MDKSA-2004:135 - Updated apache2 packages fix request DoS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: apache2
Advisory ID: MDKSA-2004:135
Date: November 15th, 2004
Affected versions: 10.0, 10.1, 9.2
______________________________________________________________________
Problem Description:
A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan
Trivedi; he found that by sending a large amount of specially-
crafted HTTP GET requests, a remote attacker could cause a Denial of
Service on the httpd server. This vulnerability is due to improper
enforcement of the field length limit in the header-parsing code.
The updated packages have been patched to prevent this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942
http://xforce.iss.net/xforce/xfdb/17930
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
f59e6d0fc8c92b3ac3d8b39635da3633 10.0/RPMS/apache2-2.0.48-6.8.100mdk.i586.rpm
5592a7be4c4127538a5e0abaf56ddd3d
10.0/RPMS/apache2-common-2.0.48-6.8.100mdk.i586.rpm
c593e119362b4987861ba3e60eadc8d6
10.0/RPMS/apache2-devel-2.0.48-6.8.100mdk.i586.rpm
623e060906c1d42d0b163edc0a3da720
10.0/RPMS/apache2-manual-2.0.48-6.8.100mdk.i586.rpm
45d7ea390fa297e75890745152d7e5ab
10.0/RPMS/apache2-mod_cache-2.0.48-6.8.100mdk.i586.rpm
29f52c3ebd003e2f40b93ebfb9232eb1
10.0/RPMS/apache2-mod_dav-2.0.48-6.8.100mdk.i586.rpm
e10251cb9284c3608246562436dbb810
10.0/RPMS/apache2-mod_deflate-2.0.48-6.8.100mdk.i586.rpm
bbafb2da31fc4f74e0f50daf3837e980
10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.8.100mdk.i586.rpm
b4e0fc5f44800be9f533f49b02df98d1
10.0/RPMS/apache2-mod_file_cache-2.0.48-6.8.100mdk.i586.rpm
165ea1b87ebdcb354104119151ef3224
10.0/RPMS/apache2-mod_ldap-2.0.48-6.8.100mdk.i586.rpm
d520e26d61f087fa1fb5a883bc91b55a
10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.8.100mdk.i586.rpm
fcd79d7f5311613a55bc7d93a3065bb7
10.0/RPMS/apache2-mod_proxy-2.0.48-6.8.100mdk.i586.rpm
93b11dfa47fd2f50be4aa031ce5e5d31
10.0/RPMS/apache2-mod_ssl-2.0.48-6.8.100mdk.i586.rpm
2a5b02bf2b63f56912939f1fd9c690c9
10.0/RPMS/apache2-modules-2.0.48-6.8.100mdk.i586.rpm
d05928f34f67f97d5299933147005c80
10.0/RPMS/apache2-source-2.0.48-6.8.100mdk.i586.rpm
658a009f02e56daf3ae70ab8eec58da4 10.0/RPMS/libapr0-2.0.48-6.8.100mdk.i586.rpm
8de7f690532038f5efd72c8527d38c4d 10.0/SRPMS/apache2-2.0.48-6.8.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
e7804f074b0dc2801990fc0aef753e54
amd64/10.0/RPMS/apache2-2.0.48-6.8.100mdk.amd64.rpm
c80dba0761efacb3798021b22de8ec2b
amd64/10.0/RPMS/apache2-common-2.0.48-6.8.100mdk.amd64.rpm
2a14dfc90d7e4dbbe3ec346608996211
amd64/10.0/RPMS/apache2-devel-2.0.48-6.8.100mdk.amd64.rpm
85755952a6b394088e1951b7156fb2ca
amd64/10.0/RPMS/apache2-manual-2.0.48-6.8.100mdk.amd64.rpm
4ff901cbf27d7c931f5b0a66a89cd994
amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.8.100mdk.amd64.rpm
9ec303b8c3b4c35be1ff7c0fce9d3792
amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.8.100mdk.amd64.rpm
6fe45b12fc46724d194bebba4b2f6204
amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.8.100mdk.amd64.rpm
b62d04892bfc7a13aa871c7756069ec5
amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.8.100mdk.amd64.rpm
ca66b434e16a47350fdb8705874e8f4b
amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.8.100mdk.amd64.rpm
684c7bc97456a5c2253883254766561f
amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.8.100mdk.amd64.rpm
3b7bf8878063d12e0ad475cdb79f3102
amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.8.100mdk.amd64.rpm
116fd17e52822ab212399eb5cdc1f664
amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.8.100mdk.amd64.rpm
a0e901e05ec786161ab047c2392318dd
amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.8.100mdk.amd64.rpm
5beaaaf7d348acfd0fb2f78a06982798
amd64/10.0/RPMS/apache2-modules-2.0.48-6.8.100mdk.amd64.rpm
2613e81648633bbbc10f884f1abadb72
amd64/10.0/RPMS/apache2-source-2.0.48-6.8.100mdk.amd64.rpm
457c1e2e15d1928c4a21448d3a61eb79
amd64/10.0/RPMS/lib64apr0-2.0.48-6.8.100mdk.amd64.rpm
8de7f690532038f5efd72c8527d38c4d
amd64/10.0/SRPMS/apache2-2.0.48-6.8.100mdk.src.rpm
Mandrakelinux 10.1:
16039f8491bf2fbdd238978e6363d2a9 10.1/RPMS/apache2-2.0.50-7.2.101mdk.i586.rpm
4d6b79af111ab3dafd8329c7bd67fc14
10.1/RPMS/apache2-common-2.0.50-7.2.101mdk.i586.rpm
8dea7dc4b57de4f20bd355c93253473b
10.1/RPMS/apache2-devel-2.0.50-7.2.101mdk.i586.rpm
011decc40287db6e6a379cb341c59919
10.1/RPMS/apache2-manual-2.0.50-7.2.101mdk.i586.rpm
e1e52e7fb5f230e4048933e564b323ed
10.1/RPMS/apache2-mod_cache-2.0.50-7.2.101mdk.i586.rpm
958306ad451ffc8421cc3efa8c659de0
10.1/RPMS/apache2-mod_dav-2.0.50-7.2.101mdk.i586.rpm
d0863e950273d41fd57a4fa64f18eb7e
10.1/RPMS/apache2-mod_deflate-2.0.50-7.2.101mdk.i586.rpm
78dc9759a7eee64ee61f2fd986eb432f
10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.2.101mdk.i586.rpm
029950eaf6594273de25983c6bee9072
10.1/RPMS/apache2-mod_file_cache-2.0.50-7.2.101mdk.i586.rpm
dccac914196bd561e922b1cebc0a6a7f
10.1/RPMS/apache2-mod_ldap-2.0.50-7.2.101mdk.i586.rpm
2a7e89547db4b274577a034bb6867e08
10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.2.101mdk.i586.rpm
8bbe293404cc0994473dd0aa7365998d
10.1/RPMS/apache2-mod_proxy-2.0.50-7.2.101mdk.i586.rpm
1d1b03966960ce3394f6b3194ca3dc41
10.1/RPMS/apache2-modules-2.0.50-7.2.101mdk.i586.rpm
c87789fffe89c9981c3291b6a35a1e05
10.1/RPMS/apache2-source-2.0.50-7.2.101mdk.i586.rpm
089e5a780b8f5e4865a7cbe793eeeddf
10.1/RPMS/apache2-worker-2.0.50-7.2.101mdk.i586.rpm
02d809e58f808c057d785ef4f3f21c14 10.1/SRPMS/apache2-2.0.50-7.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
4fe0c117b8cac54079608155b81c224d
x86_64/10.1/RPMS/apache2-2.0.50-7.2.101mdk.x86_64.rpm
24efba0385e75945e5a8ae15890bd77c
x86_64/10.1/RPMS/apache2-common-2.0.50-7.2.101mdk.x86_64.rpm
472d4e2cbb9fcaafd7ebd863a6cc89bd
x86_64/10.1/RPMS/apache2-devel-2.0.50-7.2.101mdk.x86_64.rpm
ef8986383f71285fd0ec58a0ca93280b
x86_64/10.1/RPMS/apache2-manual-2.0.50-7.2.101mdk.x86_64.rpm
c74a80012899ceeacbb7d047cd2dbe8d
x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.2.101mdk.x86_64.rpm
be2295b2379419fdc9a03cf6e23a3aab
x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.2.101mdk.x86_64.rpm
46ee547ae1c7cd611ded4a5601d51863
x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.2.101mdk.x86_64.rpm
35a7619d714a5c77d890efe53106ccbf
x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.2.101mdk.x86_64.rpm
6bb3e3b81f7f23dd21a22d0a53d434a4
x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.2.101mdk.x86_64.rpm
4f669ee2e99a5276fe0bd5d6abff4af2
x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.2.101mdk.x86_64.rpm
1d9c7818cb5f12124c8bba86d834fab4
x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.2.101mdk.x86_64.rpm
de17aaf377740cba7c9aff49cb65a2c3
x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.2.101mdk.x86_64.rpm
e0ae0791e22f3152f7d072545cfb650c
x86_64/10.1/RPMS/apache2-modules-2.0.50-7.2.101mdk.x86_64.rpm
7c7559306af15dd4099b378a62831fd2
x86_64/10.1/RPMS/apache2-source-2.0.50-7.2.101mdk.x86_64.rpm
44c0eb326c9ab8079daad071b1c4b7d8
x86_64/10.1/RPMS/apache2-worker-2.0.50-7.2.101mdk.x86_64.rpm
02d809e58f808c057d785ef4f3f21c14
x86_64/10.1/SRPMS/apache2-2.0.50-7.2.101mdk.src.rpm
Mandrakelinux 9.2:
81e826dbbb53f1afd028aaf942ef34fa 9.2/RPMS/apache2-2.0.47-6.12.92mdk.i586.rpm
5eb09aa53c4797127dcaff29a51466e1
9.2/RPMS/apache2-common-2.0.47-6.12.92mdk.i586.rpm
4ae975b3a71f235f571a9416669d33cc
9.2/RPMS/apache2-devel-2.0.47-6.12.92mdk.i586.rpm
aeead62b4b1cde7856abb59973de12f3
9.2/RPMS/apache2-manual-2.0.47-6.12.92mdk.i586.rpm
e507fd59b128eb7695de8e48266856f1
9.2/RPMS/apache2-mod_cache-2.0.47-6.12.92mdk.i586.rpm
a587b79ba673bce2e861983974326401
9.2/RPMS/apache2-mod_dav-2.0.47-6.12.92mdk.i586.rpm
67f29703706ea7186b736557b587b479
9.2/RPMS/apache2-mod_deflate-2.0.47-6.12.92mdk.i586.rpm
9cea90e1f78d730ef2f642156b21e342
9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.12.92mdk.i586.rpm
fb984479331fcdffdd99e7fc6a7171e8
9.2/RPMS/apache2-mod_file_cache-2.0.47-6.12.92mdk.i586.rpm
a60783a916377523c30beee23e89fd71
9.2/RPMS/apache2-mod_ldap-2.0.47-6.12.92mdk.i586.rpm
6bb69cbc91edcc26bfc75db3be69ac24
9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.12.92mdk.i586.rpm
2fd2cb92a11e721263a13acc1a060335
9.2/RPMS/apache2-mod_proxy-2.0.47-6.12.92mdk.i586.rpm
7c378068f81b284dedf9da276316e2cd
9.2/RPMS/apache2-mod_ssl-2.0.47-6.12.92mdk.i586.rpm
dd88112fed3c6f8685b6d189d2dd9fef
9.2/RPMS/apache2-modules-2.0.47-6.12.92mdk.i586.rpm
2822ffc39d200625a4c6ee5b8a82e955
9.2/RPMS/apache2-source-2.0.47-6.12.92mdk.i586.rpm
97506f5f8cdddc345fad3e0b3b9d0114 9.2/RPMS/libapr0-2.0.47-6.12.92mdk.i586.rpm
c91e0454eab442bde69f34e7758ad5e3 9.2/SRPMS/apache2-2.0.47-6.12.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
ffdc84af32a7b7899d59ff8dfc307091
amd64/9.2/RPMS/apache2-2.0.47-6.12.92mdk.amd64.rpm
4599284dcff811b2f020a9cf9165b738
amd64/9.2/RPMS/apache2-common-2.0.47-6.12.92mdk.amd64.rpm
f3e1196c739fd7d5480b0feb035e39d3
amd64/9.2/RPMS/apache2-devel-2.0.47-6.12.92mdk.amd64.rpm
b7be6cec985f47da1a5e13235a7fe936
amd64/9.2/RPMS/apache2-manual-2.0.47-6.12.92mdk.amd64.rpm
c28fc0911d0ce71f2ab7acbd2d2fffaa
amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.12.92mdk.amd64.rpm
9cd863be9bf4d75d95e9fba6470fb201
amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.12.92mdk.amd64.rpm
799fc0969241847ee7a1c2de1b00863c
amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.12.92mdk.amd64.rpm
085a637a70c683a1d5b9bdca1db4aab5
amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.12.92mdk.amd64.rpm
277f9fe3f0a3c4ae97339b5a7a601d00
amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.12.92mdk.amd64.rpm
ebd239d0bcf564be6f3f72182220129b
amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.12.92mdk.amd64.rpm
5212481a4e767c166514388454d6736f
amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.12.92mdk.amd64.rpm
37af1d940d37958526585657b00e0828
amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.12.92mdk.amd64.rpm
493f6ea8512ecb0591ca529ed0d322ee
amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.12.92mdk.amd64.rpm
da5c26d25fbada62a6059d09617ea47a
amd64/9.2/RPMS/apache2-modules-2.0.47-6.12.92mdk.amd64.rpm
b1ddbf6124a02e0174b0090d39488496
amd64/9.2/RPMS/apache2-source-2.0.47-6.12.92mdk.amd64.rpm
cd73c4d51a0b3694b943f231156dceca
amd64/9.2/RPMS/lib64apr0-2.0.47-6.12.92mdk.amd64.rpm
c91e0454eab442bde69f34e7758ad5e3
amd64/9.2/SRPMS/apache2-2.0.47-6.12.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBm39OmqjQ0CJFipgRAunbAJ43VXKSFHuI6vsxi+KmNHHho30yOwCfYFTq
gHEToqoAA9nABdJsligZpsg=
=oVcK
-----END PGP SIGNATURE-----