LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated apache2 packages fix vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A flaw was discovered in mod_imap when using the Referer directive with image maps that could be used by a remote attacker to perform a cross- site scripting attack, in certain site configurations, if a victim could be forced to visit a malicious URL using certain web browsers (CVE-2005-3352). Also, a NULL pointer dereference flaw was found in mod_ssl that affects server configurations where an SSL virtual host was configured with access controls and a custom 400 error document. This could allow a remote attacker to send a carefully crafted request to trigger the issue and cause a crash, but only with the non-default worker MPM (CVE-2005-3357). The provided packages have been patched to prevent these problems.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:007
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : apache2
 Date    : January 5, 2006
 Affected: 10.1, 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw was discovered in mod_imap when using the Referer directive with
 image maps that could be used by a remote attacker to perform a cross-
 site scripting attack, in certain site configurations, if a victim
 could be forced to visit a malicious URL using certain web browsers
 (CVE-2005-3352).
 
 Also, a NULL pointer dereference flaw was found in mod_ssl that affects
 server configurations where an SSL virtual host was configured with
 access controls and a custom 400 error document.  This could allow a
 remote attacker to send a carefully crafted request to trigger the
 issue and cause a crash, but only with the non-default worker MPM
 (CVE-2005-3357).
 
 The provided packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 99d7e03e08f46bb8d2c6246cccc7f03a  10.1/RPMS/apache2-2.0.50-7.6.101mdk.i586.rpm
 7338a879c51aad4c89484443c2b806ce  10.1/RPMS/apache2-common-2.0.50-7.6.101mdk.i586.rpm
 e016511ca52a8afe34438d8262207768  10.1/RPMS/apache2-devel-2.0.50-7.6.101mdk.i586.rpm
 bdebdafd3768e26c0d58ad1fc6cae9ff  10.1/RPMS/apache2-manual-2.0.50-7.6.101mdk.i586.rpm
 b9f4c1a36d9e89f41de503b0f8428719  10.1/RPMS/apache2-mod_cache-2.0.50-7.6.101mdk.i586.rpm
 7b6411056d388050ef4c98d3c1de3e24  10.1/RPMS/apache2-mod_dav-2.0.50-7.6.101mdk.i586.rpm
 fd87e01a054073ab1a1ef9de5bb3ac54  10.1/RPMS/apache2-mod_deflate-2.0.50-7.6.101mdk.i586.rpm
 ecf73bf07822403bbae9c453adad28b3  10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.6.101mdk.i586.rpm
 7174d7461248d61ae8294406937482f3  10.1/RPMS/apache2-mod_file_cache-2.0.50-7.6.101mdk.i586.rpm
 daa7a98f93d00a64bb0a7a52324471cd  10.1/RPMS/apache2-mod_ldap-2.0.50-7.6.101mdk.i586.rpm
 68ee307aedbe6af498d87fe112f835dc  10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.6.101mdk.i586.rpm
 610525fcf03a696c50192991d0a28c9b  10.1/RPMS/apache2-mod_proxy-2.0.50-7.6.101mdk.i586.rpm
 5a2d76582859bc52306c6f22725f2ab7  10.1/RPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.i586.rpm
 1749b95a9ad45825cb085f82144794df  10.1/RPMS/apache2-modules-2.0.50-7.6.101mdk.i586.rpm
 55a3abf1039dfb0c4d547685b3605fd4  10.1/RPMS/apache2-source-2.0.50-7.6.101mdk.i586.rpm
 e7e0c2080af16bc3215ff67a841f6323  10.1/RPMS/apache2-worker-2.0.50-7.6.101mdk.i586.rpm
 50bb5f9723f0146fe82d312f7fbeb2cf  10.1/SRPMS/apache2-2.0.50-7.6.101mdk.src.rpm
 21c1f068fe82b86e3396b37f7ec96782  10.1/SRPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 43085852f7b6e5a55e4220cbd6493b74  x86_64/10.1/RPMS/apache2-2.0.50-7.6.101mdk.x86_64.rpm
 2715904b29d6433d25f6ea35715d5484  x86_64/10.1/RPMS/apache2-common-2.0.50-7.6.101mdk.x86_64.rpm
 71828de67a3c26f4061eeebef8e6de2b  x86_64/10.1/RPMS/apache2-devel-2.0.50-7.6.101mdk.x86_64.rpm
 d37b18f9791c65466e5fafdf0287720e  x86_64/10.1/RPMS/apache2-manual-2.0.50-7.6.101mdk.x86_64.rpm
 088b8334c6efef6f17a1602be41b6045  x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.6.101mdk.x86_64.rpm
 9326eca120d7ac3e71337bad1f85fef0  x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.6.101mdk.x86_64.rpm
 36818cef250fc94d074f0fc0f2c6d8c7  x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.6.101mdk.x86_64.rpm
 63d37c81fe0b48ccd91d79e4c90dd5ec  x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.6.101mdk.x86_64.rpm
 f7daa039d6878f063ca97468d9328fa8  x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.6.101mdk.x86_64.rpm
 13e394bc675d106270fe8fca27f7acbd  x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.6.101mdk.x86_64.rpm
 8b1fd1bd22e33a25be158b7e152aba60  x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.6.101mdk.x86_64.rpm
 f88328582773c7129bf2a341d9cb88db  x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.6.101mdk.x86_64.rpm
 62170db76a317250d37884dfd07e3f1c  x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.x86_64.rpm
 eeedff56c6e4f15df683f9c98f0c7e8c  x86_64/10.1/RPMS/apache2-modules-2.0.50-7.6.101mdk.x86_64.rpm
 aedf2f9b3ab9b65889546ce8dddb7930  x86_64/10.1/RPMS/apache2-source-2.0.50-7.6.101mdk.x86_64.rpm
 99a1557b76f495547ada02c17044b472  x86_64/10.1/RPMS/apache2-worker-2.0.50-7.6.101mdk.x86_64.rpm
 50bb5f9723f0146fe82d312f7fbeb2cf  x86_64/10.1/SRPMS/apache2-2.0.50-7.6.101mdk.src.rpm
 21c1f068fe82b86e3396b37f7ec96782  x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.src.rpm

 Mandriva Linux 10.2:
 a333c0076408d381172729a3931b17a3  10.2/RPMS/apache2-2.0.53-9.4.102mdk.i586.rpm
 7e566b7644bfe3bbb1303f0e37cb628f  10.2/RPMS/apache2-common-2.0.53-9.4.102mdk.i586.rpm
 ccd22632bbf16a56a84da384b5305129  10.2/RPMS/apache2-devel-2.0.53-9.4.102mdk.i586.rpm
 70a1d15adde5528d7b0f665a3ff417fa  10.2/RPMS/apache2-manual-2.0.53-9.4.102mdk.i586.rpm
 493f14509e35e304ddac110c3cddf35e  10.2/RPMS/apache2-mod_cache-2.0.53-9.4.102mdk.i586.rpm
 794dddbfe413f7164404a2796c563af6  10.2/RPMS/apache2-mod_dav-2.0.53-9.4.102mdk.i586.rpm
 9e99b957feb9c25266783d73a6cead4e  10.2/RPMS/apache2-mod_deflate-2.0.53-9.4.102mdk.i586.rpm
 bbea1ff737de001b9e8824ade6464c66  10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.4.102mdk.i586.rpm
 df8f7bc21c3c093004af7d6e64d83353  10.2/RPMS/apache2-mod_file_cache-2.0.53-9.4.102mdk.i586.rpm
 e206646de8e097a4ddc077592eec6ac2  10.2/RPMS/apache2-mod_ldap-2.0.53-9.4.102mdk.i586.rpm
 264d47c6eaae58b7b919926571f0813b  10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.4.102mdk.i586.rpm
 5bbdc04926add1d2e0ee25cd84b08416  10.2/RPMS/apache2-mod_proxy-2.0.53-9.4.102mdk.i586.rpm
 9812f26d7fc8a7f78fadb5d8d2e4dc76  10.2/RPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.i586.rpm
 c944feb9397c469b029a047aca7fe907  10.2/RPMS/apache2-modules-2.0.53-9.4.102mdk.i586.rpm
 dc00d356dad2e8859e526b10435376e8  10.2/RPMS/apache2-peruser-2.0.53-9.4.102mdk.i586.rpm
 364990940ed6e5c3db23fc8fc1cb88e1  10.2/RPMS/apache2-source-2.0.53-9.4.102mdk.i586.rpm
 ed7da603004ed00a9c31c7b2e5740de8  10.2/RPMS/apache2-worker-2.0.53-9.4.102mdk.i586.rpm
 c27d53f234ab8c96a69c9c275c6f1f0a  10.2/SRPMS/apache2-2.0.53-9.4.102mdk.src.rpm
 2c26a3a648da8cfd2e4bde1c9bc750f0  10.2/SRPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 0fcbb0c7eb9cef2036620ed5c11fbf6f  x86_64/10.2/RPMS/apache2-2.0.53-9.4.102mdk.x86_64.rpm
 3d102f0fa1141027d29630ea6411ce5a  x86_64/10.2/RPMS/apache2-common-2.0.53-9.4.102mdk.x86_64.rpm
 ccaa8d4880ea65e7719eee95aa7b90c9  x86_64/10.2/RPMS/apache2-devel-2.0.53-9.4.102mdk.x86_64.rpm
 fafc80a0e194e93bd953dcdee0720818  x86_64/10.2/RPMS/apache2-manual-2.0.53-9.4.102mdk.x86_64.rpm
 26687c7bfe86b91b42dc07613df73fee  x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.4.102mdk.x86_64.rpm
 077b06db86a6ab2196438b15aaa31759  x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.4.102mdk.x86_64.rpm
 ae41f94f76bff884bd2486de55458baf  x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.4.102mdk.x86_64.rpm
 6a8189940aa47a10818d9bd719fcc692  x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.4.102mdk.x86_64.rpm
 6621cd9d22659033024dcdb02c7e52ba  x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.4.102mdk.x86_64.rpm
 1fb8e1694f110fd3d1c6dccf876bf41c  x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.4.102mdk.x86_64.rpm
 91d3a68b8b932631b29476a7a146abfe  x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.4.102mdk.x86_64.rpm
 adb92885445936c836bc7f13361a90a5  x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.4.102mdk.x86_64.rpm
 15e330d09dacde2f4fe20416bc7ecff4  x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.x86_64.rpm
 ee60914821883fdbca75ec50b9536929  x86_64/10.2/RPMS/apache2-modules-2.0.53-9.4.102mdk.x86_64.rpm
 67ef23ffa11a16c85677d00f92bfec5e  x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.4.102mdk.x86_64.rpm
 b0a16af065114c3a0331c7e3e992153a  x86_64/10.2/RPMS/apache2-source-2.0.53-9.4.102mdk.x86_64.rpm
 aa7123321a5aef41c57d9669fa600909  x86_64/10.2/RPMS/apache2-worker-2.0.53-9.4.102mdk.x86_64.rpm
 c27d53f234ab8c96a69c9c275c6f1f0a  x86_64/10.2/SRPMS/apache2-2.0.53-9.4.102mdk.src.rpm
 2c26a3a648da8cfd2e4bde1c9bc750f0  x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.src.rpm

 Mandriva Linux 2006.0:
 698cc58241479ed3420b7ea05e004caf  2006.0/RPMS/apache-base-2.0.54-13.2.20060mdk.i586.rpm
 50b24b5c0b57d8855b12b1df63907a55  2006.0/RPMS/apache-devel-2.0.54-13.2.20060mdk.i586.rpm
 d45773a5afbd7e95b8fbf4a5742d7421  2006.0/RPMS/apache-mod_cache-2.0.54-13.2.20060mdk.i586.rpm
 1ed0c6065f7ff959fff70886994db98c  2006.0/RPMS/apache-mod_dav-2.0.54-13.2.20060mdk.i586.rpm
 11cdcc4a223fdd3d451c17394a4ab19f  2006.0/RPMS/apache-mod_deflate-2.0.54-13.2.20060mdk.i586.rpm
 77554cf3457a32465a9977b51f0f8089  2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.2.20060mdk.i586.rpm
 d39cefb6075e3de9c459aa97774cd1c0  2006.0/RPMS/apache-mod_file_cache-2.0.54-13.2.20060mdk.i586.rpm
 46246bc1f89e93a8cd317079052cad8b  2006.0/RPMS/apache-mod_ldap-2.0.54-13.2.20060mdk.i586.rpm
 6059a50db5752ade252619303d179ac9  2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.2.20060mdk.i586.rpm
 52eb38740e1753591a2efe1f165c9a52  2006.0/RPMS/apache-mod_proxy-2.0.54-13.2.20060mdk.i586.rpm
 c58f95e19b34e5fffaacec10e999c614  2006.0/RPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.i586.rpm
 08d836daa888cd101f00c562931d1d96  2006.0/RPMS/apache-modules-2.0.54-13.2.20060mdk.i586.rpm
 fcbf7783e8a0959b78308bc0fcb28c66  2006.0/RPMS/apache-mod_userdir-2.0.54-13.2.20060mdk.i586.rpm
 44577d0be1ea6dd781310dc6d82b8357  2006.0/RPMS/apache-mpm-peruser-2.0.54-13.2.20060mdk.i586.rpm
 2c7c4b9e077fa21d3be5379feb4a1bf5  2006.0/RPMS/apache-mpm-prefork-2.0.54-13.2.20060mdk.i586.rpm
 b5194b3fdc57e710f671695a003d7a86  2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.i586.rpm
 c15e6970096ec90359fb5f950838c361  2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.i586.rpm
 f55dcf60da3a4e0bc6a9c7c22f153e32  2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm
 377a0a4c5813cca0cfd1ec6c1be57964  2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 19f2682c0c8ea82d5d053057ebbea331  x86_64/2006.0/RPMS/apache-base-2.0.54-13.2.20060mdk.x86_64.rpm
 3b74fc5aef89568e65f512a52056d98c  x86_64/2006.0/RPMS/apache-devel-2.0.54-13.2.20060mdk.x86_64.rpm
 0573fef90fc16c5507371b57b78b8163  x86_64/2006.0/RPMS/apache-mod_cache-2.0.54-13.2.20060mdk.x86_64.rpm
 2322bbe1b74c5ff49d54cc68839e86ce  x86_64/2006.0/RPMS/apache-mod_dav-2.0.54-13.2.20060mdk.x86_64.rpm
 e318276c19d2d08fafe6f838b459f214  x86_64/2006.0/RPMS/apache-mod_deflate-2.0.54-13.2.20060mdk.x86_64.rpm
 109e024c0fc738fd04336f9fe640a704  x86_64/2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.2.20060mdk.x86_64.rpm
 bec4ad366bf9a556387f36bd4586ee1f  x86_64/2006.0/RPMS/apache-mod_file_cache-2.0.54-13.2.20060mdk.x86_64.rpm
 aa3de6fb4e051150b8c7afee465ac079  x86_64/2006.0/RPMS/apache-mod_ldap-2.0.54-13.2.20060mdk.x86_64.rpm
 7ee80c338ffee9b2e4bcf942a5b4684a  x86_64/2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.2.20060mdk.x86_64.rpm
 65da37880faf3811a35ba596fab84245  x86_64/2006.0/RPMS/apache-mod_proxy-2.0.54-13.2.20060mdk.x86_64.rpm
 17be071c0d39a17f0f6d4c9ddf051c42  x86_64/2006.0/RPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.x86_64.rpm
 b913963f3ffafce4ddf9d87187f5ccf8  x86_64/2006.0/RPMS/apache-modules-2.0.54-13.2.20060mdk.x86_64.rpm
 faf591ab4124eedd3b7121595035087a  x86_64/2006.0/RPMS/apache-mod_userdir-2.0.54-13.2.20060mdk.x86_64.rpm
 533dff0067505fc71673a112719a3891  x86_64/2006.0/RPMS/apache-mpm-peruser-2.0.54-13.2.20060mdk.x86_64.rpm
 3ea58408fb222e88d7b819967ec5ecf7  x86_64/2006.0/RPMS/apache-mpm-prefork-2.0.54-13.2.20060mdk.x86_64.rpm
 e2dbb1c9a18e5766a08adc3ddb4f1fb6  x86_64/2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.x86_64.rpm
 aa027a7ca0870145495edc79c9e3f7cb  x86_64/2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.x86_64.rpm
 f55dcf60da3a4e0bc6a9c7c22f153e32  x86_64/2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm
 377a0a4c5813cca0cfd1ec6c1be57964  x86_64/2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
The Difference Between Wi-Fi Security Protocols: WPA2-AES vs WPA2-TKIP
Segmenting for security: Five steps to protect your network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.