[ MDVSA-2008:194 ] apache2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:194
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apache2
Date : September 13, 2008
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A cross-site scripting vulnerability was found in the mod_proxy_ftp
module in Apache that allowed remote attackers to inject arbitrary
web script or HTML via wildcards in a pathname in an FTP URI
(CVE-2008-2939).
The updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
cb99d8d30c755c2263624e64a238c97b
corporate/3.0/i586/apache2-2.0.48-6.18.C30mdk.i586.rpm
0a6626ff589e99899aea1cb6ba2bb568
corporate/3.0/i586/apache2-common-2.0.48-6.18.C30mdk.i586.rpm
e1a2c5e55038bb1aacf3cef6bbb8fab0
corporate/3.0/i586/apache2-devel-2.0.48-6.18.C30mdk.i586.rpm
b2d0e0bc451473385825fc2388026ae4
corporate/3.0/i586/apache2-manual-2.0.48-6.18.C30mdk.i586.rpm
d78741b6fcab8f07976960b105e02bfe
corporate/3.0/i586/apache2-mod_cache-2.0.48-6.18.C30mdk.i586.rpm
290b0f2bca9765f895cdb3a876b122eb
corporate/3.0/i586/apache2-mod_dav-2.0.48-6.18.C30mdk.i586.rpm
62565a3e6a93e65aad4d51806a457ed0
corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.18.C30mdk.i586.rpm
e33734d21a417e096b80134a228a8907
corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.i586.rpm
14841928e53e8f2133d26707f073cf5a
corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.18.C30mdk.i586.rpm
695859dc62af2282917471ba5564efd5
corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.18.C30mdk.i586.rpm
8e0f0388b7e995a622b0b1c055d20167
corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.i586.rpm
f798de71bbc16988699156be21fb22cc
corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.18.C30mdk.i586.rpm
90d80910a1dad80b21f76234983c4648
corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.18.C30mdk.i586.rpm
b294270cd780a9908db877daeaab7fd0
corporate/3.0/i586/apache2-modules-2.0.48-6.18.C30mdk.i586.rpm
16f0e826993f524fb0e14744513cd6bd
corporate/3.0/i586/apache2-source-2.0.48-6.18.C30mdk.i586.rpm
7d2e73a5d629b9c8ca467303dc35c041
corporate/3.0/i586/libapr0-2.0.48-6.18.C30mdk.i586.rpm
0e474bcf2388dfa4e9b8eec44af8613a
corporate/3.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm
Corporate 3.0/X86_64:
839d73dc124b3effbc26badb04390bd5
corporate/3.0/x86_64/apache2-2.0.48-6.18.C30mdk.x86_64.rpm
b68fc8aad0b43452f922833f0195b080
corporate/3.0/x86_64/apache2-common-2.0.48-6.18.C30mdk.x86_64.rpm
74a1af859a3251b4c3a2922367516c1f
corporate/3.0/x86_64/apache2-devel-2.0.48-6.18.C30mdk.x86_64.rpm
4e15a214cfc255906f417af5d51f269a
corporate/3.0/x86_64/apache2-manual-2.0.48-6.18.C30mdk.x86_64.rpm
0fe9472b70e6dd39fc737f88d887fe00
corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.18.C30mdk.x86_64.rpm
24517b150a1de83c3b83166a1956c7ab
corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.18.C30mdk.x86_64.rpm
a6e7688aa8659163a7931a85fc431cdf
corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.18.C30mdk.x86_64.rpm
85bd4c5ecce52d0de6a36dd8614c4f26
corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.x86_64.rpm
b642855a2edf425463a70cfc5c529114
corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.18.C30mdk.x86_64.rpm
5efb348be022e755dc3b96c35e918b7d
corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.18.C30mdk.x86_64.rpm
def1cb6a2ee3f4341dd39fd1d007f882
corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.x86_64.rpm
fcfd2805b8db60cb457b3c895777a916
corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.18.C30mdk.x86_64.rpm
073d91c0d9777658e962014440701ef6
corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.18.C30mdk.x86_64.rpm
ee0bf865aee32c3b1f8eff7d0096e475
corporate/3.0/x86_64/apache2-modules-2.0.48-6.18.C30mdk.x86_64.rpm
6733a938a7d2db502fc06db65743ddc3
corporate/3.0/x86_64/apache2-source-2.0.48-6.18.C30mdk.x86_64.rpm
2b7d2fb2c34fefafff86bde620eca69d
corporate/3.0/x86_64/lib64apr0-2.0.48-6.18.C30mdk.x86_64.rpm
0e474bcf2388dfa4e9b8eec44af8613a
corporate/3.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm
Multi Network Firewall 2.0:
0767fe397bd9e35301bbb89c38f670ce
mnf/2.0/i586/apache2-2.0.48-6.18.C30mdk.i586.rpm
738b0e7514d1e69cc01bc4ebfc191b6f
mnf/2.0/i586/apache2-common-2.0.48-6.18.C30mdk.i586.rpm
ddff71afd9d60987ec952f411c017a3a
mnf/2.0/i586/apache2-devel-2.0.48-6.18.C30mdk.i586.rpm
2d22c245ef43e13e7fdc62e91a43dc6c
mnf/2.0/i586/apache2-manual-2.0.48-6.18.C30mdk.i586.rpm
0d2484f67a8524c40ce8c747bf5902db
mnf/2.0/i586/apache2-mod_cache-2.0.48-6.18.C30mdk.i586.rpm
c355dabc05d922129aa7af76fc6fa350
mnf/2.0/i586/apache2-mod_dav-2.0.48-6.18.C30mdk.i586.rpm
624a8f0e66f8536c31d1dda8e48bc790
mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.18.C30mdk.i586.rpm
8e8e3da47f17ead30794a37b64e0018a
mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.i586.rpm
66c58438edb5928ce3cddcab4f870fdd
mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.18.C30mdk.i586.rpm
1c3738bd489905b7e9cea22af4693ab9
mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.18.C30mdk.i586.rpm
7d49a07cfa1f06297e64fd60e640c3af
mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.i586.rpm
4d4123c3751e6ad0a87b9a7e4683b34e
mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.18.C30mdk.i586.rpm
740418f2f1a03bb5588603a2fb3f72db
mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.18.C30mdk.i586.rpm
33cd3e8bdab33eeb9a8bc1d5dcf87831
mnf/2.0/i586/apache2-modules-2.0.48-6.18.C30mdk.i586.rpm
adad509aeb921896619eff3208e62ca8
mnf/2.0/i586/apache2-source-2.0.48-6.18.C30mdk.i586.rpm
a9703ad89a3b53677ccc2c4f90aae9bf
mnf/2.0/i586/libapr0-2.0.48-6.18.C30mdk.i586.rpm
3e93f31336660bfc08664cb01436559d
mnf/2.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIzAh9mqjQ0CJFipgRAvjBAJ9W89EjJMDlaapWkHsLCSFdT2NMJwCfV5u+
5FopksLe1/tYWDe+lrD0sPY=
=SZ7O
-----END PGP SIGNATURE-----