Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Apache
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Apache
ID: MDVSA-2012:154-1
Distribution: Mandriva
Plattformen: Keine Angabe
Datum: Mo, 1. Oktober 2012, 23:46
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
http://httpd.apache.org/security/vulnerabilities_22.html
http://www.apache.org/dist/httpd/CHANGES_2.2.23
Applikationen: Apache

Originalnachricht

This is a multi-part message in MIME format...

------------=_1349114832-4618-193

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:154-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : apache
Date : October 1, 2012
Affected: 2011.
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in apache
(ASF HTTPD):

Insecure handling of LD_LIBRARY_PATH was found that could lead to
the current working directory to be searched for DSOs. This could
allow a local user to execute code as root if an administrator runs
apachectl from an untrusted directory (CVE-2012-0883).

Possible XSS for sites which use mod_negotiation and allow untrusted
uploads to locations which have MultiViews enabled (CVE-2012-2687).

The updated packages have been upgraded to the latest 2.2.23 version
which is not vulnerable to these issues.

Update:

Packages for Mandriva Linux 2011 is also being provided.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
http://httpd.apache.org/security/vulnerabilities_22.html
http://www.apache.org/dist/httpd/CHANGES_2.2.23
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
304de24601ba6d0511bb81b874a0f233
2011/i586/apache-base-2.2.23-0.1-mdv2011.0.i586.rpm
2cb8260077a6397789fbd5d4a4d085eb
2011/i586/apache-conf-2.2.23-0.1-mdv2011.0.i586.rpm
30b35a2b7e38d194a2616aabf282fc8e
2011/i586/apache-devel-2.2.23-0.1-mdv2011.0.i586.rpm
808b441d5f6a4dfe677027f052be5b2e
2011/i586/apache-doc-2.2.23-0.1-mdv2011.0.noarch.rpm
48e1b89096e022e2370846ee6be23cb0
2011/i586/apache-htcacheclean-2.2.23-0.1-mdv2011.0.i586.rpm
69e8ff977665c5ffcaa56a633a9c075d
2011/i586/apache-mod_authn_dbd-2.2.23-0.1-mdv2011.0.i586.rpm
cef83ce377d853787f157372d174e43a
2011/i586/apache-mod_cache-2.2.23-0.1-mdv2011.0.i586.rpm
e727d7356474d2899d971ded9ead528a
2011/i586/apache-mod_dav-2.2.23-0.1-mdv2011.0.i586.rpm
a6d4a2d3bde1c22f9885e45674acb859
2011/i586/apache-mod_dbd-2.2.23-0.1-mdv2011.0.i586.rpm
e95a0e806ed2714f58c4931f923dd9ff
2011/i586/apache-mod_deflate-2.2.23-0.1-mdv2011.0.i586.rpm
eea3f9df618d84f4d7718fa7f7ed7fc2
2011/i586/apache-mod_disk_cache-2.2.23-0.1-mdv2011.0.i586.rpm
f4e5b517609491cff78e787478701c2d
2011/i586/apache-mod_file_cache-2.2.23-0.1-mdv2011.0.i586.rpm
e6b6bf3657df8d57f714b376f0a46c17
2011/i586/apache-mod_ldap-2.2.23-0.1-mdv2011.0.i586.rpm
f08c6df85eee5fb376495a1962fe3b70
2011/i586/apache-mod_mem_cache-2.2.23-0.1-mdv2011.0.i586.rpm
8e0e8200b769acf3c5e4bbe7726fd915
2011/i586/apache-mod_proxy-2.2.23-0.1-mdv2011.0.i586.rpm
6c999383b58c6ee96282386b4fb7d9ea
2011/i586/apache-mod_proxy_ajp-2.2.23-0.1-mdv2011.0.i586.rpm
20b0d2479343f49409b5e31e9338f4dc
2011/i586/apache-mod_proxy_scgi-2.2.23-0.1-mdv2011.0.i586.rpm
1e51299c37aa0cbd03a65a260d12ddeb
2011/i586/apache-mod_reqtimeout-2.2.23-0.1-mdv2011.0.i586.rpm
0ddbed217d6677478b0a2a01732ff491
2011/i586/apache-mod_ssl-2.2.23-0.1-mdv2011.0.i586.rpm
0a14fbf39eab16eb6f306545149d1d08
2011/i586/apache-mod_suexec-2.2.23-0.1-mdv2011.0.i586.rpm
58a903513f5debd76f3af90df3cb81f2
2011/i586/apache-modules-2.2.23-0.1-mdv2011.0.i586.rpm
92dc4453fc1412585be0a2d6910ad1bb
2011/i586/apache-mod_userdir-2.2.23-0.1-mdv2011.0.i586.rpm
a6fcd50c146c04c53adfd63cdeff0886
2011/i586/apache-mpm-event-2.2.23-0.1-mdv2011.0.i586.rpm
2789b0dff916fbc432705402ccaf48b0
2011/i586/apache-mpm-itk-2.2.23-0.1-mdv2011.0.i586.rpm
1373ec52e55560feab9bbc4841d121c7
2011/i586/apache-mpm-peruser-2.2.23-0.1-mdv2011.0.i586.rpm
02b03a8c84896f04ce7c4ee098db88f1
2011/i586/apache-mpm-prefork-2.2.23-0.1-mdv2011.0.i586.rpm
9fff7197d3b44a8dc4c328ae42b0c78d
2011/i586/apache-mpm-worker-2.2.23-0.1-mdv2011.0.i586.rpm
b377ef4867bb4bb4740b6c454c673ae9
2011/i586/apache-source-2.2.23-0.1-mdv2011.0.i586.rpm
ff8b62d886256d35b4b48b599dde8b42 2011/SRPMS/apache-2.2.23-0.1.src.rpm
b293c41bc67cd64e55d4f76cbc01e5fa 2011/SRPMS/apache-conf-2.2.23-0.1.src.rpm
7b26aff710ef4cf8761ee0f2d56335de
2011/SRPMS/apache-mod_suexec-2.2.23-0.1.src.rpm

Mandriva Linux 2011/X86_64:
c4985b28e7ec9150a212a50b83acf971
2011/x86_64/apache-base-2.2.23-0.1-mdv2011.0.x86_64.rpm
1a47380b5c2408302ae45e53c57e3dd7
2011/x86_64/apache-conf-2.2.23-0.1-mdv2011.0.x86_64.rpm
1ddc2098bd25562f20fb5dc13f15bbb4
2011/x86_64/apache-devel-2.2.23-0.1-mdv2011.0.x86_64.rpm
98ebe1c72a3f4393089f4dff74478aef
2011/x86_64/apache-doc-2.2.23-0.1-mdv2011.0.noarch.rpm
cdd1a070b46dae87bcc56c9ffdf787e1
2011/x86_64/apache-htcacheclean-2.2.23-0.1-mdv2011.0.x86_64.rpm
b63b8c6c86a1d12c0d7d975965c68520
2011/x86_64/apache-mod_authn_dbd-2.2.23-0.1-mdv2011.0.x86_64.rpm
f32eda71a0d502ed40c57160781a4ae7
2011/x86_64/apache-mod_cache-2.2.23-0.1-mdv2011.0.x86_64.rpm
83e739d64bbb194125a94ebd0f48e3dd
2011/x86_64/apache-mod_dav-2.2.23-0.1-mdv2011.0.x86_64.rpm
480f7d2b5871cf135c94693e51e0304f
2011/x86_64/apache-mod_dbd-2.2.23-0.1-mdv2011.0.x86_64.rpm
0bb1ce70ccc8faf9446ce4fb876463ac
2011/x86_64/apache-mod_deflate-2.2.23-0.1-mdv2011.0.x86_64.rpm
b5a054dd23f63b2853e3aedf0feeb0be
2011/x86_64/apache-mod_disk_cache-2.2.23-0.1-mdv2011.0.x86_64.rpm
17d3e7b2f6706d732d141f32a28b0bcc
2011/x86_64/apache-mod_file_cache-2.2.23-0.1-mdv2011.0.x86_64.rpm
afbd5756292b77c910191208530f11f9
2011/x86_64/apache-mod_ldap-2.2.23-0.1-mdv2011.0.x86_64.rpm
554905b1d3d606fa6d4d27a7fb24f5ab
2011/x86_64/apache-mod_mem_cache-2.2.23-0.1-mdv2011.0.x86_64.rpm
a8052b80204773827087adf071276075
2011/x86_64/apache-mod_proxy-2.2.23-0.1-mdv2011.0.x86_64.rpm
f5cdac9841f48f9de11cb70477924fd9
2011/x86_64/apache-mod_proxy_ajp-2.2.23-0.1-mdv2011.0.x86_64.rpm
54f266ab995d16892c9da04e2fe7be7d
2011/x86_64/apache-mod_proxy_scgi-2.2.23-0.1-mdv2011.0.x86_64.rpm
0cbfba26f9b4afdb27bb47f09d4544d1
2011/x86_64/apache-mod_reqtimeout-2.2.23-0.1-mdv2011.0.x86_64.rpm
1cada2498b31e1e218b11bce3f971033
2011/x86_64/apache-mod_ssl-2.2.23-0.1-mdv2011.0.x86_64.rpm
dbb6bbac5f46b0e38b45aa38cd5c264b
2011/x86_64/apache-mod_suexec-2.2.23-0.1-mdv2011.0.x86_64.rpm
2217d6023cedd9002c9882cc6d420ab9
2011/x86_64/apache-modules-2.2.23-0.1-mdv2011.0.x86_64.rpm
6e808ea12619204f2df8e1a2f9297652
2011/x86_64/apache-mod_userdir-2.2.23-0.1-mdv2011.0.x86_64.rpm
ef4f018d2c2d366ae4fefd105a9dc281
2011/x86_64/apache-mpm-event-2.2.23-0.1-mdv2011.0.x86_64.rpm
4f9347c3375eb9f36207731d11687d15
2011/x86_64/apache-mpm-itk-2.2.23-0.1-mdv2011.0.x86_64.rpm
55e80fe4664781176c1a10b18c948cc9
2011/x86_64/apache-mpm-peruser-2.2.23-0.1-mdv2011.0.x86_64.rpm
d1eb3c2f9348686c2dd461389dd28b9e
2011/x86_64/apache-mpm-prefork-2.2.23-0.1-mdv2011.0.x86_64.rpm
f95c3d4b86d7014b8df2ea025551eadf
2011/x86_64/apache-mpm-worker-2.2.23-0.1-mdv2011.0.x86_64.rpm
304e6bcde281da5142f612886f9ef182
2011/x86_64/apache-source-2.2.23-0.1-mdv2011.0.x86_64.rpm
ff8b62d886256d35b4b48b599dde8b42 2011/SRPMS/apache-2.2.23-0.1.src.rpm
b293c41bc67cd64e55d4f76cbc01e5fa 2011/SRPMS/apache-conf-2.2.23-0.1.src.rpm
7b26aff710ef4cf8761ee0f2d56335de
2011/SRPMS/apache-mod_suexec-2.2.23-0.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQaa9/mqjQ0CJFipgRAhruAJ9EC4FWiuzvbIXRyxeJEa6ifXWfngCfdzew
7eKtlYj6mMOMjJJ0oekKwnQ=
=t10D
-----END PGP SIGNATURE-----


------------=_1349114832-4618-193
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1349114832-4618-193--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung