Jump to content

Updated apache2 packages


mystified
 Share

Recommended Posts

Mandrakesoft Security Advisories

 

Package name apache2

Date September 15th, 2004

Advisory ID MDKSA-2004:096

Affected versions 9.2, 10.0

Synopsis Updated apache2 packages fix multiple vulnerabilities

 

 

Problem Description

 

Two Denial of Service conditions were discovered in the input filter of mod_ssl, the module that enables apache to handle HTTPS requests.

 

Another vulnerability was discovered by the ASF security team using the Codenomicon HTTP Test Tool. This vulnerability, in the apr-util library, can possibly lead to arbitray code execution if certain non-default conditions are met (enabling the AP_ENABLE_EXCEPTION_HOOK define).

 

As well, the SITIC have discovered a buffer overflow when Apache expands environment variables in configuration files such as .htaccess and httpd.conf, which can lead to possible privilege escalation. This can only be done, however, if an attacker is able to place malicious configuration files on the server.

 

Finally, a crash condition was discovered in the mod_dav module by Julian Reschke, where sending a LOCK refresh request to an indirectly locked resource could crash the server.

 

The updated packages have been patched to protect against these vulnerabilities.

 

 

Updated Packages

 

 

Mandrakelinux 9.2

 

a5022c41292c79824da685f40a84088f 9.2/RPMS/apache2-2.0.47-6.9.92mdk.i586.rpm

f7bb47cfbaaed2b59cb75c1fd19334ba 9.2/RPMS/apache2-common-2.0.47-6.9.92mdk.i586.rpm

1f71d90ac568f5e8f6ab1dfaa98cf4c3 9.2/RPMS/apache2-devel-2.0.47-6.9.92mdk.i586.rpm

5494d0648be5a27178b810980cb7f3e8 9.2/RPMS/apache2-manual-2.0.47-6.9.92mdk.i586.rpm

42f46e37fe2242947dceda9e0455bdfc 9.2/RPMS/apache2-mod_cache-2.0.47-6.9.92mdk.i586.rpm

70b913fa54ddcfa696c1bd4251a79945 9.2/RPMS/apache2-mod_dav-2.0.47-6.9.92mdk.i586.rpm

5000116dac10fd53b04153b7380528a9 9.2/RPMS/apache2-mod_deflate-2.0.47-6.9.92mdk.i586.rpm

102a388f55bc59ad824e94913893bb97 9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.9.92mdk.i586.rpm

4e80f75066f180226812ab89256ed651 9.2/RPMS/apache2-mod_file_cache-2.0.47-6.9.92mdk.i586.rpm

67c4d53ee756149485ee98fb4a0a3f98 9.2/RPMS/apache2-mod_ldap-2.0.47-6.9.92mdk.i586.rpm

5d33dc3247dee2d598534564245534e7 9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.9.92mdk.i586.rpm

82d6c628240e4529555f5234f61ae465 9.2/RPMS/apache2-mod_proxy-2.0.47-6.9.92mdk.i586.rpm

162af1842efde8e25cee655c9a6074d8 9.2/RPMS/apache2-mod_ssl-2.0.47-6.9.92mdk.i586.rpm

57cfc8ec7a4f0748df2512a8cab871c1 9.2/RPMS/apache2-modules-2.0.47-6.9.92mdk.i586.rpm

d2b611bd99ed5f0de8a211058ea5c9b3 9.2/RPMS/apache2-source-2.0.47-6.9.92mdk.i586.rpm

732529e90ba322a1af3e8cc52ed3b35d 9.2/RPMS/libapr0-2.0.47-6.9.92mdk.i586.rpm

0a407de570da4a4fa87f0ff01209e6cb 9.2/SRPMS/apache2-2.0.47-6.9.92mdk.src.rpm

 

Mandrakelinux 9.2/AMD64

 

d38ea5529d580f08fd41e5d60e0e27f3 amd64/9.2/RPMS/apache2-2.0.47-6.9.92mdk.amd64.rpm

71b971bfa2ee3c9892c474b52d25d013 amd64/9.2/RPMS/apache2-common-2.0.47-6.9.92mdk.amd64.rpm

271807bfedd2e488fe8612c1eeac884c amd64/9.2/RPMS/apache2-devel-2.0.47-6.9.92mdk.amd64.rpm

956499b5a87b862eba2a6cad34acbe73 amd64/9.2/RPMS/apache2-manual-2.0.47-6.9.92mdk.amd64.rpm

385ba3c32e876db596afddc5e6115904 amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.9.92mdk.amd64.rpm

7ae05ee04cb1a28e028fd6bae59ba2e8 amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.9.92mdk.amd64.rpm

7c2a5dce49f994d8535344e284342a84 amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.9.92mdk.amd64.rpm

