Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:194 ] apache2

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1221342039-11275-9193

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:194

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : apache2

Date : September 13, 2008

Affected: Corporate 3.0, Multi Network Firewall 2.0

_______________________________________________________________________

 

Problem Description:

 

A cross-site scripting vulnerability was found in the mod_proxy_ftp

module in Apache that allowed remote attackers to inject arbitrary

web script or HTML via wildcards in a pathname in an FTP URI

(CVE-2008-2939).

 

The updated packages have been patched to prevent these issues.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939

_______________________________________________________________________

 

Updated Packages:

 

Corporate 3.0:

cb99d8d30c755c2263624e64a238c97b corporate/3.0/i586/apache2-2.0.48-6.18.C30mdk.i586.rpm

0a6626ff589e99899aea1cb6ba2bb568 corporate/3.0/i586/apache2-common-2.0.48-6.18.C30mdk.i586.rpm

e1a2c5e55038bb1aacf3cef6bbb8fab0 corporate/3.0/i586/apache2-devel-2.0.48-6.18.C30mdk.i586.rpm

b2d0e0bc451473385825fc2388026ae4 corporate/3.0/i586/apache2-manual-2.0.48-6.18.C30mdk.i586.rpm

d78741b6fcab8f07976960b105e02bfe corporate/3.0/i586/apache2-mod_cache-2.0.48-6.18.C30mdk.i586.rpm

290b0f2bca9765f895cdb3a876b122eb corporate/3.0/i586/apache2-mod_dav-2.0.48-6.18.C30mdk.i586.rpm

62565a3e6a93e65aad4d51806a457ed0 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.18.C30mdk.i586.rpm

e33734d21a417e096b80134a228a8907 corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.i586.rpm

14841928e53e8f2133d26707f073cf5a corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.18.C30mdk.i586.rpm

695859dc62af2282917471ba5564efd5 corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.18.C30mdk.i586.rpm

8e0f0388b7e995a622b0b1c055d20167 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.i586.rpm

f798de71bbc16988699156be21fb22cc corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.18.C30mdk.i586.rpm

90d80910a1dad80b21f76234983c4648 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.18.C30mdk.i586.rpm

b294270cd780a9908db877daeaab7fd0 corporate/3.0/i586/apache2-modules-2.0.48-6.18.C30mdk.i586.rpm

16f0e826993f524fb0e14744513cd6bd corporate/3.0/i586/apache2-source-2.0.48-6.18.C30mdk.i586.rpm

7d2e73a5d629b9c8ca467303dc35c041 corporate/3.0/i586/libapr0-2.0.48-6.18.C30mdk.i586.rpm

0e474bcf2388dfa4e9b8eec44af8613a corporate/3.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

839d73dc124b3effbc26badb04390bd5 corporate/3.0/x86_64/apache2-2.0.48-6.18.C30mdk.x86_64.rpm

b68fc8aad0b43452f922833f0195b080 corporate/3.0/x86_64/apache2-common-2.0.48-6.18.C30mdk.x86_64.rpm

74a1af859a3251b4c3a2922367516c1f corporate/3.0/x86_64/apache2-devel-2.0.48-6.18.C30mdk.x86_64.rpm

4e15a214cfc255906f417af5d51f269a corporate/3.0/x86_64/apache2-manual-2.0.48-6.18.C30mdk.x86_64.rpm

0fe9472b70e6dd39fc737f88d887fe00 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.18.C30mdk.x86_64.rpm

24517b150a1de83c3b83166a1956c7ab corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.18.C30mdk.x86_64.rpm

a6e7688aa8659163a7931a85fc431cdf corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.18.C30mdk.x86_64.rpm

85bd4c5ecce52d0de6a36dd8614c4f26 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.x86_64.rpm

b642855a2edf425463a70cfc5c529114 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.18.C30mdk.x86_64.rpm

5efb348be022e755dc3b96c35e918b7d corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.18.C30mdk.x86_64.rpm

def1cb6a2ee3f4341dd39fd1d007f882 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.x86_64.rpm

fcfd2805b8db60cb457b3c895777a916 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.18.C30mdk.x86_64.rpm

073d91c0d9777658e962014440701ef6 corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.18.C30mdk.x86_64.rpm

ee0bf865aee32c3b1f8eff7d0096e475 corporate/3.0/x86_64/apache2-modules-2.0.48-6.18.C30mdk.x86_64.rpm

6733a938a7d2db502fc06db65743ddc3 corporate/3.0/x86_64/apache2-source-2.0.48-6.18.C30mdk.x86_64.rpm

2b7d2fb2c34fefafff86bde620eca69d corporate/3.0/x86_64/lib64apr0-2.0.48-6.18.C30mdk.x86_64.rpm

0e474bcf2388dfa4e9b8eec44af8613a corporate/3.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm

 

Multi Network Firewall 2.0:

0767fe397bd9e35301bbb89c38f670ce mnf/2.0/i586/apache2-2.0.48-6.18.C30mdk.i586.rpm

738b0e7514d1e69cc01bc4ebfc191b6f mnf/2.0/i586/apache2-common-2.0.48-6.18.C30mdk.i586.rpm

ddff71afd9d60987ec952f411c017a3a mnf/2.0/i586/apache2-devel-2.0.48-6.18.C30mdk.i586.rpm

2d22c245ef43e13e7fdc62e91a43dc6c mnf/2.0/i586/apache2-manual-2.0.48-6.18.C30mdk.i586.rpm

0d2484f67a8524c40ce8c747bf5902db mnf/2.0/i586/apache2-mod_cache-2.0.48-6.18.C30mdk.i586.rpm

c355dabc05d922129aa7af76fc6fa350 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.18.C30mdk.i586.rpm

624a8f0e66f8536c31d1dda8e48bc790 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.18.C30mdk.i586.rpm

8e8e3da47f17ead30794a37b64e0018a mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.i586.rpm

66c58438edb5928ce3cddcab4f870fdd mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.18.C30mdk.i586.rpm

1c3738bd489905b7e9cea22af4693ab9 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.18.C30mdk.i586.rpm

7d49a07cfa1f06297e64fd60e640c3af mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.i586.rpm

4d4123c3751e6ad0a87b9a7e4683b34e mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.18.C30mdk.i586.rpm

740418f2f1a03bb5588603a2fb3f72db mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.18.C30mdk.i586.rpm

33cd3e8bdab33eeb9a8bc1d5dcf87831 mnf/2.0/i586/apache2-modules-2.0.48-6.18.C30mdk.i586.rpm

adad509aeb921896619eff3208e62ca8 mnf/2.0/i586/apache2-source-2.0.48-6.18.C30mdk.i586.rpm

a9703ad89a3b53677ccc2c4f90aae9bf mnf/2.0/i586/libapr0-2.0.48-6.18.C30mdk.i586.rpm

3e93f31336660bfc08664cb01436559d mnf/2.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFIzAh9mqjQ0CJFipgRAvjBAJ9W89EjJMDlaapWkHsLCSFdT2NMJwCfV5u+

5FopksLe1/tYWDe+lrD0sPY=

=SZ7O

-----END PGP SIGNATURE-----

 

 

------------=_1221342039-11275-9193

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1221342039-11275-9193--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×