MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:007
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apache2
Date : January 5, 2006
Affected: 10.1, 10.2, 2006.0
_______________________________________________________________________
Problem Description:
A flaw was discovered in mod_imap when using the Referer directive with
image maps that could be used by a remote attacker to perform a cross-
site scripting attack, in certain site configurations, if a victim
could be forced to visit a malicious URL using certain web browsers
(CVE-2005-3352).
Also, a NULL pointer dereference flaw was found in mod_ssl that affects
server configurations where an SSL virtual host was configured with
access controls and a custom 400 error document. This could allow a
remote attacker to send a carefully crafted request to trigger the
issue and cause a crash, but only with the non-default worker MPM
(CVE-2005-3357).
The provided packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.1:
99d7e03e08f46bb8d2c6246cccc7f03a 10.1/RPMS/apache2-2.0.50-7.6.101mdk.i586.rpm
7338a879c51aad4c89484443c2b806ce
10.1/RPMS/apache2-common-2.0.50-7.6.101mdk.i586.rpm
e016511ca52a8afe34438d8262207768
10.1/RPMS/apache2-devel-2.0.50-7.6.101mdk.i586.rpm
bdebdafd3768e26c0d58ad1fc6cae9ff
10.1/RPMS/apache2-manual-2.0.50-7.6.101mdk.i586.rpm
b9f4c1a36d9e89f41de503b0f8428719
10.1/RPMS/apache2-mod_cache-2.0.50-7.6.101mdk.i586.rpm
7b6411056d388050ef4c98d3c1de3e24
10.1/RPMS/apache2-mod_dav-2.0.50-7.6.101mdk.i586.rpm
fd87e01a054073ab1a1ef9de5bb3ac54
10.1/RPMS/apache2-mod_deflate-2.0.50-7.6.101mdk.i586.rpm
ecf73bf07822403bbae9c453adad28b3
10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.6.101mdk.i586.rpm
7174d7461248d61ae8294406937482f3
10.1/RPMS/apache2-mod_file_cache-2.0.50-7.6.101mdk.i586.rpm
daa7a98f93d00a64bb0a7a52324471cd
10.1/RPMS/apache2-mod_ldap-2.0.50-7.6.101mdk.i586.rpm
68ee307aedbe6af498d87fe112f835dc
10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.6.101mdk.i586.rpm
610525fcf03a696c50192991d0a28c9b
10.1/RPMS/apache2-mod_proxy-2.0.50-7.6.101mdk.i586.rpm
5a2d76582859bc52306c6f22725f2ab7
10.1/RPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.i586.rpm
1749b95a9ad45825cb085f82144794df
10.1/RPMS/apache2-modules-2.0.50-7.6.101mdk.i586.rpm
55a3abf1039dfb0c4d547685b3605fd4
10.1/RPMS/apache2-source-2.0.50-7.6.101mdk.i586.rpm
e7e0c2080af16bc3215ff67a841f6323
10.1/RPMS/apache2-worker-2.0.50-7.6.101mdk.i586.rpm
50bb5f9723f0146fe82d312f7fbeb2cf 10.1/SRPMS/apache2-2.0.50-7.6.101mdk.src.rpm
21c1f068fe82b86e3396b37f7ec96782
10.1/SRPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
43085852f7b6e5a55e4220cbd6493b74
x86_64/10.1/RPMS/apache2-2.0.50-7.6.101mdk.x86_64.rpm
2715904b29d6433d25f6ea35715d5484
x86_64/10.1/RPMS/apache2-common-2.0.50-7.6.101mdk.x86_64.rpm
71828de67a3c26f4061eeebef8e6de2b
x86_64/10.1/RPMS/apache2-devel-2.0.50-7.6.101mdk.x86_64.rpm
d37b18f9791c65466e5fafdf0287720e
x86_64/10.1/RPMS/apache2-manual-2.0.50-7.6.101mdk.x86_64.rpm
088b8334c6efef6f17a1602be41b6045
x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.6.101mdk.x86_64.rpm
9326eca120d7ac3e71337bad1f85fef0
x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.6.101mdk.x86_64.rpm
36818cef250fc94d074f0fc0f2c6d8c7
x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.6.101mdk.x86_64.rpm
63d37c81fe0b48ccd91d79e4c90dd5ec
x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.6.101mdk.x86_64.rpm
f7daa039d6878f063ca97468d9328fa8
x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.6.101mdk.x86_64.rpm
13e394bc675d106270fe8fca27f7acbd
x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.6.101mdk.x86_64.rpm
8b1fd1bd22e33a25be158b7e152aba60
x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.6.101mdk.x86_64.rpm
f88328582773c7129bf2a341d9cb88db
x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.6.101mdk.x86_64.rpm
62170db76a317250d37884dfd07e3f1c
x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.x86_64.rpm
eeedff56c6e4f15df683f9c98f0c7e8c
x86_64/10.1/RPMS/apache2-modules-2.0.50-7.6.101mdk.x86_64.rpm
aedf2f9b3ab9b65889546ce8dddb7930
x86_64/10.1/RPMS/apache2-source-2.0.50-7.6.101mdk.x86_64.rpm
99a1557b76f495547ada02c17044b472
x86_64/10.1/RPMS/apache2-worker-2.0.50-7.6.101mdk.x86_64.rpm
50bb5f9723f0146fe82d312f7fbeb2cf
x86_64/10.1/SRPMS/apache2-2.0.50-7.6.101mdk.src.rpm
21c1f068fe82b86e3396b37f7ec96782
x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.src.rpm
Mandriva Linux 10.2:
a333c0076408d381172729a3931b17a3 10.2/RPMS/apache2-2.0.53-9.4.102mdk.i586.rpm
7e566b7644bfe3bbb1303f0e37cb628f
10.2/RPMS/apache2-common-2.0.53-9.4.102mdk.i586.rpm
ccd22632bbf16a56a84da384b5305129
10.2/RPMS/apache2-devel-2.0.53-9.4.102mdk.i586.rpm
70a1d15adde5528d7b0f665a3ff417fa
10.2/RPMS/apache2-manual-2.0.53-9.4.102mdk.i586.rpm
493f14509e35e304ddac110c3cddf35e
10.2/RPMS/apache2-mod_cache-2.0.53-9.4.102mdk.i586.rpm
794dddbfe413f7164404a2796c563af6
10.2/RPMS/apache2-mod_dav-2.0.53-9.4.102mdk.i586.rpm
9e99b957feb9c25266783d73a6cead4e
10.2/RPMS/apache2-mod_deflate-2.0.53-9.4.102mdk.i586.rpm
bbea1ff737de001b9e8824ade6464c66
10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.4.102mdk.i586.rpm
df8f7bc21c3c093004af7d6e64d83353
10.2/RPMS/apache2-mod_file_cache-2.0.53-9.4.102mdk.i586.rpm
e206646de8e097a4ddc077592eec6ac2
10.2/RPMS/apache2-mod_ldap-2.0.53-9.4.102mdk.i586.rpm
264d47c6eaae58b7b919926571f0813b
10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.4.102mdk.i586.rpm
5bbdc04926add1d2e0ee25cd84b08416
10.2/RPMS/apache2-mod_proxy-2.0.53-9.4.102mdk.i586.rpm
9812f26d7fc8a7f78fadb5d8d2e4dc76
10.2/RPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.i586.rpm
c944feb9397c469b029a047aca7fe907
10.2/RPMS/apache2-modules-2.0.53-9.4.102mdk.i586.rpm
dc00d356dad2e8859e526b10435376e8
10.2/RPMS/apache2-peruser-2.0.53-9.4.102mdk.i586.rpm
364990940ed6e5c3db23fc8fc1cb88e1
10.2/RPMS/apache2-source-2.0.53-9.4.102mdk.i586.rpm
ed7da603004ed00a9c31c7b2e5740de8
10.2/RPMS/apache2-worker-2.0.53-9.4.102mdk.i586.rpm
c27d53f234ab8c96a69c9c275c6f1f0a 10.2/SRPMS/apache2-2.0.53-9.4.102mdk.src.rpm
2c26a3a648da8cfd2e4bde1c9bc750f0
10.2/SRPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
0fcbb0c7eb9cef2036620ed5c11fbf6f
x86_64/10.2/RPMS/apache2-2.0.53-9.4.102mdk.x86_64.rpm
3d102f0fa1141027d29630ea6411ce5a
x86_64/10.2/RPMS/apache2-common-2.0.53-9.4.102mdk.x86_64.rpm
ccaa8d4880ea65e7719eee95aa7b90c9
x86_64/10.2/RPMS/apache2-devel-2.0.53-9.4.102mdk.x86_64.rpm
fafc80a0e194e93bd953dcdee0720818
x86_64/10.2/RPMS/apache2-manual-2.0.53-9.4.102mdk.x86_64.rpm
26687c7bfe86b91b42dc07613df73fee
x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.4.102mdk.x86_64.rpm
077b06db86a6ab2196438b15aaa31759
x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.4.102mdk.x86_64.rpm
ae41f94f76bff884bd2486de55458baf
x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.4.102mdk.x86_64.rpm
6a8189940aa47a10818d9bd719fcc692
x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.4.102mdk.x86_64.rpm
6621cd9d22659033024dcdb02c7e52ba
x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.4.102mdk.x86_64.rpm
1fb8e1694f110fd3d1c6dccf876bf41c
x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.4.102mdk.x86_64.rpm
91d3a68b8b932631b29476a7a146abfe
x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.4.102mdk.x86_64.rpm
adb92885445936c836bc7f13361a90a5
x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.4.102mdk.x86_64.rpm
15e330d09dacde2f4fe20416bc7ecff4
x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.x86_64.rpm
ee60914821883fdbca75ec50b9536929
x86_64/10.2/RPMS/apache2-modules-2.0.53-9.4.102mdk.x86_64.rpm
67ef23ffa11a16c85677d00f92bfec5e
x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.4.102mdk.x86_64.rpm
b0a16af065114c3a0331c7e3e992153a
x86_64/10.2/RPMS/apache2-source-2.0.53-9.4.102mdk.x86_64.rpm
aa7123321a5aef41c57d9669fa600909
x86_64/10.2/RPMS/apache2-worker-2.0.53-9.4.102mdk.x86_64.rpm
c27d53f234ab8c96a69c9c275c6f1f0a
x86_64/10.2/SRPMS/apache2-2.0.53-9.4.102mdk.src.rpm
2c26a3a648da8cfd2e4bde1c9bc750f0
x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.src.rpm
Mandriva Linux 2006.0:
698cc58241479ed3420b7ea05e004caf
2006.0/RPMS/apache-base-2.0.54-13.2.20060mdk.i586.rpm
50b24b5c0b57d8855b12b1df63907a55
2006.0/RPMS/apache-devel-2.0.54-13.2.20060mdk.i586.rpm
d45773a5afbd7e95b8fbf4a5742d7421
2006.0/RPMS/apache-mod_cache-2.0.54-13.2.20060mdk.i586.rpm
1ed0c6065f7ff959fff70886994db98c
2006.0/RPMS/apache-mod_dav-2.0.54-13.2.20060mdk.i586.rpm
11cdcc4a223fdd3d451c17394a4ab19f
2006.0/RPMS/apache-mod_deflate-2.0.54-13.2.20060mdk.i586.rpm
77554cf3457a32465a9977b51f0f8089
2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.2.20060mdk.i586.rpm
d39cefb6075e3de9c459aa97774cd1c0
2006.0/RPMS/apache-mod_file_cache-2.0.54-13.2.20060mdk.i586.rpm
46246bc1f89e93a8cd317079052cad8b
2006.0/RPMS/apache-mod_ldap-2.0.54-13.2.20060mdk.i586.rpm
6059a50db5752ade252619303d179ac9
2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.2.20060mdk.i586.rpm
52eb38740e1753591a2efe1f165c9a52
2006.0/RPMS/apache-mod_proxy-2.0.54-13.2.20060mdk.i586.rpm
c58f95e19b34e5fffaacec10e999c614
2006.0/RPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.i586.rpm
08d836daa888cd101f00c562931d1d96
2006.0/RPMS/apache-modules-2.0.54-13.2.20060mdk.i586.rpm
fcbf7783e8a0959b78308bc0fcb28c66
2006.0/RPMS/apache-mod_userdir-2.0.54-13.2.20060mdk.i586.rpm
44577d0be1ea6dd781310dc6d82b8357
2006.0/RPMS/apache-mpm-peruser-2.0.54-13.2.20060mdk.i586.rpm
2c7c4b9e077fa21d3be5379feb4a1bf5
2006.0/RPMS/apache-mpm-prefork-2.0.54-13.2.20060mdk.i586.rpm
b5194b3fdc57e710f671695a003d7a86
2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.i586.rpm
c15e6970096ec90359fb5f950838c361
2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.i586.rpm
f55dcf60da3a4e0bc6a9c7c22f153e32
2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm
377a0a4c5813cca0cfd1ec6c1be57964
2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
19f2682c0c8ea82d5d053057ebbea331
x86_64/2006.0/RPMS/apache-base-2.0.54-13.2.20060mdk.x86_64.rpm
3b74fc5aef89568e65f512a52056d98c
x86_64/2006.0/RPMS/apache-devel-2.0.54-13.2.20060mdk.x86_64.rpm
0573fef90fc16c5507371b57b78b8163
x86_64/2006.0/RPMS/apache-mod_cache-2.0.54-13.2.20060mdk.x86_64.rpm
2322bbe1b74c5ff49d54cc68839e86ce
x86_64/2006.0/RPMS/apache-mod_dav-2.0.54-13.2.20060mdk.x86_64.rpm
e318276c19d2d08fafe6f838b459f214
x86_64/2006.0/RPMS/apache-mod_deflate-2.0.54-13.2.20060mdk.x86_64.rpm
109e024c0fc738fd04336f9fe640a704
x86_64/2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.2.20060mdk.x86_64.rpm
bec4ad366bf9a556387f36bd4586ee1f
x86_64/2006.0/RPMS/apache-mod_file_cache-2.0.54-13.2.20060mdk.x86_64.rpm
aa3de6fb4e051150b8c7afee465ac079
x86_64/2006.0/RPMS/apache-mod_ldap-2.0.54-13.2.20060mdk.x86_64.rpm
7ee80c338ffee9b2e4bcf942a5b4684a
x86_64/2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.2.20060mdk.x86_64.rpm
65da37880faf3811a35ba596fab84245
x86_64/2006.0/RPMS/apache-mod_proxy-2.0.54-13.2.20060mdk.x86_64.rpm
17be071c0d39a17f0f6d4c9ddf051c42
x86_64/2006.0/RPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.x86_64.rpm
b913963f3ffafce4ddf9d87187f5ccf8
x86_64/2006.0/RPMS/apache-modules-2.0.54-13.2.20060mdk.x86_64.rpm
faf591ab4124eedd3b7121595035087a
x86_64/2006.0/RPMS/apache-mod_userdir-2.0.54-13.2.20060mdk.x86_64.rpm
533dff0067505fc71673a112719a3891
x86_64/2006.0/RPMS/apache-mpm-peruser-2.0.54-13.2.20060mdk.x86_64.rpm
3ea58408fb222e88d7b819967ec5ecf7
x86_64/2006.0/RPMS/apache-mpm-prefork-2.0.54-13.2.20060mdk.x86_64.rpm
e2dbb1c9a18e5766a08adc3ddb4f1fb6
x86_64/2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.x86_64.rpm
aa027a7ca0870145495edc79c9e3f7cb
x86_64/2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.x86_64.rpm
f55dcf60da3a4e0bc6a9c7c22f153e32
x86_64/2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm
377a0a4c5813cca0cfd1ec6c1be57964
x86_64/2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDvaVJmqjQ0CJFipgRAumhAKDP71yr4yV2o8y7Kc28fAfQ7SgSPwCfZ0oH
xg4Z4FlR5dChy37D4YzZA2Y=
=GH6L
-----END PGP SIGNATURE-----