Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:237 ] apache2

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1228428613-14940-5156

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:237

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : apache2

Date : December 4, 2008

Affected: Corporate 3.0, Multi Network Firewall 2.0

_______________________________________________________________________

 

Problem Description:

 

A vulnerability was discovered in the mod_proxy module in Apache where

it did not limit the number of forwarded interim responses, allowing

remote HTTP servers to cause a denial of service (memory consumption)

via a large number of interim responses (CVE-2008-2364).

 

This update also provides HTTP/1.1 compliance fixes.

 

The updated packages have been patched to prevent this issue.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364

_______________________________________________________________________

 

Updated Packages:

 

Corporate 3.0:

532973a116bcdf63ed72042b819b59cc corporate/3.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm

e2913623f1876d02e426bbca997f3435 corporate/3.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm

2e583f46edd8e83d8071e1912fbcced6 corporate/3.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm

83b6d9adea62a2c186f2acfb7372a8f0 corporate/3.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm

f797d9dd78f6a75328f3156f4d97de54 corporate/3.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm

1e13b9cf9ed69f69f1700d89e7b0a625 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm

eeacd8fa60a510fe23a949303aefa934 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm

12978be0a831fb2164e8663e0aa96c16 corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm

ff7133c4d2f3a18d5ca86398b6a3b482 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm

de43091c378ef1b0a465f409d4198c7d corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm

2a884bf3c648fe6e45bd1858e7ac8fca corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm

435c1058b34b3e5603e8502315d3f1be corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm

5a54d1929057b311ab83863fcfc6785b corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm

37bb90e385c1571579d604120cd1c1d4 corporate/3.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm

377a8d1250fb1276e0c52fe89b63775a corporate/3.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm

2c6db35de4997018b043181957072182 corporate/3.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm

30da5c4069b7b8ea5b3bb13734ca0058 corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

43cb9996c4ad55ead2a2bba2a618b939 corporate/3.0/x86_64/apache2-2.0.48-6.19.C30mdk.x86_64.rpm

898f1420c5fe218c748281c238da9d00 corporate/3.0/x86_64/apache2-common-2.0.48-6.19.C30mdk.x86_64.rpm

b7ca472734ea5776cfecf1dd2315f71d corporate/3.0/x86_64/apache2-devel-2.0.48-6.19.C30mdk.x86_64.rpm

8ebd24059163cd8f8e22eb0203682e41 corporate/3.0/x86_64/apache2-manual-2.0.48-6.19.C30mdk.x86_64.rpm

ac6f64c5aabbf463be38023dfb2e30e0 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.19.C30mdk.x86_64.rpm

2e66000edd688d563645ecf526724899 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.19.C30mdk.x86_64.rpm

d82ba16ad19ebfbb412f033537fe7dfb corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.19.C30mdk.x86_64.rpm

e83174382435df2220f7563545543342 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.x86_64.rpm

af5d024a4cff0c216d0c02dcbe08ab83 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.19.C30mdk.x86_64.rpm

b6a74826d456381f9c3807d7cdaef8ff corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.19.C30mdk.x86_64.rpm

3e0c99c91a186db1650ab277fb266ddf corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.x86_64.rpm

5bcf1224653b851df20d07d6fbb248b6 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.19.C30mdk.x86_64.rpm

c07af351ea84b7d8a0b0de879c9aad2e corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.19.C30mdk.x86_64.rpm

fa40774c92468aa0080979674ff473c5 corporate/3.0/x86_64/apache2-modules-2.0.48-6.19.C30mdk.x86_64.rpm

a387e498b01b876ee31066aa3a73970a corporate/3.0/x86_64/apache2-source-2.0.48-6.19.C30mdk.x86_64.rpm

659d44dc9615de5b556d35425d628bf7 corporate/3.0/x86_64/lib64apr0-2.0.48-6.19.C30mdk.x86_64.rpm

30da5c4069b7b8ea5b3bb13734ca0058 corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm

 

Multi Network Firewall 2.0:

93eef0301be074129e8c8f67381c09ad mnf/2.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm

0dd927e4efb8dc43f2168227d22c1407 mnf/2.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm

366c8a236e33babca8447b3c3f926c83 mnf/2.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm

73490cae06d07885512ff28fb24c1d6c mnf/2.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm

8bf01fed207bf8ae9c265be3d3f0e0f5 mnf/2.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm

b06f622b9c96bfa10cdc4d2067e5826f mnf/2.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm

c5600da4764bcb84733c16034871ced1 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm

cccdb0578c7443e46154a8f64b78a86b mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm

67fb4bcf03bef82c78fb42ec3de85b55 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm

20cb9f0132cd5181f6cff7699373d488 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm

1f0f71765b82dd9086c99a2ec98ce458 mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm

26d8d7db3f8a8ed9dd22add69cc908cd mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm

538e1d3b6eab0b6770de516d9c6e59e4 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm

82674d6c664adb4e9a8539703ee113d7 mnf/2.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm

d1dc24f4698a7cef16c292ba19302ca1 mnf/2.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm

b83a8c4eda842c3e358d16d22febbe80 mnf/2.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm

5ff603859246c39086f9b6ad300f97c6 mnf/2.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJOCuNmqjQ0CJFipgRAt+pAKDO9fruRTCR1580NTYdYmnky057aACdFVGo

NmJlapeQ2vPQcDIjsktx95s=

=5zLR

-----END PGP SIGNATURE-----

 

 

------------=_1228428613-14940-5156

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1228428613-14940-5156--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×