LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2013:015: apache Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilities has been found and corrected in apache (ASF HTTPD): Various XSS (cross-site scripting vulnerability) flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:015
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : apache
 Date    : February 26, 2013
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in apache
 (ASF HTTPD):
 
 Various XSS (cross-site scripting vulnerability) flaws due to unescaped
 hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap,
 mod_ldap, and mod_proxy_ftp (CVE-2012-3499).
 
 XSS (cross-site scripting vulnerability) in mod_proxy_balancer manager
 interface (CVE-2012-4558).
 
 Additionally the ASF bug 53219 was resolved which provides a way
 to mitigate the CRIME attack vulnerability by disabling TLS-level
 compression. Use the new directive SSLCompression on|off to enable or
 disable TLS-level compression, by default SSLCompression is turned on.
 
 The updated packages have been upgraded to the latest 2.2.24 version
 which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
 http://httpd.apache.org/security/vulnerabilities_22.html
 http://www.apache.org/dist/httpd/CHANGES_2.2.24
 https://issues.apache.org/bugzilla/show_bug.cgi?id=53219
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 289c89be234a9162175b0294e16c591c  2011/i586/apache-base-2.2.24-0.1-mdv2011.0.i586.rpm
 5f8af3db34637d99db3a6bc848c01cac  2011/i586/apache-conf-2.2.24-0.1-mdv2011.0.i586.rpm
 991acd2fbed937e78acbc04cd3ddf2e7  2011/i586/apache-devel-2.2.24-0.1-mdv2011.0.i586.rpm
 a185aaa60a5f6ffa689bfdd30969129e  2011/i586/apache-doc-2.2.24-0.1-mdv2011.0.noarch.rpm
 a069735af2947a3bf3c62137a88ffeca  2011/i586/apache-htcacheclean-2.2.24-0.1-mdv2011.0.i586.rpm
 9dbd40a1889977c6e2de4192b3a49f04  2011/i586/apache-mod_authn_dbd-2.2.24-0.1-mdv2011.0.i586.rpm
 df089c2da852993c46071cf9f1d20ab2  2011/i586/apache-mod_cache-2.2.24-0.1-mdv2011.0.i586.rpm
 e1227b41c3aa254f9f882c439dbb60a8  2011/i586/apache-mod_dav-2.2.24-0.1-mdv2011.0.i586.rpm
 defb1c86a285c224b2a15880ad803040  2011/i586/apache-mod_dbd-2.2.24-0.1-mdv2011.0.i586.rpm
 c6202714af4799b5111615ae9a88e89d  2011/i586/apache-mod_deflate-2.2.24-0.1-mdv2011.0.i586.rpm
 dd7c2831321debb9687208aef93f7e78  2011/i586/apache-mod_disk_cache-2.2.24-0.1-mdv2011.0.i586.rpm
 4b9d9e4c68e41f06e237dc300b358dbc  2011/i586/apache-mod_file_cache-2.2.24-0.1-mdv2011.0.i586.rpm
 20e3419c7a05893eaebb216680abf364  2011/i586/apache-mod_ldap-2.2.24-0.1-mdv2011.0.i586.rpm
 af66de0cae0be6b615866a1a5bf87c94  2011/i586/apache-mod_mem_cache-2.2.24-0.1-mdv2011.0.i586.rpm
 4fff2e9db4b76b080c6b28a41191067e  2011/i586/apache-mod_proxy-2.2.24-0.1-mdv2011.0.i586.rpm
 0185029b460e360a89fe5b39631a1fff  2011/i586/apache-mod_proxy_ajp-2.2.24-0.1-mdv2011.0.i586.rpm
 8c9285340ee4392717266dc11653f806  2011/i586/apache-mod_proxy_scgi-2.2.24-0.1-mdv2011.0.i586.rpm
 a72f9c38ee460de6bc1dc44634225467  2011/i586/apache-mod_reqtimeout-2.2.24-0.1-mdv2011.0.i586.rpm
 9a1ce119bf75d10ec14d1dd3bb61e7f0  2011/i586/apache-mod_ssl-2.2.24-0.1-mdv2011.0.i586.rpm
 ba2613c1bc16fc1caff121744911467a  2011/i586/apache-mod_suexec-2.2.24-0.1-mdv2011.0.i586.rpm
 fe90da4a35bb6709dc3707ea3ef8f7b0  2011/i586/apache-modules-2.2.24-0.1-mdv2011.0.i586.rpm
 97e6288872ec47204673b474f505fc5b  2011/i586/apache-mod_userdir-2.2.24-0.1-mdv2011.0.i586.rpm
 4bfb7faf0754646ca77e6920eca7a994  2011/i586/apache-mpm-event-2.2.24-0.1-mdv2011.0.i586.rpm
 724b8fd1ef97242a50643c19ad5bea28  2011/i586/apache-mpm-itk-2.2.24-0.1-mdv2011.0.i586.rpm
 ecf0644523a56fa84fae17eb0eb7bdc1  2011/i586/apache-mpm-peruser-2.2.24-0.1-mdv2011.0.i586.rpm
 7ca86c4b6d18a8f7d2dbd36e6d6fedc9  2011/i586/apache-mpm-prefork-2.2.24-0.1-mdv2011.0.i586.rpm
 3e4f9253120b07eab512985583fe9b17  2011/i586/apache-mpm-worker-2.2.24-0.1-mdv2011.0.i586.rpm
 f9d6a24fc521f5efb6db1e2b48eaaa6a  2011/i586/apache-source-2.2.24-0.1-mdv2011.0.i586.rpm 
 60a51c26a9615f8fe5fd238e324fad53  2011/SRPMS/apache-2.2.24-0.1.src.rpm
 0f8670c68f91c0eac08191f7b4c59459  2011/SRPMS/apache-conf-2.2.24-0.1.src.rpm
 4561b162b6214482270a1c1f9f9bff45  2011/SRPMS/apache-mod_suexec-2.2.24-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 2bebc91d05e6f2e522899221351a68e0  2011/x86_64/apache-base-2.2.24-0.1-mdv2011.0.x86_64.rpm
 828297781615028d0112d392ed9e3009  2011/x86_64/apache-conf-2.2.24-0.1-mdv2011.0.x86_64.rpm
 ed77958d6201a8242214e05fe3b67425  2011/x86_64/apache-devel-2.2.24-0.1-mdv2011.0.x86_64.rpm
 3ead1940727ce086d97c334d6a41223b  2011/x86_64/apache-doc-2.2.24-0.1-mdv2011.0.noarch.rpm
 b83de49c32acb5334d479d6f07d3df30  2011/x86_64/apache-htcacheclean-2.2.24-0.1-mdv2011.0.x86_64.rpm
 b62eac92a967a099cc9b392c8df76db5  2011/x86_64/apache-mod_authn_dbd-2.2.24-0.1-mdv2011.0.x86_64.rpm
 67d4c4f45e88abfa322b3a3dcff8eff6  2011/x86_64/apache-mod_cache-2.2.24-0.1-mdv2011.0.x86_64.rpm
 f81cc5b0656aa6d6ed61a8f204bdba9e  2011/x86_64/apache-mod_dav-2.2.24-0.1-mdv2011.0.x86_64.rpm
 7f7a259d5793d9f0830da2ce42be9c68  2011/x86_64/apache-mod_dbd-2.2.24-0.1-mdv2011.0.x86_64.rpm
 b73243f05bedd112946467e2dd470349  2011/x86_64/apache-mod_deflate-2.2.24-0.1-mdv2011.0.x86_64.rpm
 757818100b90779f5636dc8a405b045f  2011/x86_64/apache-mod_disk_cache-2.2.24-0.1-mdv2011.0.x86_64.rpm
 95ab9bed5935a49661fed89d0bbde413  2011/x86_64/apache-mod_file_cache-2.2.24-0.1-mdv2011.0.x86_64.rpm
 361667caa3aff7861afafc7236abe511  2011/x86_64/apache-mod_ldap-2.2.24-0.1-mdv2011.0.x86_64.rpm
 8e4cc050ab8248857d98891b6a7cd663  2011/x86_64/apache-mod_mem_cache-2.2.24-0.1-mdv2011.0.x86_64.rpm
 e89d9282d5bcb90ae77f33578fb814cc  2011/x86_64/apache-mod_proxy-2.2.24-0.1-mdv2011.0.x86_64.rpm
 1d2478b41bec0bf4098258c1cfb54a4c  2011/x86_64/apache-mod_proxy_ajp-2.2.24-0.1-mdv2011.0.x86_64.rpm
 22526d7fa623427945524f346a4365e1  2011/x86_64/apache-mod_proxy_scgi-2.2.24-0.1-mdv2011.0.x86_64.rpm
 f58d3f49a90827f1e06a972891a35ce3  2011/x86_64/apache-mod_reqtimeout-2.2.24-0.1-mdv2011.0.x86_64.rpm
 764c5337a0afde50815ec4926324911f  2011/x86_64/apache-mod_ssl-2.2.24-0.1-mdv2011.0.x86_64.rpm
 615a698090d208e3af1fa0126edd4104  2011/x86_64/apache-mod_suexec-2.2.24-0.1-mdv2011.0.x86_64.rpm
 2b087b76a1d2457c2a3e0b1d82028a90  2011/x86_64/apache-modules-2.2.24-0.1-mdv2011.0.x86_64.rpm
 1b85512bbfeb4b1ac03c2e7b5019a7ad  2011/x86_64/apache-mod_userdir-2.2.24-0.1-mdv2011.0.x86_64.rpm
 2af96a1eb1a3e7c0d97b70c382e15105  2011/x86_64/apache-mpm-event-2.2.24-0.1-mdv2011.0.x86_64.rpm
 a4f2ef243034a6d8902822d19dc85475  2011/x86_64/apache-mpm-itk-2.2.24-0.1-mdv2011.0.x86_64.rpm
 141410f4cae45ddc07bc0664330aaf16  2011/x86_64/apache-mpm-peruser-2.2.24-0.1-mdv2011.0.x86_64.rpm
 92fbed1befec4c0f45b3c0c0f092be30  2011/x86_64/apache-mpm-prefork-2.2.24-0.1-mdv2011.0.x86_64.rpm
 72af42ba5a5594ce561d56d5c6d9a4e2  2011/x86_64/apache-mpm-worker-2.2.24-0.1-mdv2011.0.x86_64.rpm
 5013cde8136c71938c2e053ab5d70995  2011/x86_64/apache-source-2.2.24-0.1-mdv2011.0.x86_64.rpm 
 60a51c26a9615f8fe5fd238e324fad53  2011/SRPMS/apache-2.2.24-0.1.src.rpm
 0f8670c68f91c0eac08191f7b4c59459  2011/SRPMS/apache-conf-2.2.24-0.1.src.rpm
 4561b162b6214482270a1c1f9f9bff45  2011/SRPMS/apache-mod_suexec-2.2.24-0.1.src.rpm

 Mandriva Enterprise Server 5:
 6dd6edb0b5d97314ee4d4d81d50d6e4d  mes5/i586/apache-base-2.2.24-0.1mdvmes5.2.i586.rpm
 319fe02e7b972f21dd9ec29e0185f44f  mes5/i586/apache-conf-2.2.24-0.1mdvmes5.2.i586.rpm
 e8bd3eae8d128fd5e244045caf5ee6f5  mes5/i586/apache-devel-2.2.24-0.1mdvmes5.2.i586.rpm
 0b0832377327154aa4a98c51fb147919  mes5/i586/apache-doc-2.2.24-0.1mdvmes5.2.i586.rpm
 f8937aebec292a0e8f976048db096e71  mes5/i586/apache-htcacheclean-2.2.24-0.1mdvmes5.2.i586.rpm
 69373e51a9330ea5849de39ec400dbe3  mes5/i586/apache-mod_authn_dbd-2.2.24-0.1mdvmes5.2.i586.rpm
 43feca16e72b04e66ef6342a252b2bb7  mes5/i586/apache-mod_cache-2.2.24-0.1mdvmes5.2.i586.rpm
 af8313cba733be280e0b3e30c32be0c9  mes5/i586/apache-mod_dav-2.2.24-0.1mdvmes5.2.i586.rpm
 91fec82e5d3952f17a15b38f9ec03d68  mes5/i586/apache-mod_dbd-2.2.24-0.1mdvmes5.2.i586.rpm
 8bf734067c73d04cef99b6bf25f66bc9  mes5/i586/apache-mod_deflate-2.2.24-0.1mdvmes5.2.i586.rpm
 27ecd86d710980c332c6fbf6010c3092  mes5/i586/apache-mod_disk_cache-2.2.24-0.1mdvmes5.2.i586.rpm
 aa4985381121d8b627f98ac18f5f25d2  mes5/i586/apache-mod_file_cache-2.2.24-0.1mdvmes5.2.i586.rpm
 7f698e5ea494e573636580e974c5fc2f  mes5/i586/apache-mod_ldap-2.2.24-0.1mdvmes5.2.i586.rpm
 160134ad93e70eb964897fbbc1632fbc  mes5/i586/apache-mod_mem_cache-2.2.24-0.1mdvmes5.2.i586.rpm
 2fa5c492d5af50f867b20233c327ea05  mes5/i586/apache-mod_proxy-2.2.24-0.1mdvmes5.2.i586.rpm
 4185214fd00c80d9e4574168ceb14009  mes5/i586/apache-mod_proxy_ajp-2.2.24-0.1mdvmes5.2.i586.rpm
 81a50e40f0bf364b94fd9a6ccf8655c2  mes5/i586/apache-mod_proxy_scgi-2.2.24-0.1mdvmes5.2.i586.rpm
 ff5a337656b958c3241fc5a978b75b18  mes5/i586/apache-mod_reqtimeout-2.2.24-0.1mdvmes5.2.i586.rpm
 425b81046acc1e05024c8c67dc56796e  mes5/i586/apache-mod_ssl-2.2.24-0.1mdvmes5.2.i586.rpm
 27fb0fcb9cf681f1b235061fe85b73c1  mes5/i586/apache-mod_suexec-2.2.24-0.1mdvmes5.2.i586.rpm
 5e951c0c3d694bde145b5810893c5b5c  mes5/i586/apache-modules-2.2.24-0.1mdvmes5.2.i586.rpm
 9ae777a24be2d3518d130ddd58249e2c  mes5/i586/apache-mod_userdir-2.2.24-0.1mdvmes5.2.i586.rpm
 01c66caefbf0963fdc792368a83c34a6  mes5/i586/apache-mpm-event-2.2.24-0.1mdvmes5.2.i586.rpm
 a3da55a7a39e49a6628788db4150a8df  mes5/i586/apache-mpm-itk-2.2.24-0.1mdvmes5.2.i586.rpm
 8152d5a34bd829ba28b4e449df14a03f  mes5/i586/apache-mpm-peruser-2.2.24-0.1mdvmes5.2.i586.rpm
 ed3f4674858e134cbdf8db082ccff2ac  mes5/i586/apache-mpm-prefork-2.2.24-0.1mdvmes5.2.i586.rpm
 c0cd47361e5d8a979f71dd8e98ffbfe4  mes5/i586/apache-mpm-worker-2.2.24-0.1mdvmes5.2.i586.rpm
 b444e18873265bb6b7fbd3add66ff64a  mes5/i586/apache-source-2.2.24-0.1mdvmes5.2.i586.rpm 
 dbe3d441997f0e06d51c96c8981e834f  mes5/SRPMS/apache-2.2.24-0.1mdvmes5.2.src.rpm
 6f9c20607fff35b57811e8b566b688fc  mes5/SRPMS/apache-conf-2.2.24-0.1mdvmes5.2.src.rpm
 4ef70aa09145ec2b8f15ea2c21c5dea0  mes5/SRPMS/apache-mod_suexec-2.2.24-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 0e59782d03138d935b38f93653047abc  mes5/x86_64/apache-base-2.2.24-0.1mdvmes5.2.x86_64.rpm
 178694544c089940994cafb3358bd66c  mes5/x86_64/apache-conf-2.2.24-0.1mdvmes5.2.x86_64.rpm
 d8f21f8b075664de084ee5462d235b84  mes5/x86_64/apache-devel-2.2.24-0.1mdvmes5.2.x86_64.rpm
 a6c0072d3be0d0fd90f61dbd9872a950  mes5/x86_64/apache-doc-2.2.24-0.1mdvmes5.2.x86_64.rpm
 da165aea085b8500165d244e97f5ca58  mes5/x86_64/apache-htcacheclean-2.2.24-0.1mdvmes5.2.x86_64.rpm
 163714433a88eaf3140e297a0f7b049a  mes5/x86_64/apache-mod_authn_dbd-2.2.24-0.1mdvmes5.2.x86_64.rpm
 09e47dae25b0c2a5cc4ad59f21ebce3e  mes5/x86_64/apache-mod_cache-2.2.24-0.1mdvmes5.2.x86_64.rpm
 f9d3ee959228eb91bbf6dad0370e5368  mes5/x86_64/apache-mod_dav-2.2.24-0.1mdvmes5.2.x86_64.rpm
 ead999610ce5785ece13781d2f5b0d66  mes5/x86_64/apache-mod_dbd-2.2.24-0.1mdvmes5.2.x86_64.rpm
 bba1850efa371d493cd6a608fafadd34  mes5/x86_64/apache-mod_deflate-2.2.24-0.1mdvmes5.2.x86_64.rpm
 a67e8403f7acb225b50e9ae3b92d6d65  mes5/x86_64/apache-mod_disk_cache-2.2.24-0.1mdvmes5.2.x86_64.rpm
 20eddbde328e178d9a67bb57d275a4b4  mes5/x86_64/apache-mod_file_cache-2.2.24-0.1mdvmes5.2.x86_64.rpm
 ac154e173a5429742559237f2b0d014b  mes5/x86_64/apache-mod_ldap-2.2.24-0.1mdvmes5.2.x86_64.rpm
 596013759868c8e22739c058e2ea61f6  mes5/x86_64/apache-mod_mem_cache-2.2.24-0.1mdvmes5.2.x86_64.rpm
 f5742a3e437fdfdb85fa99128b4f7e8a  mes5/x86_64/apache-mod_proxy-2.2.24-0.1mdvmes5.2.x86_64.rpm
 fd502968872d2be5c018e0fbb9f97b1a  mes5/x86_64/apache-mod_proxy_ajp-2.2.24-0.1mdvmes5.2.x86_64.rpm
 7e905ce8177a1746ce3fd1ce40512470  mes5/x86_64/apache-mod_proxy_scgi-2.2.24-0.1mdvmes5.2.x86_64.rpm
 9518bdc5a4dbe14b16aa9228f404e33d  mes5/x86_64/apache-mod_reqtimeout-2.2.24-0.1mdvmes5.2.x86_64.rpm
 d1eec3970980c9dfde163fc2039213d9  mes5/x86_64/apache-mod_ssl-2.2.24-0.1mdvmes5.2.x86_64.rpm
 5fc3a8b10152d52db0c750d6da821ae7  mes5/x86_64/apache-mod_suexec-2.2.24-0.1mdvmes5.2.x86_64.rpm
 96b166e33189eb97b8c0353804e583d6  mes5/x86_64/apache-modules-2.2.24-0.1mdvmes5.2.x86_64.rpm
 1022717e5463c61a4200764d53b5f47c  mes5/x86_64/apache-mod_userdir-2.2.24-0.1mdvmes5.2.x86_64.rpm
 92bd2b1ee635ced3db4257bc53af5266  mes5/x86_64/apache-mpm-event-2.2.24-0.1mdvmes5.2.x86_64.rpm
 aa97fe2e7063357a1aaed568258b8818  mes5/x86_64/apache-mpm-itk-2.2.24-0.1mdvmes5.2.x86_64.rpm
 26197b7255a701aaf2c541b5cd779470  mes5/x86_64/apache-mpm-peruser-2.2.24-0.1mdvmes5.2.x86_64.rpm
 7d398eb4c6841172a934a1814c72035f  mes5/x86_64/apache-mpm-prefork-2.2.24-0.1mdvmes5.2.x86_64.rpm
 51bcd6b3b9bcb46a5ca74a54584499f4  mes5/x86_64/apache-mpm-worker-2.2.24-0.1mdvmes5.2.x86_64.rpm
 6aa22fdbc419e7a11a09176cb18dda75  mes5/x86_64/apache-source-2.2.24-0.1mdvmes5.2.x86_64.rpm 
 dbe3d441997f0e06d51c96c8981e834f  mes5/SRPMS/apache-2.2.24-0.1mdvmes5.2.src.rpm
 6f9c20607fff35b57811e8b566b688fc  mes5/SRPMS/apache-conf-2.2.24-0.1mdvmes5.2.src.rpm
 4ef70aa09145ec2b8f15ea2c21c5dea0  mes5/SRPMS/apache-mod_suexec-2.2.24-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.