<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2007:140 ] - Updated apache packages fix multiple security issues



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:140
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : apache
 Date    : July 4, 2007
 Affected: 2007.0, 2007.1, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability was discovered in the the Apache mod_status module
 that could lead to a cross-site scripting attack on sites where the
 server-status page was publically accessible and ExtendedStatus was
 enabled (CVE-2006-5752).
 
 A vulnerability was found in the Apache mod_cache module that could
 cause the httpd server child process to crash if it was sent a
 carefully crafted request.  This could lead to a denial of service
 if using a threaded MPM (CVE-2007-1863).
 
 The Apache server also did not verify that a process was an Apache
 child process before sending it signals.  A local attacker with the
 ability to run scripts on the server could manipulate the scoreboard
 and cause arbitrary processes to be terminated (CVE-2007-3304).
 
 Updated packages have been patched to prevent the above issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 5f906bba3e1195f5ffbc3fcb2a6bde38  
2007.0/i586/apache-base-2.2.3-1.1mdv2007.0.i586.rpm
 83a4844cd98ef203958796ce280a71b2  
2007.0/i586/apache-devel-2.2.3-1.1mdv2007.0.i586.rpm
 2a6853cad61ca0548715486c5d4c8a23  
2007.0/i586/apache-htcacheclean-2.2.3-1.1mdv2007.0.i586.rpm
 bebbc850c030be2ef87ce12d420fb825  
2007.0/i586/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.i586.rpm
 9e08e4738b304aab4f90f4f18aa5da45  
2007.0/i586/apache-mod_cache-2.2.3-1.1mdv2007.0.i586.rpm
 989d0538f7882277053f6d4c89ca581c  
2007.0/i586/apache-mod_dav-2.2.3-1.1mdv2007.0.i586.rpm
 c1c0fc53dd811dd6176800226574efbf  
2007.0/i586/apache-mod_dbd-2.2.3-1.1mdv2007.0.i586.rpm
 e68509c01d66b9d42e676e7974360154  
2007.0/i586/apache-mod_deflate-2.2.3-1.1mdv2007.0.i586.rpm
 5596cb5359b7919125fc10be83598445  
2007.0/i586/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.i586.rpm
 d71b54240667224fd7da7fec4693c30b  
2007.0/i586/apache-mod_file_cache-2.2.3-1.1mdv2007.0.i586.rpm
 3571cab041e622f9399c57f377ac3fe3  
2007.0/i586/apache-mod_ldap-2.2.3-1.1mdv2007.0.i586.rpm
 598fdd7aad80fdc557142c5e9fc00677  
2007.0/i586/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.i586.rpm
 f4ec774478f5d198ad2e3d3384a5ad83  
2007.0/i586/apache-mod_proxy-2.2.3-1.1mdv2007.0.i586.rpm
 ab7726290be59f03a5ade2029a2b02f8  
2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.i586.rpm
 d72ab4173d51da4a0c1df63dbb52ccf5  
2007.0/i586/apache-mod_ssl-2.2.3-1.1mdv2007.0.i586.rpm
 fcde0ec8b64d83402b53f926ec7fa835  
2007.0/i586/apache-mod_userdir-2.2.3-1.1mdv2007.0.i586.rpm
 58a0628d42d23c9aa5df6567789fad40  
2007.0/i586/apache-modules-2.2.3-1.1mdv2007.0.i586.rpm
 011487e1afdfb400419303182e5320c7  
2007.0/i586/apache-mpm-prefork-2.2.3-1.1mdv2007.0.i586.rpm
 7a755b22020153b44f8d00ba153d3d97  
2007.0/i586/apache-mpm-worker-2.2.3-1.1mdv2007.0.i586.rpm
 ef6e11f0d26db492bc9fe83a2dbf53d7  
2007.0/i586/apache-source-2.2.3-1.1mdv2007.0.i586.rpm 
 411b90e42ed304f329e9989d64a9dfc5  
2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 7c5408879073413fb27f2d40854813d0  
2007.0/x86_64/apache-base-2.2.3-1.1mdv2007.0.x86_64.rpm
 c720f2a661616b0bf35bc353d14b9b3b  
2007.0/x86_64/apache-devel-2.2.3-1.1mdv2007.0.x86_64.rpm
 12164d6d70972cb9ed2fb6581e212bf1  
2007.0/x86_64/apache-htcacheclean-2.2.3-1.1mdv2007.0.x86_64.rpm
 5278f8d03ce9d59ec4929d4362b04bbe  
2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm
 40c83185db12d04f4953a374b329ebb3  
2007.0/x86_64/apache-mod_cache-2.2.3-1.1mdv2007.0.x86_64.rpm
 fe37fb1d4378c4bbcfd8d63bd57c3d4d  
2007.0/x86_64/apache-mod_dav-2.2.3-1.1mdv2007.0.x86_64.rpm
 0830bc5d1718a533e3358a45975596ce  
2007.0/x86_64/apache-mod_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm
 e18c3a6a322258e73b87170766aa7882  
2007.0/x86_64/apache-mod_deflate-2.2.3-1.1mdv2007.0.x86_64.rpm
 fc8c27067e6b04bd549fe0b95579ebaa  
2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.x86_64.rpm
 b31385db2199fd33eeb624c80e9d882a  
2007.0/x86_64/apache-mod_file_cache-2.2.3-1.1mdv2007.0.x86_64.rpm
 08123786649152eab65e123c75db8e66  
2007.0/x86_64/apache-mod_ldap-2.2.3-1.1mdv2007.0.x86_64.rpm
 7de4b739d93683648209dcdc69dd5473  
2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.x86_64.rpm
 85fde2923d945f3849d77f806b8bc55d  
2007.0/x86_64/apache-mod_proxy-2.2.3-1.1mdv2007.0.x86_64.rpm
 b68991944f2989b6d3f89f7272239d76  
2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.x86_64.rpm
 19871683773211daa721957dc5dd565d  
2007.0/x86_64/apache-mod_ssl-2.2.3-1.1mdv2007.0.x86_64.rpm
 5cf2a97219d6789e4572da1ecddedf16  
2007.0/x86_64/apache-mod_userdir-2.2.3-1.1mdv2007.0.x86_64.rpm
 feede872aaf0ca4bbd86ffe24455e9cd  
2007.0/x86_64/apache-modules-2.2.3-1.1mdv2007.0.x86_64.rpm
 a00a35d4eba8f538cea741b2fc4079f4  
2007.0/x86_64/apache-mpm-prefork-2.2.3-1.1mdv2007.0.x86_64.rpm
 da86251e4417f068d2cafed30e380779  
2007.0/x86_64/apache-mpm-worker-2.2.3-1.1mdv2007.0.x86_64.rpm
 ceb7fd32d3ad933ab6a914085f858911  
2007.0/x86_64/apache-source-2.2.3-1.1mdv2007.0.x86_64.rpm 
 411b90e42ed304f329e9989d64a9dfc5  
2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 9daef91724ded29a3c76e74c261f7766  
2007.1/i586/apache-base-2.2.4-6.2mdv2007.1.i586.rpm
 9288ee938a0853d6e0072f839c68c1c2  
2007.1/i586/apache-devel-2.2.4-6.2mdv2007.1.i586.rpm
 613a986f9f654f1ce3432ee6f6db2391  
2007.1/i586/apache-htcacheclean-2.2.4-6.2mdv2007.1.i586.rpm
 8e0eb376d851d1ddba8850d4233fc3d3  
2007.1/i586/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.i586.rpm
 24de68668efa15e4abaaffd690837256  
2007.1/i586/apache-mod_cache-2.2.4-6.2mdv2007.1.i586.rpm
 288866908d43959c4b31c368346ba65d  
2007.1/i586/apache-mod_dav-2.2.4-6.2mdv2007.1.i586.rpm
 d25838ec739d7a0037148f573262f81c  
2007.1/i586/apache-mod_dbd-2.2.4-6.2mdv2007.1.i586.rpm
 ebad14bcccb73c8f8a27e98a6982a6f1  
2007.1/i586/apache-mod_deflate-2.2.4-6.2mdv2007.1.i586.rpm
 810d445f2146848b582e798e368b32ab  
2007.1/i586/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.i586.rpm
 307de93279683b5b3e76ee6d971781cc  
2007.1/i586/apache-mod_file_cache-2.2.4-6.2mdv2007.1.i586.rpm
 f59890e1bc38cfa598a4100705cf4cc6  
2007.1/i586/apache-mod_ldap-2.2.4-6.2mdv2007.1.i586.rpm
 098a05d1cbaa6bfa2d2707896dd6366c  
2007.1/i586/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.i586.rpm
 6504f5e57440ff07da16de3d928898f6  
2007.1/i586/apache-mod_proxy-2.2.4-6.2mdv2007.1.i586.rpm
 adc3a611a780e23178e93a6cedf135d4  
2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.i586.rpm
 659508a67fbe28b5dd9f861384ca1cf1  
2007.1/i586/apache-mod_ssl-2.2.4-6.2mdv2007.1.i586.rpm
 604eb70716d7e7b6bc6e8399cc4d9f5c  
2007.1/i586/apache-mod_userdir-2.2.4-6.2mdv2007.1.i586.rpm
 750d7cb431356abc88fe7a031f872b04  
2007.1/i586/apache-modules-2.2.4-6.2mdv2007.1.i586.rpm
 210be718db221db891452f05a001ee4e  
2007.1/i586/apache-mpm-event-2.2.4-6.2mdv2007.1.i586.rpm
 482e3d3af6756108c3e9a26ec2a8ac56  
2007.1/i586/apache-mpm-itk-2.2.4-6.2mdv2007.1.i586.rpm
 b76ff4578c127ebd248b21a85a31140a  
2007.1/i586/apache-mpm-prefork-2.2.4-6.2mdv2007.1.i586.rpm
 2484dee8a4d4e7604a69abcd1b443954  
2007.1/i586/apache-mpm-worker-2.2.4-6.2mdv2007.1.i586.rpm
 9823f9b97e1829df97999494c3a3d453  
2007.1/i586/apache-source-2.2.4-6.2mdv2007.1.i586.rpm 
 ccbd9fad2b29ff86d8601f7201f48d72  
2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 4d043339268bff11fa07897ee3dc2988  
2007.1/x86_64/apache-base-2.2.4-6.2mdv2007.1.x86_64.rpm
 afbae73f408fa95c9e4d25e3aa39583d  
2007.1/x86_64/apache-devel-2.2.4-6.2mdv2007.1.x86_64.rpm
 d92c22ff28fcd919b3a8525f753066c3  
2007.1/x86_64/apache-htcacheclean-2.2.4-6.2mdv2007.1.x86_64.rpm
 abe81d2effd6f4975accbdc8d25d089e  
2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm
 480d5c31af3289f26953a691f92e2a51  
2007.1/x86_64/apache-mod_cache-2.2.4-6.2mdv2007.1.x86_64.rpm
 3feae93ade4038e67fcbaa691f2a74aa  
2007.1/x86_64/apache-mod_dav-2.2.4-6.2mdv2007.1.x86_64.rpm
 b60eead7fe808fbc5eff6cb34f1de80b  
2007.1/x86_64/apache-mod_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm
 023afee3221da629fd8e1d34006b7463  
2007.1/x86_64/apache-mod_deflate-2.2.4-6.2mdv2007.1.x86_64.rpm
 1180446c8cf65c196352006d6da00e17  
2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.x86_64.rpm
 0e8c2dfc0e42c23b0afbada9f8868bb6  
2007.1/x86_64/apache-mod_file_cache-2.2.4-6.2mdv2007.1.x86_64.rpm
 32aa45f45b8893d6c23c6892b7ad7e62  
2007.1/x86_64/apache-mod_ldap-2.2.4-6.2mdv2007.1.x86_64.rpm
 15c20ffb5fdc8ab2a6fa92157c9f0536  
2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.x86_64.rpm
 f91fd6552f480eb36d030bb2e91d30b4  
2007.1/x86_64/apache-mod_proxy-2.2.4-6.2mdv2007.1.x86_64.rpm
 2c9d1e35af7adebaeb6284bf5da4dd5f  
2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.x86_64.rpm
 caa59aaba47c89d20e799a3f02271afd  
2007.1/x86_64/apache-mod_ssl-2.2.4-6.2mdv2007.1.x86_64.rpm
 8ac44f8c409ea29492a3acdc1eb44c7f  
2007.1/x86_64/apache-mod_userdir-2.2.4-6.2mdv2007.1.x86_64.rpm
 0f2198ec988390ff3b7843a1e7090517  
2007.1/x86_64/apache-modules-2.2.4-6.2mdv2007.1.x86_64.rpm
 2548664fde736f25acf59f46c847d1ff  
2007.1/x86_64/apache-mpm-event-2.2.4-6.2mdv2007.1.x86_64.rpm
 2434c402bae11969ddf5281f2f042d24  
2007.1/x86_64/apache-mpm-itk-2.2.4-6.2mdv2007.1.x86_64.rpm
 8a06ecd19726db033496a042c6a6be2f  
2007.1/x86_64/apache-mpm-prefork-2.2.4-6.2mdv2007.1.x86_64.rpm
 e8d339c397409391f3fb36f704c38c6c  
2007.1/x86_64/apache-mpm-worker-2.2.4-6.2mdv2007.1.x86_64.rpm
 8a6f923428242f7aa1b4d489739e241b  
2007.1/x86_64/apache-source-2.2.4-6.2mdv2007.1.x86_64.rpm 
 ccbd9fad2b29ff86d8601f7201f48d72  
2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm

 Corporate 4.0:
 74beb8d1579ce5d5f12c8b15981b6e63  
corporate/4.0/i586/apache-base-2.2.3-1.1.20060mlcs4.i586.rpm
 326a8259b0d99bc2938bfa6cd85743e7  
corporate/4.0/i586/apache-devel-2.2.3-1.1.20060mlcs4.i586.rpm
 ca305d0928255a65814af781b345a056  
corporate/4.0/i586/apache-htcacheclean-2.2.3-1.1.20060mlcs4.i586.rpm
 48c2b6a5ee11c3f011b1f6dc60a86479  
corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.i586.rpm
 b81a3077cb88a34af43a61ad6f2559ea  
corporate/4.0/i586/apache-mod_cache-2.2.3-1.1.20060mlcs4.i586.rpm
 ba5aee0b2a86182560e54f0cf4d360bd  
corporate/4.0/i586/apache-mod_dav-2.2.3-1.1.20060mlcs4.i586.rpm
 b696352106c5a0d1697385523455c767  
corporate/4.0/i586/apache-mod_dbd-2.2.3-1.1.20060mlcs4.i586.rpm
 e79f271f000dd7f3a009cca70fd7e4a2  
corporate/4.0/i586/apache-mod_deflate-2.2.3-1.1.20060mlcs4.i586.rpm
 c7bdb987f61099b64e751639ca02dd8a  
corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.i586.rpm
 b0303fcc2f43bdcf25419dde56df2297  
corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.i586.rpm
 f818ff0f890abe230c92069f9d256e5c  
corporate/4.0/i586/apache-mod_ldap-2.2.3-1.1.20060mlcs4.i586.rpm
 4247be23e42c368b3880c7ab5ac13c89  
corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.i586.rpm
 e50f1749935c96d3364bdce9af5d22bf  
corporate/4.0/i586/apache-mod_proxy-2.2.3-1.1.20060mlcs4.i586.rpm
 a619b4e0130d1db7f77a790fee0917a6  
corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.i586.rpm
 8170e0e77256f08d07b02119400a19f9  
corporate/4.0/i586/apache-mod_ssl-2.2.3-1.1.20060mlcs4.i586.rpm
 4a5d94d4f94295efe48266a1d529486e  
corporate/4.0/i586/apache-mod_userdir-2.2.3-1.1.20060mlcs4.i586.rpm
 7c0c27197d6b44115366eac339c424f2  
corporate/4.0/i586/apache-modules-2.2.3-1.1.20060mlcs4.i586.rpm
 56351aafc723fdea2f2fac22d5046944  
corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.i586.rpm
 ccbb2f27b762b5dd564dc7a00aac6db0  
corporate/4.0/i586/apache-mpm-worker-2.2.3-1.1.20060mlcs4.i586.rpm
 a65137ff29ed6a1da1f894d19997faec  
corporate/4.0/i586/apache-source-2.2.3-1.1.20060mlcs4.i586.rpm 
 8cdf592a822485abba00dfb6591615ea  
corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7a9b4f5b3fcf2cac67e4c38022ee2441  
corporate/4.0/x86_64/apache-base-2.2.3-1.1.20060mlcs4.x86_64.rpm
 5604ba341d957fbe6182bd2eb29a8e9d  
corporate/4.0/x86_64/apache-devel-2.2.3-1.1.20060mlcs4.x86_64.rpm
 8983bda4bbe3b58f9c6c317531eb52b7  
corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.1.20060mlcs4.x86_64.rpm
 9baf252cbc8ef8a093ed25e7a0daf25d  
corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm
 26cc58bcbfd25a83c15051c8f590a36d  
corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm
 941a32aea1b1b3bca1ae343d5d925892  
corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.1.20060mlcs4.x86_64.rpm
 1d79a7b921ce150de88e22ffbaba4b31  
corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm
 d80b9ffca3dd024e73d069e55ba7fa3e  
corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.1.20060mlcs4.x86_64.rpm
 7a7a11645680a7bee9cf88b166b0d32f  
corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm
 fcc85c0f9faf1fa08a01f3d4ecb68033  
corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm
 55789d16ff565bcd31dfa522435d4d4b  
corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.1.20060mlcs4.x86_64.rpm
 7ee708824d65878b71ede35e139ac94d  
corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm
 e8579835f848cade641da14354196497  
corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.1.20060mlcs4.x86_64.rpm
 6a1e70a638aecf603f3bc2485d14bd78  
corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.x86_64.rpm
 212f40574d0821b909972ebc36fb697a  
corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.1.20060mlcs4.x86_64.rpm
 32a8dd886e42c8093be05c9ee4d31855  
corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.1.20060mlcs4.x86_64.rpm
 265bccd86baa7fca942f1c6d4d694523  
corporate/4.0/x86_64/apache-modules-2.2.3-1.1.20060mlcs4.x86_64.rpm
 babdb585a6c754f23d91c41fc844a5e2  
corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.x86_64.rpm
 63274f5c5dc3897d0062f621b1c63e0e  
corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.1.20060mlcs4.x86_64.rpm
 18782a1fcbcb760d36162ce830ac4cdd  
corporate/4.0/x86_64/apache-source-2.2.3-1.1.20060mlcs4.x86_64.rpm 
 8cdf592a822485abba00dfb6591615ea  
corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGjD3WmqjQ0CJFipgRAtGoAKCXMGCKCMbkso0ugvF0TpsWNwkPjgCfVakS
Re00IyLecNs4MIGgsrv2qJE=
=5EEm
-----END PGP SIGNATURE-----