Login
Newsletter
Werbung
Sicherheit: Pufferüberlauf in apache2
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in apache2
ID: MDKSA-2005:155
Distribution: Mandriva
Plattformen: Mandriva 10.0, Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0
Datum: Di, 30. August 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491
Applikationen: Apache

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1125359246-805-1713

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           apache2
 Advisory ID:            MDKSA-2005:155
 Date:                   August 29th, 2005

 Affected versions:	 10.0, Corporate 3.0,
			 Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Integer overflow in pcre_compile.c in Perl Compatible Regular
 Expressions (PCRE) before 6.2, as used in multiple products, allows
 attackers to execute arbitrary code via quantifier values in regular
 expressions, which leads to a heap-based buffer overflow.
 
 The apache2 packages, as shipped, were built using a private copy of pcre.
 
 The updated packages have been rebuilt against the system pcre libs
 to correct this problem. 10.1 and 10.2/LE2005 are already built against 
 the system pcre.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 943881ebaf9da5f51f8bccfbc515f641 
 10.0/RPMS/apache2-2.0.48-6.10.100mdk.i586.rpm
 292468acb04a3760d3c075450f44348f 
 10.0/RPMS/apache2-common-2.0.48-6.10.100mdk.i586.rpm
 f8f5ebd3f2cb2bef58d5ff57e0ab2404 
 10.0/RPMS/apache2-devel-2.0.48-6.10.100mdk.i586.rpm
 b25bc3e1a57d0beea4723fa5219456f3 
 10.0/RPMS/apache2-manual-2.0.48-6.10.100mdk.i586.rpm
 84177f9b193cc5e0468b409350abfbd9 
 10.0/RPMS/apache2-mod_cache-2.0.48-6.10.100mdk.i586.rpm
 c31198b85803695ac28f3922aeb9f511 
 10.0/RPMS/apache2-mod_dav-2.0.48-6.10.100mdk.i586.rpm
 c4091a8481f73214dffb467c36bc89d8 
 10.0/RPMS/apache2-mod_deflate-2.0.48-6.10.100mdk.i586.rpm
 819ffb5454d55a4965eea4757baa5e3d 
 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.10.100mdk.i586.rpm
 498eed09c7a7fa948f90325e6b112d70 
 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.10.100mdk.i586.rpm
 2ac7af479cf53207a5453122dd359a06 
 10.0/RPMS/apache2-mod_ldap-2.0.48-6.10.100mdk.i586.rpm
 6ed3ae29e63e28ec20937fcc9f900b32 
 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.10.100mdk.i586.rpm
 c2ecd41c3008aaab2a5fc7c3b8110e8d 
 10.0/RPMS/apache2-mod_proxy-2.0.48-6.10.100mdk.i586.rpm
 bcf9a227556770e2a4eabcd1d6a0fa75 
 10.0/RPMS/apache2-mod_ssl-2.0.48-6.10.100mdk.i586.rpm
 7d75dd812c46a815af24cae789298784 
 10.0/RPMS/apache2-modules-2.0.48-6.10.100mdk.i586.rpm
 d590f67cfd17c4b59d056d8d3a3f21ec 
 10.0/RPMS/apache2-source-2.0.48-6.10.100mdk.i586.rpm
 723c8e5b221a63d28b91691200a549a2 
 10.0/RPMS/libapr0-2.0.48-6.10.100mdk.i586.rpm
 427b5be76093a411ed79a1b26418b4f1 
 10.0/SRPMS/apache2-2.0.48-6.10.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 48c6f8b3783dce36696d75c5fe063892 
 amd64/10.0/RPMS/apache2-2.0.48-6.10.100mdk.amd64.rpm
 24a5d0d2312d241a445d6dc0873894f4 
 amd64/10.0/RPMS/apache2-common-2.0.48-6.10.100mdk.amd64.rpm
 b4f316e8e38729d80a1cb544f6fda84d 
 amd64/10.0/RPMS/apache2-devel-2.0.48-6.10.100mdk.amd64.rpm
 ff7075e8a5027ae1fcf6a4a9d00d32a7 
 amd64/10.0/RPMS/apache2-manual-2.0.48-6.10.100mdk.amd64.rpm
 1835dababf1adbf47fbaa856967d13ee 
 amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.10.100mdk.amd64.rpm
 f8c3af9e481b7990911e523a266b43cb 
 amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.10.100mdk.amd64.rpm
 56adf6d95827036fd9b4978ba998d19c 
 amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.10.100mdk.amd64.rpm
 1d0c37546852ddb316ed1087ad436f45 
 amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.10.100mdk.amd64.rpm
 5484d540fe7f7a161ed0c32a9ed61127 
 amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.10.100mdk.amd64.rpm
 1013ef5cdfed64f359494f01b0bbecb9 
 amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.10.100mdk.amd64.rpm
 74188fb21ef2d83c28fcbfbfca142e0a 
 amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.10.100mdk.amd64.rpm
 32fcde1183be227e9580b653d5866538 
 amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.10.100mdk.amd64.rpm
 4869bd9b9add97bba229abd258dba421 
 amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.10.100mdk.amd64.rpm
 930c24a0258d3c4d11f1abea2544ce9d 
 amd64/10.0/RPMS/apache2-modules-2.0.48-6.10.100mdk.amd64.rpm
 45e8ee1b64fc88658332406cdd0eaf83 
 amd64/10.0/RPMS/apache2-source-2.0.48-6.10.100mdk.amd64.rpm
 fb46e03fa056d9b63498aa66b7f254cb 
 amd64/10.0/RPMS/lib64apr0-2.0.48-6.10.100mdk.amd64.rpm
 427b5be76093a411ed79a1b26418b4f1 
 amd64/10.0/SRPMS/apache2-2.0.48-6.10.100mdk.src.rpm

 Multi Network Firewall 2.0:
 ea96befbb54a665d1cf0c11dcf1514bf 
 mnf/2.0/RPMS/apache2-2.0.48-6.10.M20mdk.i586.rpm
 afeca22641361fb5631e49f444de8ff1 
 mnf/2.0/RPMS/apache2-common-2.0.48-6.10.M20mdk.i586.rpm
 6a50b170156421073348fb2338328f57 
 mnf/2.0/RPMS/apache2-mod_cache-2.0.48-6.10.M20mdk.i586.rpm
 d1c01d727d5b052bfa7954f51721e330 
 mnf/2.0/RPMS/apache2-mod_proxy-2.0.48-6.10.M20mdk.i586.rpm
 1579d72fed28c50c975ffa3a379d9e7e 
 mnf/2.0/RPMS/apache2-mod_ssl-2.0.48-6.10.M20mdk.i586.rpm
 e8497128965023773b924dd5184c117e 
 mnf/2.0/RPMS/apache2-modules-2.0.48-6.10.M20mdk.i586.rpm
 f76df0da42e2e53066dcc7e2c155efa6 
 mnf/2.0/RPMS/libapr0-2.0.48-6.10.M20mdk.i586.rpm
 cd715c544eef0a8fcc5679e5d99bf367 
 mnf/2.0/SRPMS/apache2-2.0.48-6.10.M20mdk.src.rpm

 Corporate 3.0:
 948e7fd54b52dd426feeef80851a92a3 
 corporate/3.0/RPMS/apache2-2.0.48-6.10.C30mdk.i586.rpm
 00035b7b4a06cd0b0eab2c9f7c77ad08 
 corporate/3.0/RPMS/apache2-common-2.0.48-6.10.C30mdk.i586.rpm
 697959b3821dfb4269364fbfeab1fca6 
 corporate/3.0/RPMS/apache2-manual-2.0.48-6.10.C30mdk.i586.rpm
 5117e0e63770b39125ba5d1daed9a73b 
 corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.10.C30mdk.i586.rpm
 e94b4e2d3a554c70917442aef200a492 
 corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.10.C30mdk.i586.rpm
 88ac11a73700157d43c8997333e905a2 
 corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.10.C30mdk.i586.rpm
 4192805bccf577c7358ae6635af5e534 
 corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.10.C30mdk.i586.rpm
 bb4cf932da2eb9602e715faa934767a9 
 corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.10.C30mdk.i586.rpm
 0079565a79878ba35b704e4276860e5a 
 corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.10.C30mdk.i586.rpm
 6b9c6a04b228369dff41e18636318202 
 corporate/3.0/RPMS/apache2-modules-2.0.48-6.10.C30mdk.i586.rpm
 1ce5739d3bb178e57b7e2d0cfe13eb7b 
 corporate/3.0/RPMS/libapr0-2.0.48-6.10.C30mdk.i586.rpm
 eaca583e9f7ac8ac977055f72ef0ec8d 
 corporate/3.0/SRPMS/apache2-2.0.48-6.10.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 abdd3378c0c6637864bf17d99940a2e1 
 x86_64/corporate/3.0/RPMS/apache2-2.0.48-6.10.C30mdk.x86_64.rpm
 7b0da940e23e91b4a2a88bdd9c49b023 
 x86_64/corporate/3.0/RPMS/apache2-common-2.0.48-6.10.C30mdk.x86_64.rpm
 ba3ec5e6b91f34dd663454f47a063fbc 
 x86_64/corporate/3.0/RPMS/apache2-manual-2.0.48-6.10.C30mdk.x86_64.rpm
 74718f83dcae78613638098ea9228f4b 
 x86_64/corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.10.C30mdk.x86_64.rpm
 3457b4a346899d2e83aaa6b16175bdc4 
 x86_64/corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.10.C30mdk.x86_64.rpm
 f5f35188da9a02797dff8363b1b111f5 
 x86_64/corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.10.C30mdk.x86_64.rpm
 7d0e9ce91f83cd14410634b7896d945c 
 x86_64/corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.10.C30mdk.x86_64.rpm
 75e816d1d0d9b34f47067732ca70fd76 
 x86_64/corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.10.C30mdk.x86_64.rpm
 428a10d1da9e7450350987d069ab52b8 
 x86_64/corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.10.C30mdk.x86_64.rpm
 7da21cde4fd9e8aebde63cfb1dc58439 
 x86_64/corporate/3.0/RPMS/apache2-modules-2.0.48-6.10.C30mdk.x86_64.rpm
 2e0f026f8d6714f68f0c46670142a1e3 
 x86_64/corporate/3.0/RPMS/lib64apr0-2.0.48-6.10.C30mdk.x86_64.rpm
 eaca583e9f7ac8ac977055f72ef0ec8d 
 x86_64/corporate/3.0/SRPMS/apache2-2.0.48-6.10.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDE5u5mqjQ0CJFipgRAlmrAKDU1vSR5kkH2lvkIG8sZQI9ke86hgCeKfiG
FmVlkbTXGPG1HfDEtSGSYcs=
=ECBd
-----END PGP SIGNATURE-----


------------=_1125359246-805-1713
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________



------------=_1125359246-805-1713--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung