Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Apache
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Apache
ID: MDVSA-2013:174
Distribution: Mandriva
Plattformen: Mandriva Enterprise Server 5.0, Mandriva Business Server 1.0
Datum: Fr, 14. Juni 2013, 23:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
https://bugzilla.redhat.com/show_bug.cgi?id=953729
https://issues.apache.org/bugzilla/show_bug.cgi?id=54893
Applikationen: Apache

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1371223651-2483-10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:174
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : apache
 Date    : June 14, 2013
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in apache:
 
 mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server
 2.2.x before 2.2.25 writes data to a log file without sanitizing
 non-printable characters, which might allow remote attackers to execute
 arbitrary commands via an HTTP request containing an escape sequence
 for a terminal emulator (CVE-2013-1862).
 
 A buffer overflow when reading digest password file with very long
 lines in htdigest was discovered (PR 54893).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
 https://bugzilla.redhat.com/show_bug.cgi?id=953729
 https://issues.apache.org/bugzilla/show_bug.cgi?id=54893
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 0a8d5cf64c41a4e12a30f67eb8065117 
 mes5/i586/apache-base-2.2.24-0.2mdvmes5.2.i586.rpm
 d33ed3e074ec7c8f3463effded777228 
 mes5/i586/apache-devel-2.2.24-0.2mdvmes5.2.i586.rpm
 9792fe8498d9e71a39e4b5ccf704163d 
 mes5/i586/apache-doc-2.2.24-0.2mdvmes5.2.i586.rpm
 bdb640f694a58f5d64825506a56723bd 
 mes5/i586/apache-htcacheclean-2.2.24-0.2mdvmes5.2.i586.rpm
 9d22370a9132ce43a91d19412c7d5802 
 mes5/i586/apache-mod_authn_dbd-2.2.24-0.2mdvmes5.2.i586.rpm
 0dd9bd4a4a6d38a3268d7a179d8841bb 
 mes5/i586/apache-mod_cache-2.2.24-0.2mdvmes5.2.i586.rpm
 694d46859c23fd52270be6ba1757b630 
 mes5/i586/apache-mod_dav-2.2.24-0.2mdvmes5.2.i586.rpm
 249a736db45d03f089ccdda3ae121330 
 mes5/i586/apache-mod_dbd-2.2.24-0.2mdvmes5.2.i586.rpm
 38b67619272b4d8e61b8e8ff14e326f5 
 mes5/i586/apache-mod_deflate-2.2.24-0.2mdvmes5.2.i586.rpm
 7f228d030849af78a59ff53e6a07a142 
 mes5/i586/apache-mod_disk_cache-2.2.24-0.2mdvmes5.2.i586.rpm
 1d74a46313851698bc52f99be5239223 
 mes5/i586/apache-mod_file_cache-2.2.24-0.2mdvmes5.2.i586.rpm
 188eb4b82459928d64703ab09eefa49c 
 mes5/i586/apache-mod_ldap-2.2.24-0.2mdvmes5.2.i586.rpm
 708fefd12aeb979117afc60308c9be3c 
 mes5/i586/apache-mod_mem_cache-2.2.24-0.2mdvmes5.2.i586.rpm
 471ac83063e00b06d9061490f3a10dc8 
 mes5/i586/apache-mod_proxy-2.2.24-0.2mdvmes5.2.i586.rpm
 19c14db70e9aa08ab351515ec25b4006 
 mes5/i586/apache-mod_proxy_ajp-2.2.24-0.2mdvmes5.2.i586.rpm
 50a11fa802e8683a62f6116b854d6331 
 mes5/i586/apache-mod_proxy_scgi-2.2.24-0.2mdvmes5.2.i586.rpm
 b0086b24dfbbfde6374a00a03a1353b6 
 mes5/i586/apache-mod_reqtimeout-2.2.24-0.2mdvmes5.2.i586.rpm
 5093914b74ea63d9df30948210d429b9 
 mes5/i586/apache-mod_ssl-2.2.24-0.2mdvmes5.2.i586.rpm
 3d555523507643819ebc8465a9a026ca 
 mes5/i586/apache-modules-2.2.24-0.2mdvmes5.2.i586.rpm
 b653a7805441bcf72c3d1dee803e594a 
 mes5/i586/apache-mod_userdir-2.2.24-0.2mdvmes5.2.i586.rpm
 9833e171f731532791c33d1e62ebd3b6 
 mes5/i586/apache-mpm-event-2.2.24-0.2mdvmes5.2.i586.rpm
 2bfc7f5ac70f3048d20824b82989e112 
 mes5/i586/apache-mpm-itk-2.2.24-0.2mdvmes5.2.i586.rpm
 532cab33bb165a1382dd6ac2e42fbca0 
 mes5/i586/apache-mpm-peruser-2.2.24-0.2mdvmes5.2.i586.rpm
 09f0c608ab19ea5064256133634a4c08 
 mes5/i586/apache-mpm-prefork-2.2.24-0.2mdvmes5.2.i586.rpm
 ba6ef7e999123a63eff221bccbc86f0f 
 mes5/i586/apache-mpm-worker-2.2.24-0.2mdvmes5.2.i586.rpm
 0049e4ec81765d0b32502047abd850d1 
 mes5/i586/apache-source-2.2.24-0.2mdvmes5.2.i586.rpm 
 7ecf959b4147587469cf16b92adff125 
 mes5/SRPMS/apache-2.2.24-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 bdc282a4e5c1d88b53271b0113e27df1 
 mes5/x86_64/apache-base-2.2.24-0.2mdvmes5.2.x86_64.rpm
 c22e464d1bb4ccc4ecc194fa242f9708 
 mes5/x86_64/apache-devel-2.2.24-0.2mdvmes5.2.x86_64.rpm
 19ca7a53af329a34320724361c856565 
 mes5/x86_64/apache-doc-2.2.24-0.2mdvmes5.2.x86_64.rpm
 bc42e2d3f34b70b793634ecdb765e247 
 mes5/x86_64/apache-htcacheclean-2.2.24-0.2mdvmes5.2.x86_64.rpm
 a328f02d6f643f0186b6f4ae5c43145c 
 mes5/x86_64/apache-mod_authn_dbd-2.2.24-0.2mdvmes5.2.x86_64.rpm
 ac6be2afbc7677d09d8907defee10fe5 
 mes5/x86_64/apache-mod_cache-2.2.24-0.2mdvmes5.2.x86_64.rpm
 18e898fd0a675f84f260aa62e73e9954 
 mes5/x86_64/apache-mod_dav-2.2.24-0.2mdvmes5.2.x86_64.rpm
 b74a960eec0fc6f024e10bf9e4707a22 
 mes5/x86_64/apache-mod_dbd-2.2.24-0.2mdvmes5.2.x86_64.rpm
 2b488316a95bf4bb4882fb0e840ff9d0 
 mes5/x86_64/apache-mod_deflate-2.2.24-0.2mdvmes5.2.x86_64.rpm
 69f74b269a91b78151ea19a56b9b0016 
 mes5/x86_64/apache-mod_disk_cache-2.2.24-0.2mdvmes5.2.x86_64.rpm
 c901a033e81e0a4917254138651c7fb6 
 mes5/x86_64/apache-mod_file_cache-2.2.24-0.2mdvmes5.2.x86_64.rpm
 3ca0efce8be434ec019783f2348c417d 
 mes5/x86_64/apache-mod_ldap-2.2.24-0.2mdvmes5.2.x86_64.rpm
 ff0c80abb1b46a214da0776f268973d7 
 mes5/x86_64/apache-mod_mem_cache-2.2.24-0.2mdvmes5.2.x86_64.rpm
 2cc200c5ef5d82cf6f457049287c5d4a 
 mes5/x86_64/apache-mod_proxy-2.2.24-0.2mdvmes5.2.x86_64.rpm
 f82e01672d6bc314e849e88ca2fcfb63 
 mes5/x86_64/apache-mod_proxy_ajp-2.2.24-0.2mdvmes5.2.x86_64.rpm
 4a4bdb8077cc824d481d22a8871b0e65 
 mes5/x86_64/apache-mod_proxy_scgi-2.2.24-0.2mdvmes5.2.x86_64.rpm
 ccbd6135fd36eb9da8c058632c78fef5 
 mes5/x86_64/apache-mod_reqtimeout-2.2.24-0.2mdvmes5.2.x86_64.rpm
 d04950473b06300c1b8de8a17440bc2e 
 mes5/x86_64/apache-mod_ssl-2.2.24-0.2mdvmes5.2.x86_64.rpm
 66e20b8bb5721470518e32fde6bc4d9d 
 mes5/x86_64/apache-modules-2.2.24-0.2mdvmes5.2.x86_64.rpm
 932b1793e1b678dc2734f105d1ff4e5a 
 mes5/x86_64/apache-mod_userdir-2.2.24-0.2mdvmes5.2.x86_64.rpm
 57169646e4b18475ab1972cb5d354baf 
 mes5/x86_64/apache-mpm-event-2.2.24-0.2mdvmes5.2.x86_64.rpm
 1fc4c980bcfb14974afa69ce9e13f38c 
 mes5/x86_64/apache-mpm-itk-2.2.24-0.2mdvmes5.2.x86_64.rpm
 820939b6dff73a37962c4a6f45ef95b3 
 mes5/x86_64/apache-mpm-peruser-2.2.24-0.2mdvmes5.2.x86_64.rpm
 f504ce8c864f5a835187af0fc006a837 
 mes5/x86_64/apache-mpm-prefork-2.2.24-0.2mdvmes5.2.x86_64.rpm
 d8a91f0478204eb78f2c133e9827060f 
 mes5/x86_64/apache-mpm-worker-2.2.24-0.2mdvmes5.2.x86_64.rpm
 dc27828820a3ee7dbac35a0f75508327 
 mes5/x86_64/apache-source-2.2.24-0.2mdvmes5.2.x86_64.rpm 
 7ecf959b4147587469cf16b92adff125 
 mes5/SRPMS/apache-2.2.24-0.2mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 f9883665425b2d2d4dbc825b4e379b72 
 mbs1/x86_64/apache-2.2.24-1.1.mbs1.x86_64.rpm
 bd78957b2829a18b78e55ea5114dadf5 
 mbs1/x86_64/apache-devel-2.2.24-1.1.mbs1.x86_64.rpm
 702976d0373ebafd8cf76007abdb201a 
 mbs1/x86_64/apache-doc-2.2.24-1.1.mbs1.noarch.rpm
 cc85757ebe750a004ff52a182a4b65fa 
 mbs1/x86_64/apache-htcacheclean-2.2.24-1.1.mbs1.x86_64.rpm
 3ec3a76edcff4cbd8eaeeaa8bb300483 
 mbs1/x86_64/apache-mod_authn_dbd-2.2.24-1.1.mbs1.x86_64.rpm
 8fd97c4f2b51aabfa108fff17d4b154a 
 mbs1/x86_64/apache-mod_cache-2.2.24-1.1.mbs1.x86_64.rpm
 cb6606caee63b2ae94fea585844e9f39 
 mbs1/x86_64/apache-mod_dav-2.2.24-1.1.mbs1.x86_64.rpm
 7081a03666455e36c149658fefb91dba 
 mbs1/x86_64/apache-mod_dbd-2.2.24-1.1.mbs1.x86_64.rpm
 014e84c6c877dcb1b4444ebac045effe 
 mbs1/x86_64/apache-mod_deflate-2.2.24-1.1.mbs1.x86_64.rpm
 a0fdc6a811ee64121814c6e9e086d546 
 mbs1/x86_64/apache-mod_disk_cache-2.2.24-1.1.mbs1.x86_64.rpm
 3e410d0d1dc6da7fe67efc9a6a33fb3c 
 mbs1/x86_64/apache-mod_file_cache-2.2.24-1.1.mbs1.x86_64.rpm
 ed41a6bf57d6567ca64384ed54cea763 
 mbs1/x86_64/apache-mod_ldap-2.2.24-1.1.mbs1.x86_64.rpm
 d961ef7af9eb98acd0858b7bd6746aca 
 mbs1/x86_64/apache-mod_mem_cache-2.2.24-1.1.mbs1.x86_64.rpm
 3acd6f496af690e779cd74993512813b 
 mbs1/x86_64/apache-mod_proxy-2.2.24-1.1.mbs1.x86_64.rpm
 ad5239d84b8f48a2d0185d0bad006b2c 
 mbs1/x86_64/apache-mod_proxy_ajp-2.2.24-1.1.mbs1.x86_64.rpm
 06c6f5734141386bafa103994a25bacb 
 mbs1/x86_64/apache-mod_proxy_scgi-2.2.24-1.1.mbs1.x86_64.rpm
 53f079e111c9e1434f83a784009ea143 
 mbs1/x86_64/apache-mod_reqtimeout-2.2.24-1.1.mbs1.x86_64.rpm
 a5f9a720e0672e17d3232e9ea180b21e 
 mbs1/x86_64/apache-mod_ssl-2.2.24-1.1.mbs1.x86_64.rpm
 cf9456ab4c9d7f6ec3a573402c1a6559 
 mbs1/x86_64/apache-mod_suexec-2.2.24-1.1.mbs1.x86_64.rpm
 036916178cb1bab9bae4de436ae60569 
 mbs1/x86_64/apache-mod_userdir-2.2.24-1.1.mbs1.x86_64.rpm
 21207fd475f04123a68979eae7f91eb4 
 mbs1/x86_64/apache-mpm-event-2.2.24-1.1.mbs1.x86_64.rpm
 3b2550887b391541bd33f3f8df88581a 
 mbs1/x86_64/apache-mpm-itk-2.2.24-1.1.mbs1.x86_64.rpm
 191b9b501971c58c1044318c31bb99bb 
 mbs1/x86_64/apache-mpm-peruser-2.2.24-1.1.mbs1.x86_64.rpm
 5cec02e7580a81741daa156b42ba8fa5 
 mbs1/x86_64/apache-mpm-prefork-2.2.24-1.1.mbs1.x86_64.rpm
 304228af555e4f84c70ab54bd1596fc3 
 mbs1/x86_64/apache-mpm-worker-2.2.24-1.1.mbs1.x86_64.rpm
 153f8db6aadef3391a39fcddb568bf04 
 mbs1/x86_64/apache-source-2.2.24-1.1.mbs1.noarch.rpm 
 f49443040789a8c46442c3e9393dbbe1  mbs1/SRPMS/apache-2.2.24-1.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRuwlzmqjQ0CJFipgRAlG7AKDQ3Xy7er2TqLwwKb9yOW9gCndu+gCg9q0k
/Izii75hQ+sb7O4WK6l9ghI=
=iyY/
-----END PGP SIGNATURE-----


------------=_1371223651-2483-10
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://store.mandriva.com
_______________________________________________________


------------=_1371223651-2483-10--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung