4b4dad85990306a  
ppc/9.1/RPMS/apache2-source-2.0.47-1.9.91mdk.ppc.rpm
 e1caf4904920b91ab82ee0a411b4bbc9  ppc/9.1/RPMS/libapr0-2.0.47-1.9.91mdk.ppc.rpm
 bc8765b930559918ac1dd559642f52ab  
ppc/9.1/SRPMS/apache2-2.0.47-1.9.91mdk.src.rpm

 Mandrakelinux 9.2:
 3c3a320e9a3bac42fa59aa8af7662217  9.2/RPMS/apache2-2.0.47-6.6.92mdk.i586.rpm
 768363c2bac1751e91ea5a1d86b9d053  
9.2/RPMS/apache2-common-2.0.47-6.6.92mdk.i586.rpm
 54cd20b20723d1f4be8ed89a2cb21256  
9.2/RPMS/apache2-devel-2.0.47-6.6.92mdk.i586.rpm
 73bad4b96d5d06c8561decbc0f05ba60  
9.2/RPMS/apache2-manual-2.0.47-6.6.92mdk.i586.rpm
 49101ee9dcc265f2af805f5949c7d475  
9.2/RPMS/apache2-mod_cache-2.0.47-6.6.92mdk.i586.rpm
 a1bc780b6315d15468517541bb12c931  
9.2/RPMS/apache2-mod_dav-2.0.47-6.6.92mdk.i586.rpm
 120b1c6c8d4e610bb943079339a39abc  
9.2/RPMS/apache2-mod_deflate-2.0.47-6.6.92mdk.i586.rpm
 4aabc893a3b4eae844bc52be172fa235  
9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.6.92mdk.i586.rpm
 c40dafc718fccf55cdcb8f8912e31ebf  
9.2/RPMS/apache2-mod_file_cache-2.0.47-6.6.92mdk.i586.rpm
 30b5e609115d728e22611af0af7fc53a  
9.2/RPMS/apache2-mod_ldap-2.0.47-6.6.92mdk.i586.rpm
 e207aef3f2ace93c1a447de6a809fafd  
9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.6.92mdk.i586.rpm
 2b316ee7a4e1a14fdb1289528bf9cbe6  
9.2/RPMS/apache2-mod_proxy-2.0.47-6.6.92mdk.i586.rpm
 a24e786add8f637b1e1db021faf3cbe7  
9.2/RPMS/apache2-mod_ssl-2.0.47-6.6.92mdk.i586.rpm
 f71278ed5ee3d9054b8817829895d6c4  
9.2/RPMS/apache2-modules-2.0.47-6.6.92mdk.i586.rpm
 c55d38587e4806256ea5c1c3ff831a7b  
9.2/RPMS/apache2-source-2.0.47-6.6.92mdk.i586.rpm
 9bea7cc13b17d13809e9adb3c0ca3903  9.2/RPMS/libapr0-2.0.47-6.6.92mdk.i586.rpm
 982201cb7edca8782b7d9e1804943266  9.2/SRPMS/apache2-2.0.47-6.6.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 f3af83a8c2072870b757ba08e6c6561c  
amd64/9.2/RPMS/apache2-2.0.47-6.6.92mdk.amd64.rpm
 606390b3cf67bf72f82b4491fd93e32d  
amd64/9.2/RPMS/apache2-common-2.0.47-6.6.92mdk.amd64.rpm
 2c66f2a6f9a3d904a0aef33d8e3bf276  
amd64/9.2/RPMS/apache2-devel-2.0.47-6.6.92mdk.amd64.rpm
 ee88e6043f58ae4c5a46a780fd9169b0  
amd64/9.2/RPMS/apache2-manual-2.0.47-6.6.92mdk.amd64.rpm
 113d08c2533bda842050fe4b6fec44c4  
amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.6.92mdk.amd64.rpm
 555215d073c58cbf81e7611d43a1b83f  
amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.6.92mdk.amd64.rpm
 b0646857acd3046ea2eacee3a4a3042f  
amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.6.92mdk.amd64.rpm
 23272a4e750380a33f2937fc8e9a1acc  
amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.6.92mdk.amd64.rpm
 2e81028f0ef25338bcb598478dd1ede0  
amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.6.92mdk.amd64.rpm
 55f72e980e2ae7cf281372cce125ba1e  
amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.6.92mdk.amd64.rpm
 72f7dd0cc33096e5449c90b9729fec01  
amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.6.92mdk.amd64.rpm
 f02cecf1ae9c11218166b5a52687c37c  
amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.6.92mdk.amd64.rpm
 a2c94f2d1f0e9206c9c4d62918aa1620  
amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.6.92mdk.amd64.rpm
 99d6479faab168fd76a8a978073cd62c  
amd64/9.2/RPMS/apache2-modules-2.0.47-6.6.92mdk.amd64.rpm
 686eb9bdd2581fb41d4da968eebe4af3  
amd64/9.2/RPMS/apache2-source-2.0.47-6.6.92mdk.amd64.rpm
 2ba622adc7aea5213aa8944f4201f46a  
amd64/9.2/RPMS/lib64apr0-2.0.47-6.6.92mdk.amd64.rpm
 982201cb7edca8782b7d9e1804943266  
amd64/9.2/SRPMS/apache2-2.0.47-6.6.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFA4fa3mqjQ0CJFipgRAtrUAKC8+oxtHuYRQ+tNtlTLhroOMktXuQCbB3Ny
I0rXXQqrJi4dRY8VscTwYEI=
=rLEo
-----END PGP SIGNATURE-----