43540961c80877d932bbb71a21be2e96 amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.9.92mdk.amd64.rpm

1a0333f97501803238053c8bf0d1a536 amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.9.92mdk.amd64.rpm

df9db8eda897070aa85b9c39552ec353 amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.9.92mdk.amd64.rpm

bda589312c97917e3febd6315d403533 amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.9.92mdk.amd64.rpm

93c3f05ab21020651aa2f3ec8dee77eb amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.9.92mdk.amd64.rpm

0184016e442847ca432a78ee488c14da amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.9.92mdk.amd64.rpm

2e73a720242ea4010cc783afd8eb30d8 amd64/9.2/RPMS/apache2-modules-2.0.47-6.9.92mdk.amd64.rpm

e33488dc979fc75ff33e82b4749ac87e amd64/9.2/RPMS/apache2-source-2.0.47-6.9.92mdk.amd64.rpm

cc7bc30bd8cc09da849d981701a96f6c amd64/9.2/RPMS/lib64apr0-2.0.47-6.9.92mdk.amd64.rpm

0a407de570da4a4fa87f0ff01209e6cb amd64/9.2/SRPMS/apache2-2.0.47-6.9.92mdk.src.rpm

 

Mandrakelinux 10.0

 

577abf316e5d985744e3a55c00ba1ed3 10.0/RPMS/apache2-2.0.48-6.6.100mdk.i586.rpm

0f57531ce5bfd8034f1d485d55a8dc36 10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.i586.rpm

8931749f97b852f34500348a4d1f3ae0 10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.i586.rpm

abd6661337d00c261462d9dc4a7e7a27 10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.i586.rpm

d4ece1caa7d12cdcad37fc179a3a507a 10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.i586.rpm

b33b960cc734861a8b12f157c2754d37 10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.i586.rpm

c49321208ca8c4e3f867acf481b56aea 10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.i586.rpm

f03a0281374080c36351c6994ca83fef 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.i586.rpm

e6d2e946c1a4006d7da12e0d4970efdf 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.i586.rpm

4b121a7f3ac76c4d6d47b3b2dd303afc 10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.i586.rpm

fabdc95624a9d4863ce6a0773ba41769 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.i586.rpm

386f4203719e4dbed7ec22c2b2416a6f 10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.i586.rpm

39fb6ee3fb9a25fe9fef386b10908300 10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.i586.rpm

8769f679dd2ff3fbc61a8d53bf7e1e95 10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.i586.rpm

22cdca5e2d82338cd0cf9fb2494f93e5 10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.i586.rpm

6110769acb534f25eb2eca0240dc59c0 10.0/RPMS/libapr0-2.0.48-6.6.100mdk.i586.rpm

a95799fa3e80c91b9c213e6938894004 10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm

 

Mandrakelinux 10.0/AMD64

 

6147e89235b66d584b49aa29b1bdd48f amd64/10.0/RPMS/apache2-2.0.48-6.6.100mdk.amd64.rpm

43227a23672e9e794ab9c2fdbfdc29af amd64/10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.amd64.rpm

0f4a26910cb8d3cef4f0c6990e2dd89a amd64/10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.amd64.rpm

939b4a808c3d4d4aeec7353873fe70d2 amd64/10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.amd64.rpm

636cb8f74e0fd9955924de1b8c9bcd33 amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.amd64.rpm

84440eadc0ca8e45caf80cc1c5a110ec amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.amd64.rpm

bb8fc55c43ed023f41b2c9134b22112b amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.amd64.rpm

059c1ded4088a77ca1379b37bf488d8a amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.amd64.rpm

21e5578866e52cafb66a8810b80bb8ee amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.amd64.rpm

b772fc49e45ba69cf54befd0c43b0478 amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.amd64.rpm

8ab329afc0a8114022c2989f0da114e5 amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.amd64.rpm

3dd9a74509e65083895a38a40b5737e8 amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.amd64.rpm

dd8c9c7a029a409f1a9c0498e9bdb0d4 amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.amd64.rpm

9823808a0fd99a4285a742bc843f2a7f amd64/10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.amd64.rpm

6a801d9aa2cd2b4b2702541a29b21adc amd64/10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.amd64.rpm

c5b670cc38bfe405e581a4d82bfbc49d amd64/10.0/RPMS/lib64apr0-2.0.48-6.6.100mdk.amd64.rpm

a95799fa3e80c91b9c213e6938894004 amd64/10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm

 

References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786

http://www.uniras.gov.uk/vuls/2004/403518/index.htm

 

 

Upgrade

 

 

To upgrade automatically, use MandrakeUpdate.

 

Verification

 

 

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

 

rpm --checksig package.rpm

 

 

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

 

If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

Link to comment
Share on other sites

 Share

×
×
  • Create New...