LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2011:168: apache Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been discovered and corrected in apache: The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:168
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : apache
 Date    : November 9, 2011
 Affected: 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in apache:
 
 The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21,
 when used with mod_proxy_balancer in certain configurations, allows
 remote attackers to cause a denial of service (temporary error state
 in the backend server) via a malformed HTTP request (CVE-2011-3348).
 
 The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory
 introduced regressions in the way httpd handled certain Range HTTP
 header values.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348
 https://issues.apache.org/bugzilla/show_bug.cgi?id=51878
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 efa3019014628e3c480750c1f2004a7c  2010.1/i586/apache-base-2.2.15-3.5mdv2010.2.i586.rpm
 3087616095041b2a0ec35a4f07b0db39  2010.1/i586/apache-devel-2.2.15-3.5mdv2010.2.i586.rpm
 f64f79810c740c6ea48a62b6efaa2e57  2010.1/i586/apache-htcacheclean-2.2.15-3.5mdv2010.2.i586.rpm
 54193e742de9f3c09033686110dbcf12  2010.1/i586/apache-mod_authn_dbd-2.2.15-3.5mdv2010.2.i586.rpm
 5190c0b547fdabd83f11f2c0b3c4c59c  2010.1/i586/apache-mod_cache-2.2.15-3.5mdv2010.2.i586.rpm
 797c23a6d7bd773b56f12ef80e598bd3  2010.1/i586/apache-mod_dav-2.2.15-3.5mdv2010.2.i586.rpm
 2489ede1721764643b2942292de4e43a  2010.1/i586/apache-mod_dbd-2.2.15-3.5mdv2010.2.i586.rpm
 32132cdd5a453e1d35b34ad86756469b  2010.1/i586/apache-mod_deflate-2.2.15-3.5mdv2010.2.i586.rpm
 bb94bf4569a6979b23bbf29e51172deb  2010.1/i586/apache-mod_disk_cache-2.2.15-3.5mdv2010.2.i586.rpm
 c0465fd2bf450d8229c92ebd7b96e796  2010.1/i586/apache-mod_file_cache-2.2.15-3.5mdv2010.2.i586.rpm
 8fe0536c0567db805b18eee9b6fbae4c  2010.1/i586/apache-mod_ldap-2.2.15-3.5mdv2010.2.i586.rpm
 f9f7679d70d4c06573737e401c9efa56  2010.1/i586/apache-mod_mem_cache-2.2.15-3.5mdv2010.2.i586.rpm
 bb61c23cadc265c1182e4d08beaf6834  2010.1/i586/apache-mod_proxy-2.2.15-3.5mdv2010.2.i586.rpm
 724885ee3820d7b0ae7c20a188fb8c54  2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.5mdv2010.2.i586.rpm
 2582960ff8ed44b516dba77a8ca3f79e  2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.5mdv2010.2.i586.rpm
 54829077b157f55baa47bcb05769c039  2010.1/i586/apache-mod_reqtimeout-2.2.15-3.5mdv2010.2.i586.rpm
 2e977bb1f6a182a2c70912167265ce50  2010.1/i586/apache-mod_ssl-2.2.15-3.5mdv2010.2.i586.rpm
 a5bf2b114ee2d72336adce28811c3037  2010.1/i586/apache-modules-2.2.15-3.5mdv2010.2.i586.rpm
 83b2206a476ef960dd2267e42b2121af  2010.1/i586/apache-mod_userdir-2.2.15-3.5mdv2010.2.i586.rpm
 e5c81b0d5dee76dfe644188c719208fd  2010.1/i586/apache-mpm-event-2.2.15-3.5mdv2010.2.i586.rpm
 1f565927f0329db6a6dcbfc146862d7d  2010.1/i586/apache-mpm-itk-2.2.15-3.5mdv2010.2.i586.rpm
 9fe74c5aa75109bd04e60278d3ce4f27  2010.1/i586/apache-mpm-peruser-2.2.15-3.5mdv2010.2.i586.rpm
 3a253e811772ae2eeed3ed028bb05dec  2010.1/i586/apache-mpm-prefork-2.2.15-3.5mdv2010.2.i586.rpm
 ada4b77b392aa8a5b6c283d1d3394f19  2010.1/i586/apache-mpm-worker-2.2.15-3.5mdv2010.2.i586.rpm
 f777f009148573676e3bda6fa9d3472a  2010.1/i586/apache-source-2.2.15-3.5mdv2010.2.i586.rpm 
 30b49a94b9485639515c5323a58a87b2  2010.1/SRPMS/apache-2.2.15-3.5mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 904ac3e39e1544ac03201c638f272461  2010.1/x86_64/apache-base-2.2.15-3.5mdv2010.2.x86_64.rpm
 48164409c194bc836764f105d332b9b2  2010.1/x86_64/apache-devel-2.2.15-3.5mdv2010.2.x86_64.rpm
 7f9ba9d3b24e352fd9c6dbb770d1c0e2  2010.1/x86_64/apache-htcacheclean-2.2.15-3.5mdv2010.2.x86_64.rpm
 bfc5629f34ceec77cc9f63cbacedec8b  2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.5mdv2010.2.x86_64.rpm
 e4f47be08c6bf1e1e12f8f8263014238  2010.1/x86_64/apache-mod_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
 01f8ba996efc43df6e94cf3ba7b960ee  2010.1/x86_64/apache-mod_dav-2.2.15-3.5mdv2010.2.x86_64.rpm
 07b4081d62a107a075f1b2e13a505496  2010.1/x86_64/apache-mod_dbd-2.2.15-3.5mdv2010.2.x86_64.rpm
 42dc96e272815486f57db1fc5b5006c3  2010.1/x86_64/apache-mod_deflate-2.2.15-3.5mdv2010.2.x86_64.rpm
 5ab4bcddcd345aee9938a53f8c66f652  2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
 8bc139a4c4ce0381292885d35e0dc9a8  2010.1/x86_64/apache-mod_file_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
 d7add6101b8b2393c9e16bbe4570e474  2010.1/x86_64/apache-mod_ldap-2.2.15-3.5mdv2010.2.x86_64.rpm
 4276d115ba3061e90c55b3614fc094e9  2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
 f12d0cfb139cfe7b46b2a6d6d0dbea74  2010.1/x86_64/apache-mod_proxy-2.2.15-3.5mdv2010.2.x86_64.rpm
 527aa8011d33407b6e7419f51b1ba1f4  2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.5mdv2010.2.x86_64.rpm
 4b4fbeb9ae7243582d7a6d0f702c2f22  2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.5mdv2010.2.x86_64.rpm
 fc812b63a2078aa8ee8cd6bbee447589  2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.5mdv2010.2.x86_64.rpm
 5b13aaae983d8d37ade193afe05f97d0  2010.1/x86_64/apache-mod_ssl-2.2.15-3.5mdv2010.2.x86_64.rpm
 c00c4fd9fd7bb6179f96e65567c6197d  2010.1/x86_64/apache-modules-2.2.15-3.5mdv2010.2.x86_64.rpm
 0280efe603339cea73a9989d1e216d2e  2010.1/x86_64/apache-mod_userdir-2.2.15-3.5mdv2010.2.x86_64.rpm
 53d1ba40692126ce9d98110e754bdece  2010.1/x86_64/apache-mpm-event-2.2.15-3.5mdv2010.2.x86_64.rpm
 74caa9e8aee48eb0506d91acd2c8075e  2010.1/x86_64/apache-mpm-itk-2.2.15-3.5mdv2010.2.x86_64.rpm
 73e3ada13fe3df988d00ae0a7c31a8e4  2010.1/x86_64/apache-mpm-peruser-2.2.15-3.5mdv2010.2.x86_64.rpm
 81ab4347551eb3c860b01985e614e309  2010.1/x86_64/apache-mpm-prefork-2.2.15-3.5mdv2010.2.x86_64.rpm
 16164f1d9cbaf6e4d80874ef53a8b6fa  2010.1/x86_64/apache-mpm-worker-2.2.15-3.5mdv2010.2.x86_64.rpm
 990b96231afbdc851ff03ccbb0e1203d  2010.1/x86_64/apache-source-2.2.15-3.5mdv2010.2.x86_64.rpm 
 30b49a94b9485639515c5323a58a87b2  2010.1/SRPMS/apache-2.2.15-3.5mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 000a1b64448acad341d2bead5a7b2b40  mes5/i586/apache-base-2.2.9-12.14mdvmes5.2.i586.rpm
 4c904a9851b0a6b54c936952e21d4f9a  mes5/i586/apache-devel-2.2.9-12.14mdvmes5.2.i586.rpm
 f8772da8100473cdb73c580764a052ff  mes5/i586/apache-htcacheclean-2.2.9-12.14mdvmes5.2.i586.rpm
 df5ff9f23abbf7bfdfe3290dd229fa3c  mes5/i586/apache-mod_authn_dbd-2.2.9-12.14mdvmes5.2.i586.rpm
 495e3856b6a6c6deed0879a74ff96e91  mes5/i586/apache-mod_cache-2.2.9-12.14mdvmes5.2.i586.rpm
 19bf954e5808bb55904eb15e0da83eaa  mes5/i586/apache-mod_dav-2.2.9-12.14mdvmes5.2.i586.rpm
 69b7ed150f649056ca9ed5c8dbb69ab9  mes5/i586/apache-mod_dbd-2.2.9-12.14mdvmes5.2.i586.rpm
 e0ef096233b8ab089944bd97a636d984  mes5/i586/apache-mod_deflate-2.2.9-12.14mdvmes5.2.i586.rpm
 ba8efbb0753f0c4b9e0542714c0dc38d  mes5/i586/apache-mod_disk_cache-2.2.9-12.14mdvmes5.2.i586.rpm
 778ee556b1cccf580aafe55104718ced  mes5/i586/apache-mod_file_cache-2.2.9-12.14mdvmes5.2.i586.rpm
 7e779a0c3ab9bf94a0f07a37b5a1ad76  mes5/i586/apache-mod_ldap-2.2.9-12.14mdvmes5.2.i586.rpm
 f1a30b1609adfd75a1d1aa81145cc2b1  mes5/i586/apache-mod_mem_cache-2.2.9-12.14mdvmes5.2.i586.rpm
 fe9fcfd8ca9b7129de9535aee2917f3f  mes5/i586/apache-mod_proxy-2.2.9-12.14mdvmes5.2.i586.rpm
 95943de5218e180dcdc4088e5757f6db  mes5/i586/apache-mod_proxy_ajp-2.2.9-12.14mdvmes5.2.i586.rpm
 318c98c15a80c6f54b5eafcb0f35c3dd  mes5/i586/apache-mod_ssl-2.2.9-12.14mdvmes5.2.i586.rpm
 a4d215acc80c76d8fa7296a1a9e71e66  mes5/i586/apache-modules-2.2.9-12.14mdvmes5.2.i586.rpm
 6dd522fae06c5b507125966862f3baeb  mes5/i586/apache-mod_userdir-2.2.9-12.14mdvmes5.2.i586.rpm
 f142012531d29a89eb26bdf94fed9e77  mes5/i586/apache-mpm-event-2.2.9-12.14mdvmes5.2.i586.rpm
 12f441381a02a93615f570de2984296d  mes5/i586/apache-mpm-itk-2.2.9-12.14mdvmes5.2.i586.rpm
 e6fe55d8db2ea5fb88ea1b39f76b0bdb  mes5/i586/apache-mpm-peruser-2.2.9-12.14mdvmes5.2.i586.rpm
 74ba90b3e16d7dc1bf44f28e83666086  mes5/i586/apache-mpm-prefork-2.2.9-12.14mdvmes5.2.i586.rpm
 89059e7700f61272a5a1bed0a5aa9854  mes5/i586/apache-mpm-worker-2.2.9-12.14mdvmes5.2.i586.rpm
 dceffe55d15d99932e04cf2b1f8f12c3  mes5/i586/apache-source-2.2.9-12.14mdvmes5.2.i586.rpm 
 1803c43f9aaa75ba96abb9b82b3f9cfd  mes5/SRPMS/apache-2.2.9-12.14mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 050aa909a942ddf054f913066552fbcc  mes5/x86_64/apache-base-2.2.9-12.14mdvmes5.2.x86_64.rpm
 2d9fa3f4003f8577fc372493a216ff4a  mes5/x86_64/apache-devel-2.2.9-12.14mdvmes5.2.x86_64.rpm
 68305995effc2bd9a1cc6c234da9ce88  mes5/x86_64/apache-htcacheclean-2.2.9-12.14mdvmes5.2.x86_64.rpm
 895e327ff7b75ba1489904c7f50c9219  mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.14mdvmes5.2.x86_64.rpm
 92f1a4e37e02079b707844c119f396cf  mes5/x86_64/apache-mod_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
 61c1d304dd3fc85717d1fdc74c62402a  mes5/x86_64/apache-mod_dav-2.2.9-12.14mdvmes5.2.x86_64.rpm
 b4f161ec2d9745ea40e6be83ec670ad4  mes5/x86_64/apache-mod_dbd-2.2.9-12.14mdvmes5.2.x86_64.rpm
 b3dd2d1cd1d3a4236c022254e7f5dae5  mes5/x86_64/apache-mod_deflate-2.2.9-12.14mdvmes5.2.x86_64.rpm
 6992b43e842ff1a77132c1667204a1f1  mes5/x86_64/apache-mod_disk_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
 68885f5adf906884bfede7be9b98c0de  mes5/x86_64/apache-mod_file_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
 38152f4ed136292e725f0cac2a836a23  mes5/x86_64/apache-mod_ldap-2.2.9-12.14mdvmes5.2.x86_64.rpm
 d4e4ab43908f41d33106e069e85e19f0  mes5/x86_64/apache-mod_mem_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
 4c54f275dd6dc1f4ef56c0fa26f1f262  mes5/x86_64/apache-mod_proxy-2.2.9-12.14mdvmes5.2.x86_64.rpm
 ab35ab1aedb6b0fe30143af8ebb1c51b  mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.14mdvmes5.2.x86_64.rpm
 86d6ca8156a2ec224dd2c8f064bfa685  mes5/x86_64/apache-mod_ssl-2.2.9-12.14mdvmes5.2.x86_64.rpm
 f0771cbbcad7bbbbb230ba17b49a00ec  mes5/x86_64/apache-modules-2.2.9-12.14mdvmes5.2.x86_64.rpm
 9d6ed0960614673c4085a2d9a90876b9  mes5/x86_64/apache-mod_userdir-2.2.9-12.14mdvmes5.2.x86_64.rpm
 2dfc496e8aea977d133823ccbb72f754  mes5/x86_64/apache-mpm-event-2.2.9-12.14mdvmes5.2.x86_64.rpm
 f1a306cc23d666161058585337e598e6  mes5/x86_64/apache-mpm-itk-2.2.9-12.14mdvmes5.2.x86_64.rpm
 ede25d1a607e03b8e65b3ecb46fd7b2b  mes5/x86_64/apache-mpm-peruser-2.2.9-12.14mdvmes5.2.x86_64.rpm
 67c5a299b3ed4c15341a54cbbc06a2bc  mes5/x86_64/apache-mpm-prefork-2.2.9-12.14mdvmes5.2.x86_64.rpm
 abd16d61836ee16d267d3cf29c68bdbf  mes5/x86_64/apache-mpm-worker-2.2.9-12.14mdvmes5.2.x86_64.rpm
 07dcbb776ca1b4261aa945b9daed5c3c  mes5/x86_64/apache-source-2.2.9-12.14mdvmes5.2.x86_64.rpm 
 1803c43f9aaa75ba96abb9b82b3f9cfd  mes5/SRPMS/apache-2.2.9-12.14mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google to turn on encryption by default in next Android version
TOR users become FBI's No.1 hacking target after legal power grab
OWASP Releases Latest App Sec Guide
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.