Fedora Core 4 Update: mod_auth_pgsql-2.0.1-8.1 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Advisory Watch: March 20th, 2010

Linux Security Week: March 16th, 2010

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora Core 4 Update: mod_auth_pgsql-2.0.1-8.1

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. Red Hat would like to thank iDefense for reporting this issue.

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-015
2006-01-06
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : mod_auth_pgsql
Version     : 2.0.1                      
Release     : 8.1                  
Summary     : Basic authentication for the Apache web server using a PostgreSQL database.
Description :
mod_auth_pgsql can be used to limit access to documents served by a web server
by checking fields in a table in a PostgresQL database.

---------------------------------------------------------------------
Update Information:

Several format string flaws were found in the way
mod_auth_pgsql logs information. It may be possible for a
remote attacker to execute arbitrary code as the 'apache'
user if mod_auth_pgsql is used for user authentication. The
Common Vulnerabilities and Exposures project assigned the
name CVE-2005-3656 to this issue.

Please note that this issue only affects servers which have
mod_auth_pgsql installed and configured to perform user
authentication against a PostgreSQL database.

Red Hat would like to thank iDefense for reporting this issue.
---------------------------------------------------------------------
* Fri Jan  6 2006 Joe Orton  2.0.1-8.1
- add security fix for CVE-2005-3656
- don't strip .so file so debuginfo works


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

d92214578ca55f9fe41d1ae02bf6d43e  SRPMS/mod_auth_pgsql-2.0.1-8.1.src.rpm
747cb8b5486624f9df1057fca3ee7e86  ppc/mod_auth_pgsql-2.0.1-8.1.ppc.rpm
7039f4f23f6a28fc27faa06ef83ea3a0  ppc/debug/mod_auth_pgsql-debuginfo-2.0.1-8.1.ppc.rpm
d5815a490b1ec2c2f59f9715253d5665  x86_64/mod_auth_pgsql-2.0.1-8.1.x86_64.rpm
4a1db6971295f3cc99b8641485577123  x86_64/debug/mod_auth_pgsql-debuginfo-2.0.1-8.1.x86_64.rpm
6ce00956921bda6ae3f5f6ed19bdde75  i386/mod_auth_pgsql-2.0.1-8.1.i386.rpm
4b265b8401bc3c5b56140b0bb65ce159  i386/debug/mod_auth_pgsql-debuginfo-2.0.1-8.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list