[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ MDVSA-2011:168 ] apache
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [ MDVSA-2011:168 ] apache
- From: security@xxxxxxxxxxxx
- Date: Wed, 09 Nov 2011 17:23:02 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:168
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apache
Date : November 9, 2011
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in apache:
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21,
when used with mod_proxy_balancer in certain configurations, allows
remote attackers to cause a denial of service (temporary error state
in the backend server) via a malformed HTTP request (CVE-2011-3348).
The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory
introduced regressions in the way httpd handled certain Range HTTP
header values.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348
https://issues.apache.org/bugzilla/show_bug.cgi?id=51878
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
efa3019014628e3c480750c1f2004a7c
2010.1/i586/apache-base-2.2.15-3.5mdv2010.2.i586.rpm
3087616095041b2a0ec35a4f07b0db39
2010.1/i586/apache-devel-2.2.15-3.5mdv2010.2.i586.rpm
f64f79810c740c6ea48a62b6efaa2e57
2010.1/i586/apache-htcacheclean-2.2.15-3.5mdv2010.2.i586.rpm
54193e742de9f3c09033686110dbcf12
2010.1/i586/apache-mod_authn_dbd-2.2.15-3.5mdv2010.2.i586.rpm
5190c0b547fdabd83f11f2c0b3c4c59c
2010.1/i586/apache-mod_cache-2.2.15-3.5mdv2010.2.i586.rpm
797c23a6d7bd773b56f12ef80e598bd3
2010.1/i586/apache-mod_dav-2.2.15-3.5mdv2010.2.i586.rpm
2489ede1721764643b2942292de4e43a
2010.1/i586/apache-mod_dbd-2.2.15-3.5mdv2010.2.i586.rpm
32132cdd5a453e1d35b34ad86756469b
2010.1/i586/apache-mod_deflate-2.2.15-3.5mdv2010.2.i586.rpm
bb94bf4569a6979b23bbf29e51172deb
2010.1/i586/apache-mod_disk_cache-2.2.15-3.5mdv2010.2.i586.rpm
c0465fd2bf450d8229c92ebd7b96e796
2010.1/i586/apache-mod_file_cache-2.2.15-3.5mdv2010.2.i586.rpm
8fe0536c0567db805b18eee9b6fbae4c
2010.1/i586/apache-mod_ldap-2.2.15-3.5mdv2010.2.i586.rpm
f9f7679d70d4c06573737e401c9efa56
2010.1/i586/apache-mod_mem_cache-2.2.15-3.5mdv2010.2.i586.rpm
bb61c23cadc265c1182e4d08beaf6834
2010.1/i586/apache-mod_proxy-2.2.15-3.5mdv2010.2.i586.rpm
724885ee3820d7b0ae7c20a188fb8c54
2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.5mdv2010.2.i586.rpm
2582960ff8ed44b516dba77a8ca3f79e
2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.5mdv2010.2.i586.rpm
54829077b157f55baa47bcb05769c039
2010.1/i586/apache-mod_reqtimeout-2.2.15-3.5mdv2010.2.i586.rpm
2e977bb1f6a182a2c70912167265ce50
2010.1/i586/apache-mod_ssl-2.2.15-3.5mdv2010.2.i586.rpm
a5bf2b114ee2d72336adce28811c3037
2010.1/i586/apache-modules-2.2.15-3.5mdv2010.2.i586.rpm
83b2206a476ef960dd2267e42b2121af
2010.1/i586/apache-mod_userdir-2.2.15-3.5mdv2010.2.i586.rpm
e5c81b0d5dee76dfe644188c719208fd
2010.1/i586/apache-mpm-event-2.2.15-3.5mdv2010.2.i586.rpm
1f565927f0329db6a6dcbfc146862d7d
2010.1/i586/apache-mpm-itk-2.2.15-3.5mdv2010.2.i586.rpm
9fe74c5aa75109bd04e60278d3ce4f27
2010.1/i586/apache-mpm-peruser-2.2.15-3.5mdv2010.2.i586.rpm
3a253e811772ae2eeed3ed028bb05dec
2010.1/i586/apache-mpm-prefork-2.2.15-3.5mdv2010.2.i586.rpm
ada4b77b392aa8a5b6c283d1d3394f19
2010.1/i586/apache-mpm-worker-2.2.15-3.5mdv2010.2.i586.rpm
f777f009148573676e3bda6fa9d3472a
2010.1/i586/apache-source-2.2.15-3.5mdv2010.2.i586.rpm
30b49a94b9485639515c5323a58a87b2
2010.1/SRPMS/apache-2.2.15-3.5mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
904ac3e39e1544ac03201c638f272461
2010.1/x86_64/apache-base-2.2.15-3.5mdv2010.2.x86_64.rpm
48164409c194bc836764f105d332b9b2
2010.1/x86_64/apache-devel-2.2.15-3.5mdv2010.2.x86_64.rpm
7f9ba9d3b24e352fd9c6dbb770d1c0e2
2010.1/x86_64/apache-htcacheclean-2.2.15-3.5mdv2010.2.x86_64.rpm
bfc5629f34ceec77cc9f63cbacedec8b
2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.5mdv2010.2.x86_64.rpm
e4f47be08c6bf1e1e12f8f8263014238
2010.1/x86_64/apache-mod_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
01f8ba996efc43df6e94cf3ba7b960ee
2010.1/x86_64/apache-mod_dav-2.2.15-3.5mdv2010.2.x86_64.rpm
07b4081d62a107a075f1b2e13a505496
2010.1/x86_64/apache-mod_dbd-2.2.15-3.5mdv2010.2.x86_64.rpm
42dc96e272815486f57db1fc5b5006c3
2010.1/x86_64/apache-mod_deflate-2.2.15-3.5mdv2010.2.x86_64.rpm
5ab4bcddcd345aee9938a53f8c66f652
2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
8bc139a4c4ce0381292885d35e0dc9a8
2010.1/x86_64/apache-mod_file_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
d7add6101b8b2393c9e16bbe4570e474
2010.1/x86_64/apache-mod_ldap-2.2.15-3.5mdv2010.2.x86_64.rpm
4276d115ba3061e90c55b3614fc094e9
2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
f12d0cfb139cfe7b46b2a6d6d0dbea74
2010.1/x86_64/apache-mod_proxy-2.2.15-3.5mdv2010.2.x86_64.rpm
527aa8011d33407b6e7419f51b1ba1f4
2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.5mdv2010.2.x86_64.rpm
4b4fbeb9ae7243582d7a6d0f702c2f22
2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.5mdv2010.2.x86_64.rpm
fc812b63a2078aa8ee8cd6bbee447589
2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.5mdv2010.2.x86_64.rpm
5b13aaae983d8d37ade193afe05f97d0
2010.1/x86_64/apache-mod_ssl-2.2.15-3.5mdv2010.2.x86_64.rpm
c00c4fd9fd7bb6179f96e65567c6197d
2010.1/x86_64/apache-modules-2.2.15-3.5mdv2010.2.x86_64.rpm
0280efe603339cea73a9989d1e216d2e
2010.1/x86_64/apache-mod_userdir-2.2.15-3.5mdv2010.2.x86_64.rpm
53d1ba40692126ce9d98110e754bdece
