[ MDVSA-2008:237 ] apache2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:237
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apache2
Date : December 4, 2008
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered in the mod_proxy module in Apache where
it did not limit the number of forwarded interim responses, allowing
remote HTTP servers to cause a denial of service (memory consumption)
via a large number of interim responses (CVE-2008-2364).
This update also provides HTTP/1.1 compliance fixes.
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
532973a116bcdf63ed72042b819b59cc
corporate/3.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm
e2913623f1876d02e426bbca997f3435
corporate/3.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm
2e583f46edd8e83d8071e1912fbcced6
corporate/3.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm
83b6d9adea62a2c186f2acfb7372a8f0
corporate/3.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm
f797d9dd78f6a75328f3156f4d97de54
corporate/3.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm
1e13b9cf9ed69f69f1700d89e7b0a625
corporate/3.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm
eeacd8fa60a510fe23a949303aefa934
corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm
12978be0a831fb2164e8663e0aa96c16
corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm
ff7133c4d2f3a18d5ca86398b6a3b482
corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm
de43091c378ef1b0a465f409d4198c7d
corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm
2a884bf3c648fe6e45bd1858e7ac8fca
corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm
435c1058b34b3e5603e8502315d3f1be
corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm
5a54d1929057b311ab83863fcfc6785b
corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm
37bb90e385c1571579d604120cd1c1d4
corporate/3.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm
377a8d1250fb1276e0c52fe89b63775a
corporate/3.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm
2c6db35de4997018b043181957072182
corporate/3.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm
30da5c4069b7b8ea5b3bb13734ca0058
corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm
Corporate 3.0/X86_64:
43cb9996c4ad55ead2a2bba2a618b939
corporate/3.0/x86_64/apache2-2.0.48-6.19.C30mdk.x86_64.rpm
898f1420c5fe218c748281c238da9d00
corporate/3.0/x86_64/apache2-common-2.0.48-6.19.C30mdk.x86_64.rpm
b7ca472734ea5776cfecf1dd2315f71d
corporate/3.0/x86_64/apache2-devel-2.0.48-6.19.C30mdk.x86_64.rpm
8ebd24059163cd8f8e22eb0203682e41
corporate/3.0/x86_64/apache2-manual-2.0.48-6.19.C30mdk.x86_64.rpm
ac6f64c5aabbf463be38023dfb2e30e0
corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.19.C30mdk.x86_64.rpm
2e66000edd688d563645ecf526724899
corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.19.C30mdk.x86_64.rpm
d82ba16ad19ebfbb412f033537fe7dfb
corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.19.C30mdk.x86_64.rpm
e83174382435df2220f7563545543342
corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.x86_64.rpm
af5d024a4cff0c216d0c02dcbe08ab83
corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.19.C30mdk.x86_64.rpm
b6a74826d456381f9c3807d7cdaef8ff
corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.19.C30mdk.x86_64.rpm
3e0c99c91a186db1650ab277fb266ddf
corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.x86_64.rpm
5bcf1224653b851df20d07d6fbb248b6
corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.19.C30mdk.x86_64.rpm
c07af351ea84b7d8a0b0de879c9aad2e
corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.19.C30mdk.x86_64.rpm
fa40774c92468aa0080979674ff473c5
corporate/3.0/x86_64/apache2-modules-2.0.48-6.19.C30mdk.x86_64.rpm
a387e498b01b876ee31066aa3a73970a
corporate/3.0/x86_64/apache2-source-2.0.48-6.19.C30mdk.x86_64.rpm
659d44dc9615de5b556d35425d628bf7
corporate/3.0/x86_64/lib64apr0-2.0.48-6.19.C30mdk.x86_64.rpm
30da5c4069b7b8ea5b3bb13734ca0058
corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm
Multi Network Firewall 2.0:
93eef0301be074129e8c8f67381c09ad
mnf/2.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm
0dd927e4efb8dc43f2168227d22c1407
mnf/2.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm
366c8a236e33babca8447b3c3f926c83
mnf/2.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm
73490cae06d07885512ff28fb24c1d6c
mnf/2.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm
8bf01fed207bf8ae9c265be3d3f0e0f5
mnf/2.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm
b06f622b9c96bfa10cdc4d2067e5826f
mnf/2.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm
c5600da4764bcb84733c16034871ced1
mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm
cccdb0578c7443e46154a8f64b78a86b
mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm
67fb4bcf03bef82c78fb42ec3de85b55
mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm
20cb9f0132cd5181f6cff7699373d488
mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm
1f0f71765b82dd9086c99a2ec98ce458
mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm
26d8d7db3f8a8ed9dd22add69cc908cd
mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm
538e1d3b6eab0b6770de516d9c6e59e4
mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm
82674d6c664adb4e9a8539703ee113d7
mnf/2.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm
d1dc24f4698a7cef16c292ba19302ca1
mnf/2.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm
b83a8c4eda842c3e358d16d22febbe80
mnf/2.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm
5ff603859246c39086f9b6ad300f97c6
mnf/2.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJOCuNmqjQ0CJFipgRAt+pAKDO9fruRTCR1580NTYdYmnky057aACdFVGo
NmJlapeQ2vPQcDIjsktx95s=
=5zLR
-----END PGP SIGNATURE-----