Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in apache
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in apache
ID: MDKSA-2003:103
Distribution: Mandrake
Plattformen: Mandrake 9.0, Mandrake Multi Network Firewall 8.2, Mandrake Corporate Server 2.1, Mandrake 9.1, Mandrake 9.2
Datum: Di, 4. November 2003, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0789
http://www.apache.org/dist/httpd/Announcement.html
http://www.apache.org/dist/httpd/Announcement2.html
Applikationen: Apache

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrake Linux Security Update Advisory
_______________________________________________________________________

Package name: apache
Advisory ID: MDKSA-2003:103
Date: November 3rd, 2003

Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________

Problem Description:

A buffer overflow in mod_alias and mod_rewrite was discovered in Apache
versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This
happens when a regular expression with more than 9 captures is
confined. An attacker would have to create a carefully crafted
configuration file (.htaccess or httpd.conf) in order to exploit these
problems.

As well, another buffer overflow in Apache 2.0.47 and earlier in
mod_cgid's mishandling of CGI redirect paths could result in CGI output
going to the wrong client when a threaded MPM is used.

Apache version 2.0.48 and 1.3.29 were released upstream to correct
these bugs; backported patches have been applied to the provided
packages.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789
http://www.apache.org/dist/httpd/Announcement.html
http://www.apache.org/dist/httpd/Announcement2.html
______________________________________________________________________

Updated Packages:

Corporate Server 2.1:
02895e0914bc1a0885000cef805f7759
corporate/2.1/RPMS/apache-1.3.26-6.3.90mdk.i586.rpm
ee997dd297049bc75878a5de8904c965
corporate/2.1/RPMS/apache-common-1.3.26-6.3.90mdk.i586.rpm
63806c79f65ee1a1830caa41b0cf3784
corporate/2.1/RPMS/apache-devel-1.3.26-6.3.90mdk.i586.rpm
68f2aca22d84d56b234aaaa2e348d2aa
corporate/2.1/RPMS/apache-manual-1.3.26-6.3.90mdk.i586.rpm
ed0d46c1a861a09dbe36b5ccdb02754d
corporate/2.1/RPMS/apache-modules-1.3.26-6.3.90mdk.i586.rpm
8788c3001078f32e975941aa7a556cd1
corporate/2.1/RPMS/apache-source-1.3.26-6.3.90mdk.i586.rpm
ed87d94ec5aeb007d98717e7d1a3d314
corporate/2.1/SRPMS/apache-1.3.26-6.3.90mdk.src.rpm

Corporate Server 2.1/x86_64:
91700397109a221089871e610ee438f3
x86_64/corporate/2.1/RPMS/apache-1.3.26-6.3.90mdk.x86_64.rpm
8e63504cfe91f209653401569c059042
x86_64/corporate/2.1/RPMS/apache-common-1.3.26-6.3.90mdk.x86_64.rpm
c71ee8d0d00d504beaa1bd3259152d28
x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-6.3.90mdk.x86_64.rpm
931135aefb6bc1214ba40621d9172ac1
x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-6.3.90mdk.x86_64.rpm
d46a618a36786f7eec1d5f494e794bda
x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-6.3.90mdk.x86_64.rpm
3b08e1dcfc7ef233dbd3ce9c6fff41d1
x86_64/corporate/2.1/RPMS/apache-source-1.3.26-6.3.90mdk.x86_64.rpm
ed87d94ec5aeb007d98717e7d1a3d314
x86_64/corporate/2.1/SRPMS/apache-1.3.26-6.3.90mdk.src.rpm

Mandrake Linux 9.0:
02895e0914bc1a0885000cef805f7759 9.0/RPMS/apache-1.3.26-6.3.90mdk.i586.rpm
ee997dd297049bc75878a5de8904c965
9.0/RPMS/apache-common-1.3.26-6.3.90mdk.i586.rpm
63806c79f65ee1a1830caa41b0cf3784
9.0/RPMS/apache-devel-1.3.26-6.3.90mdk.i586.rpm
68f2aca22d84d56b234aaaa2e348d2aa
9.0/RPMS/apache-manual-1.3.26-6.3.90mdk.i586.rpm
ed0d46c1a861a09dbe36b5ccdb02754d
9.0/RPMS/apache-modules-1.3.26-6.3.90mdk.i586.rpm
8788c3001078f32e975941aa7a556cd1
9.0/RPMS/apache-source-1.3.26-6.3.90mdk.i586.rpm
ed87d94ec5aeb007d98717e7d1a3d314 9.0/SRPMS/apache-1.3.26-6.3.90mdk.src.rpm

Mandrake Linux 9.1:
3a24d35dcd08d4c82ccd6fac204047bc 9.1/RPMS/apache-1.3.27-8.1.91mdk.i586.rpm
61cde3633d0866c6f03e29565ea56360
9.1/RPMS/apache-devel-1.3.27-8.1.91mdk.i586.rpm
e58a9378cff2e24bcbfe6c56d08f2505
9.1/RPMS/apache-modules-1.3.27-8.1.91mdk.i586.rpm
4b47d0bc773d59a17d5a40f627569707
9.1/RPMS/apache-source-1.3.27-8.1.91mdk.i586.rpm
c780a92fd6dbb3cdd0d52049c534778f 9.1/RPMS/apache2-2.0.47-1.6.91mdk.i586.rpm
41e7366c6dfa0331ed48027e3a2dd881
9.1/RPMS/apache2-common-2.0.47-1.6.91mdk.i586.rpm
230d990186ca121121bbc4e1720afb3d
9.1/RPMS/apache2-devel-2.0.47-1.6.91mdk.i586.rpm
36894b37c5eb5dfa628f6a2fe3de5580
9.1/RPMS/apache2-manual-2.0.47-1.6.91mdk.i586.rpm
76e8293d061a84d9413453e1d6c282b6
9.1/RPMS/apache2-mod_dav-2.0.47-1.6.91mdk.i586.rpm
bb106f0ebd893e4547ef3f0a6d1572f9
9.1/RPMS/apache2-mod_ldap-2.0.47-1.6.91mdk.i586.rpm
17003f2c15c2379275caf21fe097c7a9
9.1/RPMS/apache2-mod_ssl-2.0.47-1.6.91mdk.i586.rpm
d595f9e2c94b646869087a15e8138a44
9.1/RPMS/apache2-modules-2.0.47-1.6.91mdk.i586.rpm
b119835d0d18b01613e7977f4daa7a38
9.1/RPMS/apache2-source-2.0.47-1.6.91mdk.i586.rpm
7c3b7fc1bed6ed59b8a328d8ac3b3056 9.1/RPMS/libapr0-2.0.47-1.6.91mdk.i586.rpm
a187d7819937e82deea23da621f38ee5 9.1/SRPMS/apache-1.3.27-8.1.91mdk.src.rpm
31a46639efb035b67ea3b70f91815d9b 9.1/SRPMS/apache2-2.0.47-1.6.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
6cf015976106eaaa8bdbfb46501c5339 ppc/9.1/RPMS/apache-1.3.27-8.1.91mdk.ppc.rpm
41f85b24716c140bdd5f041200d6f68c
ppc/9.1/RPMS/apache-devel-1.3.27-8.1.91mdk.ppc.rpm
12ea7768f27c739f433f8cd856e8f3ed
ppc/9.1/RPMS/apache-modules-1.3.27-8.1.91mdk.ppc.rpm
8ddfdeb72fe3058ae83076ad00b184c4
ppc/9.1/RPMS/apache-source-1.3.27-8.1.91mdk.ppc.rpm
7ecb812bb84877964bd0244527042b7c
ppc/9.1/RPMS/apache2-2.0.47-1.6.91mdk.ppc.rpm
df9dbdcaf995332bc2950f3b64e0b5cd
ppc/9.1/RPMS/apache2-common-2.0.47-1.6.91mdk.ppc.rpm
7efb7e7271527bef25ac76c017cf940f
ppc/9.1/RPMS/apache2-devel-2.0.47-1.6.91mdk.ppc.rpm
46e0066408b8c9c2f537315b9d7de495
ppc/9.1/RPMS/apache2-manual-2.0.47-1.6.91mdk.ppc.rpm
832793eba23c7f55544ade7478d66971
ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.6.91mdk.ppc.rpm
1338474c76c753216f024f6df189a369
ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.6.91mdk.ppc.rpm
2f1fc4f54067d4ed4e13a24de93ac2b2
ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.6.91mdk.ppc.rpm
c9e89384dced046092fb96e3f4c71cd3
ppc/9.1/RPMS/apache2-modules-2.0.47-1.6.91mdk.ppc.rpm
893a388ffd122c25b021ccaedcaf3bc8
ppc/9.1/RPMS/apache2-source-2.0.47-1.6.91mdk.ppc.rpm
8797a894c157099d8fa59e0ee6a09725
ppc/9.1/RPMS/libapr0-2.0.47-1.6.91mdk.ppc.rpm
a187d7819937e82deea23da621f38ee5
ppc/9.1/SRPMS/apache-1.3.27-8.1.91mdk.src.rpm
31a46639efb035b67ea3b70f91815d9b
ppc/9.1/SRPMS/apache2-2.0.47-1.6.91mdk.src.rpm

Mandrake Linux 9.2:
87b439a1ea3c7a53ae6bd65b8de8823d 9.2/RPMS/apache-1.3.28-3.1.92mdk.i586.rpm
a7dd2cfc0f24e74285756df47b8b2560
9.2/RPMS/apache-devel-1.3.28-3.1.92mdk.i586.rpm
e9396a1d140c37ed3c54c9fc8946b075
9.2/RPMS/apache-modules-1.3.28-3.1.92mdk.i586.rpm
59f841c1809a057b7db9809f98902e2a
9.2/RPMS/apache-source-1.3.28-3.1.92mdk.i586.rpm
67ea76c94fd96d4b58902f347e7424a4 9.2/RPMS/apache2-2.0.47-6.3.92mdk.i586.rpm
57972c71c8489d0a3c9a68185031b879
9.2/RPMS/apache2-common-2.0.47-6.3.92mdk.i586.rpm
3f3fb3d57b63cc56df9d6c7318a7cac5
9.2/RPMS/apache2-devel-2.0.47-6.3.92mdk.i586.rpm
cea519816faccd534f542965fbbf9d15
9.2/RPMS/apache2-manual-2.0.47-6.3.92mdk.i586.rpm
8d591555255d4348900fcd1bbc74061e
9.2/RPMS/apache2-mod_cache-2.0.47-6.3.92mdk.i586.rpm
0e1fbe572782f546b44054a0265ea06e
9.2/RPMS/apache2-mod_dav-2.0.47-6.3.92mdk.i586.rpm
3421ea0f95a7d897d9d339bf6e3aae33
9.2/RPMS/apache2-mod_deflate-2.0.47-6.3.92mdk.i586.rpm
46bec7aa9274f16aa9768aa6ffec0cb5
9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.3.92mdk.i586.rpm
d343b2d6a22f52a2ff5dd2844005c0f2
9.2/RPMS/apache2-mod_file_cache-2.0.47-6.3.92mdk.i586.rpm
8f6b81b7933f766fc979254f4ce3b83c
9.2/RPMS/apache2-mod_ldap-2.0.47-6.3.92mdk.i586.rpm
fedeaeb50040b8292f5b4da2cb27fc4e
9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.3.92mdk.i586.rpm
63774164ba26208b71a2a7a5f5136550
9.2/RPMS/apache2-mod_proxy-2.0.47-6.3.92mdk.i586.rpm
0399f23f2c87e07d18bb98617c79f24c
9.2/RPMS/apache2-mod_ssl-2.0.47-6.3.92mdk.i586.rpm
36e47d1f2ba0a23d6c1055fe6f606134
9.2/RPMS/apache2-modules-2.0.47-6.3.92mdk.i586.rpm
1af39eba2fff3635a323dfec02a333fb
9.2/RPMS/apache2-source-2.0.47-6.3.92mdk.i586.rpm
4b7d2788a521162aa67237db2dbc0c3d 9.2/RPMS/libapr0-2.0.47-6.3.92mdk.i586.rpm
e6603582c732931d8c8186547eee702d 9.2/SRPMS/apache-1.3.28-3.1.92mdk.src.rpm
6407cf397b65ebf7b66554d7a1445489 9.2/SRPMS/apache2-2.0.47-6.3.92mdk.src.rpm

Multi Network Firewall 8.2:
4ae3471596b2301da8062c38e7406c38
mnf8.2/RPMS/apache-1.3.23-4.3.M82mdk.i586.rpm
fd001d68be7fc7086ca7493da05db4f0
mnf8.2/RPMS/apache-common-1.3.23-4.3.M82mdk.i586.rpm
b7776aac2533499a79c820d0097187a0
mnf8.2/RPMS/apache-modules-1.3.23-4.3.M82mdk.i586.rpm
98df8da770fe4b3ede43e4af4e9de067
mnf8.2/SRPMS/apache-1.3.23-4.3.M82mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/pu8lmqjQ0CJFipgRAkziAJ9NZx+harn15u3ZByaE6RMMKasl5wCeNRcq
iM5sSfISyCmb1GE8szE+aZM=
=qcI3
-----END PGP SIGNATURE-----
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung