LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2013:174: apache Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilities has been found and corrected in apache: mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:174
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : apache
 Date    : June 14, 2013
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in apache:
 
 mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server
 2.2.x before 2.2.25 writes data to a log file without sanitizing
 non-printable characters, which might allow remote attackers to execute
 arbitrary commands via an HTTP request containing an escape sequence
 for a terminal emulator (CVE-2013-1862).
 
 A buffer overflow when reading digest password file with very long
 lines in htdigest was discovered (PR 54893).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
 https://bugzilla.redhat.com/show_bug.cgi?id=953729
 https://issues.apache.org/bugzilla/show_bug.cgi?id=54893
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 0a8d5cf64c41a4e12a30f67eb8065117  mes5/i586/apache-base-2.2.24-0.2mdvmes5.2.i586.rpm
 d33ed3e074ec7c8f3463effded777228  mes5/i586/apache-devel-2.2.24-0.2mdvmes5.2.i586.rpm
 9792fe8498d9e71a39e4b5ccf704163d  mes5/i586/apache-doc-2.2.24-0.2mdvmes5.2.i586.rpm
 bdb640f694a58f5d64825506a56723bd  mes5/i586/apache-htcacheclean-2.2.24-0.2mdvmes5.2.i586.rpm
 9d22370a9132ce43a91d19412c7d5802  mes5/i586/apache-mod_authn_dbd-2.2.24-0.2mdvmes5.2.i586.rpm
 0dd9bd4a4a6d38a3268d7a179d8841bb  mes5/i586/apache-mod_cache-2.2.24-0.2mdvmes5.2.i586.rpm
 694d46859c23fd52270be6ba1757b630  mes5/i586/apache-mod_dav-2.2.24-0.2mdvmes5.2.i586.rpm
 249a736db45d03f089ccdda3ae121330  mes5/i586/apache-mod_dbd-2.2.24-0.2mdvmes5.2.i586.rpm
 38b67619272b4d8e61b8e8ff14e326f5  mes5/i586/apache-mod_deflate-2.2.24-0.2mdvmes5.2.i586.rpm
 7f228d030849af78a59ff53e6a07a142  mes5/i586/apache-mod_disk_cache-2.2.24-0.2mdvmes5.2.i586.rpm
 1d74a46313851698bc52f99be5239223  mes5/i586/apache-mod_file_cache-2.2.24-0.2mdvmes5.2.i586.rpm
 188eb4b82459928d64703ab09eefa49c  mes5/i586/apache-mod_ldap-2.2.24-0.2mdvmes5.2.i586.rpm
 708fefd12aeb979117afc60308c9be3c  mes5/i586/apache-mod_mem_cache-2.2.24-0.2mdvmes5.2.i586.rpm
 471ac83063e00b06d9061490f3a10dc8  mes5/i586/apache-mod_proxy-2.2.24-0.2mdvmes5.2.i586.rpm
 19c14db70e9aa08ab351515ec25b4006  mes5/i586/apache-mod_proxy_ajp-2.2.24-0.2mdvmes5.2.i586.rpm
 50a11fa802e8683a62f6116b854d6331  mes5/i586/apache-mod_proxy_scgi-2.2.24-0.2mdvmes5.2.i586.rpm
 b0086b24dfbbfde6374a00a03a1353b6  mes5/i586/apache-mod_reqtimeout-2.2.24-0.2mdvmes5.2.i586.rpm
 5093914b74ea63d9df30948210d429b9  mes5/i586/apache-mod_ssl-2.2.24-0.2mdvmes5.2.i586.rpm
 3d555523507643819ebc8465a9a026ca  mes5/i586/apache-modules-2.2.24-0.2mdvmes5.2.i586.rpm
 b653a7805441bcf72c3d1dee803e594a  mes5/i586/apache-mod_userdir-2.2.24-0.2mdvmes5.2.i586.rpm
 9833e171f731532791c33d1e62ebd3b6  mes5/i586/apache-mpm-event-2.2.24-0.2mdvmes5.2.i586.rpm
 2bfc7f5ac70f3048d20824b82989e112  mes5/i586/apache-mpm-itk-2.2.24-0.2mdvmes5.2.i586.rpm
 532cab33bb165a1382dd6ac2e42fbca0  mes5/i586/apache-mpm-peruser-2.2.24-0.2mdvmes5.2.i586.rpm
 09f0c608ab19ea5064256133634a4c08  mes5/i586/apache-mpm-prefork-2.2.24-0.2mdvmes5.2.i586.rpm
 ba6ef7e999123a63eff221bccbc86f0f  mes5/i586/apache-mpm-worker-2.2.24-0.2mdvmes5.2.i586.rpm
 0049e4ec81765d0b32502047abd850d1  mes5/i586/apache-source-2.2.24-0.2mdvmes5.2.i586.rpm 
 7ecf959b4147587469cf16b92adff125  mes5/SRPMS/apache-2.2.24-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 bdc282a4e5c1d88b53271b0113e27df1  mes5/x86_64/apache-base-2.2.24-0.2mdvmes5.2.x86_64.rpm
 c22e464d1bb4ccc4ecc194fa242f9708  mes5/x86_64/apache-devel-2.2.24-0.2mdvmes5.2.x86_64.rpm
 19ca7a53af329a34320724361c856565  mes5/x86_64/apache-doc-2.2.24-0.2mdvmes5.2.x86_64.rpm
 bc42e2d3f34b70b793634ecdb765e247  mes5/x86_64/apache-htcacheclean-2.2.24-0.2mdvmes5.2.x86_64.rpm
 a328f02d6f643f0186b6f4ae5c43145c  mes5/x86_64/apache-mod_authn_dbd-2.2.24-0.2mdvmes5.2.x86_64.rpm
 ac6be2afbc7677d09d8907defee10fe5  mes5/x86_64/apache-mod_cache-2.2.24-0.2mdvmes5.2.x86_64.rpm
 18e898fd0a675f84f260aa62e73e9954  mes5/x86_64/apache-mod_dav-2.2.24-0.2mdvmes5.2.x86_64.rpm
 b74a960eec0fc6f024e10bf9e4707a22  mes5/x86_64/apache-mod_dbd-2.2.24-0.2mdvmes5.2.x86_64.rpm
 2b488316a95bf4bb4882fb0e840ff9d0  mes5/x86_64/apache-mod_deflate-2.2.24-0.2mdvmes5.2.x86_64.rpm
 69f74b269a91b78151ea19a56b9b0016  mes5/x86_64/apache-mod_disk_cache-2.2.24-0.2mdvmes5.2.x86_64.rpm
 c901a033e81e0a4917254138651c7fb6  mes5/x86_64/apache-mod_file_cache-2.2.24-0.2mdvmes5.2.x86_64.rpm
 3ca0efce8be434ec019783f2348c417d  mes5/x86_64/apache-mod_ldap-2.2.24-0.2mdvmes5.2.x86_64.rpm
 ff0c80abb1b46a214da0776f268973d7  mes5/x86_64/apache-mod_mem_cache-2.2.24-0.2mdvmes5.2.x86_64.rpm
 2cc200c5ef5d82cf6f457049287c5d4a  mes5/x86_64/apache-mod_proxy-2.2.24-0.2mdvmes5.2.x86_64.rpm
 f82e01672d6bc314e849e88ca2fcfb63  mes5/x86_64/apache-mod_proxy_ajp-2.2.24-0.2mdvmes5.2.x86_64.rpm
 4a4bdb8077cc824d481d22a8871b0e65  mes5/x86_64/apache-mod_proxy_scgi-2.2.24-0.2mdvmes5.2.x86_64.rpm
 ccbd6135fd36eb9da8c058632c78fef5  mes5/x86_64/apache-mod_reqtimeout-2.2.24-0.2mdvmes5.2.x86_64.rpm
 d04950473b06300c1b8de8a17440bc2e  mes5/x86_64/apache-mod_ssl-2.2.24-0.2mdvmes5.2.x86_64.rpm
 66e20b8bb5721470518e32fde6bc4d9d  mes5/x86_64/apache-modules-2.2.24-0.2mdvmes5.2.x86_64.rpm
 932b1793e1b678dc2734f105d1ff4e5a  mes5/x86_64/apache-mod_userdir-2.2.24-0.2mdvmes5.2.x86_64.rpm
 57169646e4b18475ab1972cb5d354baf  mes5/x86_64/apache-mpm-event-2.2.24-0.2mdvmes5.2.x86_64.rpm
 1fc4c980bcfb14974afa69ce9e13f38c  mes5/x86_64/apache-mpm-itk-2.2.24-0.2mdvmes5.2.x86_64.rpm
 820939b6dff73a37962c4a6f45ef95b3  mes5/x86_64/apache-mpm-peruser-2.2.24-0.2mdvmes5.2.x86_64.rpm
 f504ce8c864f5a835187af0fc006a837  mes5/x86_64/apache-mpm-prefork-2.2.24-0.2mdvmes5.2.x86_64.rpm
 d8a91f0478204eb78f2c133e9827060f  mes5/x86_64/apache-mpm-worker-2.2.24-0.2mdvmes5.2.x86_64.rpm
 dc27828820a3ee7dbac35a0f75508327  mes5/x86_64/apache-source-2.2.24-0.2mdvmes5.2.x86_64.rpm 
 7ecf959b4147587469cf16b92adff125  mes5/SRPMS/apache-2.2.24-0.2mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 f9883665425b2d2d4dbc825b4e379b72  mbs1/x86_64/apache-2.2.24-1.1.mbs1.x86_64.rpm
 bd78957b2829a18b78e55ea5114dadf5  mbs1/x86_64/apache-devel-2.2.24-1.1.mbs1.x86_64.rpm
 702976d0373ebafd8cf76007abdb201a  mbs1/x86_64/apache-doc-2.2.24-1.1.mbs1.noarch.rpm
 cc85757ebe750a004ff52a182a4b65fa  mbs1/x86_64/apache-htcacheclean-2.2.24-1.1.mbs1.x86_64.rpm
 3ec3a76edcff4cbd8eaeeaa8bb300483  mbs1/x86_64/apache-mod_authn_dbd-2.2.24-1.1.mbs1.x86_64.rpm
 8fd97c4f2b51aabfa108fff17d4b154a  mbs1/x86_64/apache-mod_cache-2.2.24-1.1.mbs1.x86_64.rpm
 cb6606caee63b2ae94fea585844e9f39  mbs1/x86_64/apache-mod_dav-2.2.24-1.1.mbs1.x86_64.rpm
 7081a03666455e36c149658fefb91dba  mbs1/x86_64/apache-mod_dbd-2.2.24-1.1.mbs1.x86_64.rpm
 014e84c6c877dcb1b4444ebac045effe  mbs1/x86_64/apache-mod_deflate-2.2.24-1.1.mbs1.x86_64.rpm
 a0fdc6a811ee64121814c6e9e086d546  mbs1/x86_64/apache-mod_disk_cache-2.2.24-1.1.mbs1.x86_64.rpm
 3e410d0d1dc6da7fe67efc9a6a33fb3c  mbs1/x86_64/apache-mod_file_cache-2.2.24-1.1.mbs1.x86_64.rpm
 ed41a6bf57d6567ca64384ed54cea763  mbs1/x86_64/apache-mod_ldap-2.2.24-1.1.mbs1.x86_64.rpm
 d961ef7af9eb98acd0858b7bd6746aca  mbs1/x86_64/apache-mod_mem_cache-2.2.24-1.1.mbs1.x86_64.rpm
 3acd6f496af690e779cd74993512813b  mbs1/x86_64/apache-mod_proxy-2.2.24-1.1.mbs1.x86_64.rpm
 ad5239d84b8f48a2d0185d0bad006b2c  mbs1/x86_64/apache-mod_proxy_ajp-2.2.24-1.1.mbs1.x86_64.rpm
 06c6f5734141386bafa103994a25bacb  mbs1/x86_64/apache-mod_proxy_scgi-2.2.24-1.1.mbs1.x86_64.rpm
 53f079e111c9e1434f83a784009ea143  mbs1/x86_64/apache-mod_reqtimeout-2.2.24-1.1.mbs1.x86_64.rpm
 a5f9a720e0672e17d3232e9ea180b21e  mbs1/x86_64/apache-mod_ssl-2.2.24-1.1.mbs1.x86_64.rpm
 cf9456ab4c9d7f6ec3a573402c1a6559  mbs1/x86_64/apache-mod_suexec-2.2.24-1.1.mbs1.x86_64.rpm
 036916178cb1bab9bae4de436ae60569  mbs1/x86_64/apache-mod_userdir-2.2.24-1.1.mbs1.x86_64.rpm
 21207fd475f04123a68979eae7f91eb4  mbs1/x86_64/apache-mpm-event-2.2.24-1.1.mbs1.x86_64.rpm
 3b2550887b391541bd33f3f8df88581a  mbs1/x86_64/apache-mpm-itk-2.2.24-1.1.mbs1.x86_64.rpm
 191b9b501971c58c1044318c31bb99bb  mbs1/x86_64/apache-mpm-peruser-2.2.24-1.1.mbs1.x86_64.rpm
 5cec02e7580a81741daa156b42ba8fa5  mbs1/x86_64/apache-mpm-prefork-2.2.24-1.1.mbs1.x86_64.rpm
 304228af555e4f84c70ab54bd1596fc3  mbs1/x86_64/apache-mpm-worker-2.2.24-1.1.mbs1.x86_64.rpm
 153f8db6aadef3391a39fcddb568bf04  mbs1/x86_64/apache-source-2.2.24-1.1.mbs1.noarch.rpm 
 f49443040789a8c46442c3e9393dbbe1  mbs1/SRPMS/apache-2.2.24-1.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Home router security holes to be exposed at Def Con 22 hacker meet up
Edward Snowden Calls on Hackers to Help Whistleblowers Leak More Secrets
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.