LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated apache2 packages fix vulnerability in worker MPM Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A memory leak in the worker MPM in Apache 2 could allow remote attackers to cause a Denial of Service (memory consumption) via aborted commands in certain circumstances, which prevents the memory for the transaction pool from being reused for other connections.

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:233
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : apache2
 Date    : December 19, 2005
 Affected: 10.1, 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 A memory leak in the worker MPM in Apache 2 could allow remote
 attackers to cause a Denial of Service (memory consumption) via
 aborted commands in certain circumstances, which prevents the
 memory for the transaction pool from being reused for other
 connections.
 
 As well, this update addresses two bugs in the Mandriva 2006 Apache
 packges where apachectl was missing and also a segfault that occured
 when using the mod_ldap module.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2970
 http://qa.mandriva.com/show_bug.cgi?id=18764
 http://qa.mandriva.com/show_bug.cgi?id=20039
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 2bd9be4b3efe255f4db55fce501d15a8  10.1/RPMS/apache2-2.0.50-7.5.101mdk.i586.rpm
 cb9bdc9ef96ce17340128d43b2a00cf0  10.1/RPMS/apache2-common-2.0.50-7.5.101mdk.i586.rpm
 aa201695e4c76d17f9a533ad7809660d  10.1/RPMS/apache2-devel-2.0.50-7.5.101mdk.i586.rpm
 6e494c490870ed813cbf5b03092a0ed5  10.1/RPMS/apache2-manual-2.0.50-7.5.101mdk.i586.rpm
 af3f760be31e9cdcc606a359e0994260  10.1/RPMS/apache2-mod_cache-2.0.50-7.5.101mdk.i586.rpm
 6496ac5d42657d967a585dd5244a3138  10.1/RPMS/apache2-mod_dav-2.0.50-7.5.101mdk.i586.rpm
 f510bd2caadb07420720ac14aa9e7ba5  10.1/RPMS/apache2-mod_deflate-2.0.50-7.5.101mdk.i586.rpm
 51504aa311d28f43ae72d699d56cf2d0  10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.5.101mdk.i586.rpm
 7acd176a42ce0f5251e8b1f380fdfe63  10.1/RPMS/apache2-mod_file_cache-2.0.50-7.5.101mdk.i586.rpm
 b359fc952ebdc85f7aa8536a644821b9  10.1/RPMS/apache2-mod_ldap-2.0.50-7.5.101mdk.i586.rpm
 19b66959762b0b4f5a2ad27741e27d16  10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.5.101mdk.i586.rpm
 d12b0ef4e3c8a84d5eb11a7f07d14cca  10.1/RPMS/apache2-mod_proxy-2.0.50-7.5.101mdk.i586.rpm
 6705ee3928a58246748d84173c6fa4ce  10.1/RPMS/apache2-modules-2.0.50-7.5.101mdk.i586.rpm
 8db8adeabe3dd1f50ff6eb583e502c5f  10.1/RPMS/apache2-source-2.0.50-7.5.101mdk.i586.rpm
 00c648dff79ae63e37240c5445462a46  10.1/RPMS/apache2-worker-2.0.50-7.5.101mdk.i586.rpm
 14bbad2d7310bc36ba4a70eed392916f  10.1/SRPMS/apache2-2.0.50-7.5.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 1107fed88c85911bb749b6d579eb18a2  x86_64/10.1/RPMS/apache2-2.0.50-7.5.101mdk.x86_64.rpm
 5ff4eb580bb7de3c3ac39ef78cc549b0  x86_64/10.1/RPMS/apache2-common-2.0.50-7.5.101mdk.x86_64.rpm
 fcb64e228bb9dc32fae9c12c0cf82e0a  x86_64/10.1/RPMS/apache2-devel-2.0.50-7.5.101mdk.x86_64.rpm
 5ee31fe2edc48dfe481e6927656fdb73  x86_64/10.1/RPMS/apache2-manual-2.0.50-7.5.101mdk.x86_64.rpm
 efee4460197fdce90ceba72e97b0d429  x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.5.101mdk.x86_64.rpm
 217cd580c01d18e28923dbefbd8956d1  x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.5.101mdk.x86_64.rpm
 64c018efd41b3b9265ef73a9589551b8  x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.5.101mdk.x86_64.rpm
 e4bdf02a516b061b6f783d6be5ad6484  x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.5.101mdk.x86_64.rpm
 eb8843b6a5da24a283e56add50fe5ff6  x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.5.101mdk.x86_64.rpm
 a70b84f0f6e916eb3d72474fac8054c0  x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.5.101mdk.x86_64.rpm
 723fe53862f96148b00bb9eb49eac03f  x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.5.101mdk.x86_64.rpm
 bf6c31bd761c55ba63118aa0ed097430  x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.5.101mdk.x86_64.rpm
 302e2e4e747f543e70f240415a1dc249  x86_64/10.1/RPMS/apache2-modules-2.0.50-7.5.101mdk.x86_64.rpm
 cc67b2591839741292daceb69ceebeec  x86_64/10.1/RPMS/apache2-source-2.0.50-7.5.101mdk.x86_64.rpm
 8d19a5c232217dc9d37a8a6c7e54af58  x86_64/10.1/RPMS/apache2-worker-2.0.50-7.5.101mdk.x86_64.rpm
 14bbad2d7310bc36ba4a70eed392916f  x86_64/10.1/SRPMS/apache2-2.0.50-7.5.101mdk.src.rpm

 Mandriva Linux 10.2:
 7a717d4449621c80af6dee5d27930768  10.2/RPMS/apache2-2.0.53-9.3.102mdk.i586.rpm
 183860d6f66c54c83f1775b633740aae  10.2/RPMS/apache2-common-2.0.53-9.3.102mdk.i586.rpm
 f0a72c6c2149adc594509306e023ed5d  10.2/RPMS/apache2-devel-2.0.53-9.3.102mdk.i586.rpm
 a061470d1ed5a2138ecaff29c5c6886d  10.2/RPMS/apache2-manual-2.0.53-9.3.102mdk.i586.rpm
 bc74e9cc29cb7e23a1fe65bb0ed3920f  10.2/RPMS/apache2-mod_cache-2.0.53-9.3.102mdk.i586.rpm
 cd12164f2469ba93a5d2b12580fe649c  10.2/RPMS/apache2-mod_dav-2.0.53-9.3.102mdk.i586.rpm
 a60dd49e55ebe94555f32565daf7afd5  10.2/RPMS/apache2-mod_deflate-2.0.53-9.3.102mdk.i586.rpm
 a9879d4626cc9caff65b07a80eba98df  10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.3.102mdk.i586.rpm
 735d990fc88f84c0909cfad79a8bff81  10.2/RPMS/apache2-mod_file_cache-2.0.53-9.3.102mdk.i586.rpm
 f21bd7e0044a979f6fdda069a3b6d249  10.2/RPMS/apache2-mod_ldap-2.0.53-9.3.102mdk.i586.rpm
 17100953c39108c5e2fdd717424fc037  10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.3.102mdk.i586.rpm
 a13025b3c7c172f2ff6e7a5dd2c08b7e  10.2/RPMS/apache2-mod_proxy-2.0.53-9.3.102mdk.i586.rpm
 941683647c0c5fb7b4bc75bf31a21bd1  10.2/RPMS/apache2-modules-2.0.53-9.3.102mdk.i586.rpm
 2b27d3bc4b7a7f64f46ce188942a48e7  10.2/RPMS/apache2-peruser-2.0.53-9.3.102mdk.i586.rpm
 627a8f20409c88205cf986a06aabd619  10.2/RPMS/apache2-source-2.0.53-9.3.102mdk.i586.rpm
 040f062644ea9b4e3b1911c3a3c86bf1  10.2/RPMS/apache2-worker-2.0.53-9.3.102mdk.i586.rpm
 9394a8045e4b30ab718f12af30a6419c  10.2/SRPMS/apache2-2.0.53-9.3.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 8adf3cec1469b1438fc1bcc39617f44c  x86_64/10.2/RPMS/apache2-2.0.53-9.3.102mdk.x86_64.rpm
 5f76fa8d3861639458c81c69871c5f9b  x86_64/10.2/RPMS/apache2-common-2.0.53-9.3.102mdk.x86_64.rpm
 50a6a93d1253149ad9e806374b4504c3  x86_64/10.2/RPMS/apache2-devel-2.0.53-9.3.102mdk.x86_64.rpm
 c8cd7c7e195c437bccf42a9f258fdf8f  x86_64/10.2/RPMS/apache2-manual-2.0.53-9.3.102mdk.x86_64.rpm
 0823b168372f197fa6999a9e2d05de3f  x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.3.102mdk.x86_64.rpm
 05860b6902213d4d79176d04b63dd3be  x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.3.102mdk.x86_64.rpm
 24c72e1292c058019800339127e635e4  x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.3.102mdk.x86_64.rpm
 3045bf69ece21ca53190cdb406c666bf  x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.3.102mdk.x86_64.rpm
 6aa53566606b45d996eb1971beb3e99d  x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.3.102mdk.x86_64.rpm
 c3546e238ad287b54c48fe3511cbe2c9  x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.3.102mdk.x86_64.rpm
 65425eab43d9d73bbcb74415681131bf  x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.3.102mdk.x86_64.rpm
 83d77981adab93bcb0ac9dc7710411e9  x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.3.102mdk.x86_64.rpm
 fd9aeb855cf55bb3dad084d961a0b464  x86_64/10.2/RPMS/apache2-modules-2.0.53-9.3.102mdk.x86_64.rpm
 5d35f5d27d79cbcedf7364145934ab4c  x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.3.102mdk.x86_64.rpm
 616167bc2777e66515bb2ab97b2120e1  x86_64/10.2/RPMS/apache2-source-2.0.53-9.3.102mdk.x86_64.rpm
 0f0818c4e0aa253243bf4ed75bb262ee  x86_64/10.2/RPMS/apache2-worker-2.0.53-9.3.102mdk.x86_64.rpm
 9394a8045e4b30ab718f12af30a6419c  x86_64/10.2/SRPMS/apache2-2.0.53-9.3.102mdk.src.rpm

 Mandriva Linux 2006.0:
 8c2e56237762ca2b920a1a55d7420016  2006.0/RPMS/apache-base-2.0.54-13.1.20060mdk.i586.rpm
 1d9a5e33955305d489df97ab89ef52aa  2006.0/RPMS/apache-devel-2.0.54-13.1.20060mdk.i586.rpm
 8d9f566878a21e83c27ad01cc379f338  2006.0/RPMS/apache-mod_cache-2.0.54-13.1.20060mdk.i586.rpm
 1f94fcf8699c61a32d4398bf1eb276e1  2006.0/RPMS/apache-mod_dav-2.0.54-13.1.20060mdk.i586.rpm
 d4de68206b8d739a2c05a0b6128b9e31  2006.0/RPMS/apache-mod_deflate-2.0.54-13.1.20060mdk.i586.rpm
 35cbfea9284dcbdf80b3290b3ba9bdc1  2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.1.20060mdk.i586.rpm
 c2f06b3fc1ef1997ad07ae5ab250b8ec  2006.0/RPMS/apache-mod_file_cache-2.0.54-13.1.20060mdk.i586.rpm
 8adc73861339e6fce0cab039f3290f10  2006.0/RPMS/apache-mod_ldap-2.0.54-13.1.20060mdk.i586.rpm
 07674c7c5b7a8c47ec660715983b89f5  2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.1.20060mdk.i586.rpm
 179068c127a2cf35994db139effd5aff  2006.0/RPMS/apache-mod_proxy-2.0.54-13.1.20060mdk.i586.rpm
 3f93fa86ad996d390c3f71335f62e2f2  2006.0/RPMS/apache-modules-2.0.54-13.1.20060mdk.i586.rpm
 743f286293b9dcd07882daebd03b5df5  2006.0/RPMS/apache-mod_userdir-2.0.54-13.1.20060mdk.i586.rpm
 efcd010c193e3f60582a2ae63afd95ef  2006.0/RPMS/apache-mpm-peruser-2.0.54-13.1.20060mdk.i586.rpm
 bfb03e006eedc7b1e0910f9807ce7392  2006.0/RPMS/apache-mpm-prefork-2.0.54-13.1.20060mdk.i586.rpm
 ca840aa1b0f0f347ed30536b45eb34a9  2006.0/RPMS/apache-mpm-worker-2.0.54-13.1.20060mdk.i586.rpm
 63f8c448522bc1c0ae892bb02eecbb7e  2006.0/RPMS/apache-source-2.0.54-13.1.20060mdk.i586.rpm
 b74ea800182ad60fd8f8ae092d7b3964  2006.0/SRPMS/apache-2.0.54-13.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 17ee0266edad70b1539a76cc54b427bf  x86_64/2006.0/RPMS/apache-base-2.0.54-13.1.20060mdk.x86_64.rpm
 1137d500824c067c57599a8f3fbeebb1  x86_64/2006.0/RPMS/apache-devel-2.0.54-13.1.20060mdk.x86_64.rpm
 adf8be47f522c8b1dc54ac65dc5093db  x86_64/2006.0/RPMS/apache-mod_cache-2.0.54-13.1.20060mdk.x86_64.rpm
 40abf9129488584b3f5a8ef640c24e25  x86_64/2006.0/RPMS/apache-mod_dav-2.0.54-13.1.20060mdk.x86_64.rpm
 76e319bbd6ee24e26e7e6ff6c320a117  x86_64/2006.0/RPMS/apache-mod_deflate-2.0.54-13.1.20060mdk.x86_64.rpm
 3883e6d6e7eb1a5d2b78fde6cc518e77  x86_64/2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.1.20060mdk.x86_64.rpm
 6fb0017dd601263cccc1fbba206fff1e  x86_64/2006.0/RPMS/apache-mod_file_cache-2.0.54-13.1.20060mdk.x86_64.rpm
 88896435cd517befcd3bdf204bf252cc  x86_64/2006.0/RPMS/apache-mod_ldap-2.0.54-13.1.20060mdk.x86_64.rpm
 20103975292445f4ee9f5447541fa7d4  x86_64/2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.1.20060mdk.x86_64.rpm
 1f666354f9d874b86d2c221214acb456  x86_64/2006.0/RPMS/apache-mod_proxy-2.0.54-13.1.20060mdk.x86_64.rpm
 b14f7af9d81118e2b04d3ad7e02b28f9  x86_64/2006.0/RPMS/apache-modules-2.0.54-13.1.20060mdk.x86_64.rpm
 ff61d6d64a8b636df70484c157e25157  x86_64/2006.0/RPMS/apache-mod_userdir-2.0.54-13.1.20060mdk.x86_64.rpm
 3f7eab0128ecf4b9f6235549435ee786  x86_64/2006.0/RPMS/apache-mpm-peruser-2.0.54-13.1.20060mdk.x86_64.rpm
 bf107b37c81711c4b1d76d6fe3a33d4e  x86_64/2006.0/RPMS/apache-mpm-prefork-2.0.54-13.1.20060mdk.x86_64.rpm
 907f4bacd887c4c7da3d61f8b0bd5307  x86_64/2006.0/RPMS/apache-mpm-worker-2.0.54-13.1.20060mdk.x86_64.rpm
 0d1916804450c4d0e4bdfb72eaee2662  x86_64/2006.0/RPMS/apache-source-2.0.54-13.1.20060mdk.x86_64.rpm
 b74ea800182ad60fd8f8ae092d7b3964  x86_64/2006.0/SRPMS/apache-2.0.54-13.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
University of California, Berkeley Hacked, Data Compromised
London teen pleads guilty to Spamhaus DDoS
New England security group shares threat intelligence, strives to bolster region
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.