2010.1/x86_64/apache-mpm-event-2.2.15-3.5mdv2010.2.x86_64.rpm
74caa9e8aee48eb0506d91acd2c8075e
2010.1/x86_64/apache-mpm-itk-2.2.15-3.5mdv2010.2.x86_64.rpm
73e3ada13fe3df988d00ae0a7c31a8e4
2010.1/x86_64/apache-mpm-peruser-2.2.15-3.5mdv2010.2.x86_64.rpm
81ab4347551eb3c860b01985e614e309
2010.1/x86_64/apache-mpm-prefork-2.2.15-3.5mdv2010.2.x86_64.rpm
16164f1d9cbaf6e4d80874ef53a8b6fa
2010.1/x86_64/apache-mpm-worker-2.2.15-3.5mdv2010.2.x86_64.rpm
990b96231afbdc851ff03ccbb0e1203d
2010.1/x86_64/apache-source-2.2.15-3.5mdv2010.2.x86_64.rpm
30b49a94b9485639515c5323a58a87b2
2010.1/SRPMS/apache-2.2.15-3.5mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
000a1b64448acad341d2bead5a7b2b40
mes5/i586/apache-base-2.2.9-12.14mdvmes5.2.i586.rpm
4c904a9851b0a6b54c936952e21d4f9a
mes5/i586/apache-devel-2.2.9-12.14mdvmes5.2.i586.rpm
f8772da8100473cdb73c580764a052ff
mes5/i586/apache-htcacheclean-2.2.9-12.14mdvmes5.2.i586.rpm
df5ff9f23abbf7bfdfe3290dd229fa3c
mes5/i586/apache-mod_authn_dbd-2.2.9-12.14mdvmes5.2.i586.rpm
495e3856b6a6c6deed0879a74ff96e91
mes5/i586/apache-mod_cache-2.2.9-12.14mdvmes5.2.i586.rpm
19bf954e5808bb55904eb15e0da83eaa
mes5/i586/apache-mod_dav-2.2.9-12.14mdvmes5.2.i586.rpm
69b7ed150f649056ca9ed5c8dbb69ab9
mes5/i586/apache-mod_dbd-2.2.9-12.14mdvmes5.2.i586.rpm
e0ef096233b8ab089944bd97a636d984
mes5/i586/apache-mod_deflate-2.2.9-12.14mdvmes5.2.i586.rpm
ba8efbb0753f0c4b9e0542714c0dc38d
mes5/i586/apache-mod_disk_cache-2.2.9-12.14mdvmes5.2.i586.rpm
778ee556b1cccf580aafe55104718ced
mes5/i586/apache-mod_file_cache-2.2.9-12.14mdvmes5.2.i586.rpm
7e779a0c3ab9bf94a0f07a37b5a1ad76
mes5/i586/apache-mod_ldap-2.2.9-12.14mdvmes5.2.i586.rpm
f1a30b1609adfd75a1d1aa81145cc2b1
mes5/i586/apache-mod_mem_cache-2.2.9-12.14mdvmes5.2.i586.rpm
fe9fcfd8ca9b7129de9535aee2917f3f
mes5/i586/apache-mod_proxy-2.2.9-12.14mdvmes5.2.i586.rpm
95943de5218e180dcdc4088e5757f6db
mes5/i586/apache-mod_proxy_ajp-2.2.9-12.14mdvmes5.2.i586.rpm
318c98c15a80c6f54b5eafcb0f35c3dd
mes5/i586/apache-mod_ssl-2.2.9-12.14mdvmes5.2.i586.rpm
a4d215acc80c76d8fa7296a1a9e71e66
mes5/i586/apache-modules-2.2.9-12.14mdvmes5.2.i586.rpm
6dd522fae06c5b507125966862f3baeb
mes5/i586/apache-mod_userdir-2.2.9-12.14mdvmes5.2.i586.rpm
f142012531d29a89eb26bdf94fed9e77
mes5/i586/apache-mpm-event-2.2.9-12.14mdvmes5.2.i586.rpm
12f441381a02a93615f570de2984296d
mes5/i586/apache-mpm-itk-2.2.9-12.14mdvmes5.2.i586.rpm
e6fe55d8db2ea5fb88ea1b39f76b0bdb
mes5/i586/apache-mpm-peruser-2.2.9-12.14mdvmes5.2.i586.rpm
74ba90b3e16d7dc1bf44f28e83666086
mes5/i586/apache-mpm-prefork-2.2.9-12.14mdvmes5.2.i586.rpm
89059e7700f61272a5a1bed0a5aa9854
mes5/i586/apache-mpm-worker-2.2.9-12.14mdvmes5.2.i586.rpm
dceffe55d15d99932e04cf2b1f8f12c3
mes5/i586/apache-source-2.2.9-12.14mdvmes5.2.i586.rpm
1803c43f9aaa75ba96abb9b82b3f9cfd
mes5/SRPMS/apache-2.2.9-12.14mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
050aa909a942ddf054f913066552fbcc
mes5/x86_64/apache-base-2.2.9-12.14mdvmes5.2.x86_64.rpm
2d9fa3f4003f8577fc372493a216ff4a
mes5/x86_64/apache-devel-2.2.9-12.14mdvmes5.2.x86_64.rpm
68305995effc2bd9a1cc6c234da9ce88
mes5/x86_64/apache-htcacheclean-2.2.9-12.14mdvmes5.2.x86_64.rpm
895e327ff7b75ba1489904c7f50c9219
mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.14mdvmes5.2.x86_64.rpm
92f1a4e37e02079b707844c119f396cf
mes5/x86_64/apache-mod_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
61c1d304dd3fc85717d1fdc74c62402a
mes5/x86_64/apache-mod_dav-2.2.9-12.14mdvmes5.2.x86_64.rpm
b4f161ec2d9745ea40e6be83ec670ad4
mes5/x86_64/apache-mod_dbd-2.2.9-12.14mdvmes5.2.x86_64.rpm
b3dd2d1cd1d3a4236c022254e7f5dae5
mes5/x86_64/apache-mod_deflate-2.2.9-12.14mdvmes5.2.x86_64.rpm
6992b43e842ff1a77132c1667204a1f1
mes5/x86_64/apache-mod_disk_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
68885f5adf906884bfede7be9b98c0de
mes5/x86_64/apache-mod_file_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
38152f4ed136292e725f0cac2a836a23
mes5/x86_64/apache-mod_ldap-2.2.9-12.14mdvmes5.2.x86_64.rpm
d4e4ab43908f41d33106e069e85e19f0
mes5/x86_64/apache-mod_mem_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
4c54f275dd6dc1f4ef56c0fa26f1f262
mes5/x86_64/apache-mod_proxy-2.2.9-12.14mdvmes5.2.x86_64.rpm
ab35ab1aedb6b0fe30143af8ebb1c51b
mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.14mdvmes5.2.x86_64.rpm
86d6ca8156a2ec224dd2c8f064bfa685
mes5/x86_64/apache-mod_ssl-2.2.9-12.14mdvmes5.2.x86_64.rpm
f0771cbbcad7bbbbb230ba17b49a00ec
mes5/x86_64/apache-modules-2.2.9-12.14mdvmes5.2.x86_64.rpm
9d6ed0960614673c4085a2d9a90876b9
mes5/x86_64/apache-mod_userdir-2.2.9-12.14mdvmes5.2.x86_64.rpm
2dfc496e8aea977d133823ccbb72f754
mes5/x86_64/apache-mpm-event-2.2.9-12.14mdvmes5.2.x86_64.rpm
f1a306cc23d666161058585337e598e6
mes5/x86_64/apache-mpm-itk-2.2.9-12.14mdvmes5.2.x86_64.rpm
ede25d1a607e03b8e65b3ecb46fd7b2b
mes5/x86_64/apache-mpm-peruser-2.2.9-12.14mdvmes5.2.x86_64.rpm
67c5a299b3ed4c15341a54cbbc06a2bc
mes5/x86_64/apache-mpm-prefork-2.2.9-12.14mdvmes5.2.x86_64.rpm
abd16d61836ee16d267d3cf29c68bdbf
mes5/x86_64/apache-mpm-worker-2.2.9-12.14mdvmes5.2.x86_64.rpm
07dcbb776ca1b4261aa945b9daed5c3c
mes5/x86_64/apache-source-2.2.9-12.14mdvmes5.2.x86_64.rpm
1803c43f9aaa75ba96abb9b82b3f9cfd
mes5/SRPMS/apache-2.2.9-12.14mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOuoyXmqjQ0CJFipgRAnR9AKCyVUZGycLkHzYaojJWEYZEDJHEFgCfU3oa
SBbMFvjmZIC1PWkEhcd2oiU=
=HxW0
-----END PGP SIGNATURE-----