<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:065 - Updated apache packages fix buffer overflow vulnerability in mod_proxy



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           apache
 Advisory ID:            MDKSA-2004:065
 Date:                   June 29th, 2004

 Affected versions:      10.0, 9.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A buffer overflow vulnerability was found by George Guninski in
 Apache's mod_proxy module, which can be exploited by a remote user
 to potentially execute arbitrary code with the privileges of an
 httpd child process (user apache).  This can only be exploited,
 however, if mod_proxy is actually in use.
 
 It is recommended that you stop Apache prior to updating and then
 restart it again once the update is complete ("service httpd stop"
 and "service httpd start" respectively).
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492
  http://www.guninski.com/modproxy1.html
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 3c7630ddf9e8e8a87fb0a4b16717c86d  10.0/RPMS/apache-1.3.29-1.2.100mdk.i586.rpm
 d450542efae157588cf02fcfb7ce18bd  
10.0/RPMS/apache-devel-1.3.29-1.2.100mdk.i586.rpm
 ebec3b55ec6d2b1db7756a5a71b19fd3  
10.0/RPMS/apache-modules-1.3.29-1.2.100mdk.i586.rpm
 8a718d665b832ca4a79b0fcd8ab911f0  
10.0/RPMS/apache-source-1.3.29-1.2.100mdk.i586.rpm
 2e659040e210fa92b2ad5458cbd2227f  10.0/SRPMS/apache-1.3.29-1.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 3965ed52ddb399405a96d5ef5c1c9b80  
amd64/10.0/RPMS/apache-1.3.29-1.2.100mdk.amd64.rpm
 0efc45ba61377eb7ad257d7fed8eccf1  
amd64/10.0/RPMS/apache-devel-1.3.29-1.2.100mdk.amd64.rpm
 7a7e8c0d0c49825e91419cfc43461099  
amd64/10.0/RPMS/apache-modules-1.3.29-1.2.100mdk.amd64.rpm
 2455fa5f7a3c9c39575d203cb336b527  
amd64/10.0/RPMS/apache-source-1.3.29-1.2.100mdk.amd64.rpm
 2e659040e210fa92b2ad5458cbd2227f  
amd64/10.0/SRPMS/apache-1.3.29-1.2.100mdk.src.rpm

 Corporate Server 2.1:
 7ee272946f5933718ed052f2a8ea3a5c  
corporate/2.1/RPMS/apache-1.3.26-7.2.C21mdk.i586.rpm
 bd1586af647cc0bd29b474c213d0d1d6  
corporate/2.1/RPMS/apache-common-1.3.26-7.2.C21mdk.i586.rpm
 84c2fce310207060141864a65d6e18ea  
corporate/2.1/RPMS/apache-devel-1.3.26-7.2.C21mdk.i586.rpm
 ea3badd6c5f97eae2c77497662c3f588  
corporate/2.1/RPMS/apache-manual-1.3.26-7.2.C21mdk.i586.rpm
 0f7b7fbf3e826250a21e246225e750b9  
corporate/2.1/RPMS/apache-modules-1.3.26-7.2.C21mdk.i586.rpm
 2e52cbec6e2b6dd60b9792854c1cc323  
corporate/2.1/RPMS/apache-source-1.3.26-7.2.C21mdk.i586.rpm
 c80aef846628f4a4d7baf59722c3ebea  
corporate/2.1/SRPMS/apache-1.3.26-7.2.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 e08cece5bbc816e7e0e17297bc6feec9  
x86_64/corporate/2.1/RPMS/apache-1.3.26-7.2.C21mdk.x86_64.rpm
 e15d6518f1a98094232ee91545031d8c  
x86_64/corporate/2.1/RPMS/apache-common-1.3.26-7.2.C21mdk.x86_64.rpm
 71d81d5fbc9e1e1e7aa1d53c16a427ff  
x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-7.2.C21mdk.x86_64.rpm
 6208b9d0f0858b92108ec7c05e34fa0d  
x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-7.2.C21mdk.x86_64.rpm
 4c18d17a03140eb76c5b7159030ca67d  
x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-7.2.C21mdk.x86_64.rpm
 80bb1c5f6e7a41ccdf77fbc74ec91a9f  
x86_64/corporate/2.1/RPMS/apache-source-1.3.26-7.2.C21mdk.x86_64.rpm
 c80aef846628f4a4d7baf59722c3ebea  
x86_64/corporate/2.1/SRPMS/apache-1.3.26-7.2.C21mdk.src.rpm

 Mandrakelinux 9.1:
 0f24006e8ff29fbaa2e9e48d95e9e493  9.1/RPMS/apache-1.3.27-8.3.91mdk.i586.rpm
 b8ee1b7b773b4399ae10f57860180b79  
9.1/RPMS/apache-devel-1.3.27-8.3.91mdk.i586.rpm
 5ef66d25cfc031c10eab53f2907b15dd  
9.1/RPMS/apache-modules-1.3.27-8.3.91mdk.i586.rpm
 85528359234a3d5a118893c480f20862  
9.1/RPMS/apache-source-1.3.27-8.3.91mdk.i586.rpm
 5353af41517365b5007cac19508eee37  9.1/SRPMS/apache-1.3.27-8.3.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 38d721f0c30b824e268f54eea437e8a9  ppc/9.1/RPMS/apache-1.3.27-8.3.91mdk.ppc.rpm
 fc2349a3a233209c95f85bb9f18da270  
ppc/9.1/RPMS/apache-devel-1.3.27-8.3.91mdk.ppc.rpm
 9448f73715ffbb2a3a9a0415dfaa2745  
ppc/9.1/RPMS/apache-modules-1.3.27-8.3.91mdk.ppc.rpm
 2d68de368b93897ba2f2675490ad838e  
ppc/9.1/RPMS/apache-source-1.3.27-8.3.91mdk.ppc.rpm
 5353af41517365b5007cac19508eee37  ppc/9.1/SRPMS/apache-1.3.27-8.3.91mdk.src.rpm

 Mandrakelinux 9.2:
 9635d7e327fd8bee822a4bbbb3a56da0  9.2/RPMS/apache-1.3.28-3.3.92mdk.i586.rpm
 ce3a540397e2c0a77650a47a91c8619a  
9.2/RPMS/apache-devel-1.3.28-3.3.92mdk.i586.rpm
 5389d198986e1714ebb6a0e687dce0f0  
9.2/RPMS/apache-modules-1.3.28-3.3.92mdk.i586.rpm
 ce34d1cc91996c84f12189580ae6dafd  
9.2/RPMS/apache-source-1.3.28-3.3.92mdk.i586.rpm
 908ea9a964fec711bc25fbc7b7e9dc0f  9.2/SRPMS/apache-1.3.28-3.3.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 dee14b276676f203fceb1ca658876d24  
amd64/9.2/RPMS/apache-1.3.28-3.3.92mdk.amd64.rpm
 4750abf196f44eb4aff051c4113a07a4  
amd64/9.2/RPMS/apache-devel-1.3.28-3.3.92mdk.amd64.rpm
 c0eb375d43f0bad4ae8e4d4b121c72af  
amd64/9.2/RPMS/apache-modules-1.3.28-3.3.92mdk.amd64.rpm
 75307fd56c0260e77399c46730506bd8  
amd64/9.2/RPMS/apache-source-1.3.28-3.3.92mdk.amd64.rpm
 908ea9a964fec711bc25fbc7b7e9dc0f  
amd64/9.2/SRPMS/apache-1.3.28-3.3.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFA4ffTmqjQ0CJFipgRAlhhAKCiL3x4ky36IOmPxdRwn17UI/rrugCfcjOZ
tOR0bKodwHzWnRnb0sP3fBk=
=rAKF
-----END PGP SIGNATURE-----