Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in apache
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in apache
ID: MDKSA-2003:103
Distribution: Mandrake
Plattformen: Mandrake 9.0, Mandrake Multi Network Firewall 8.2, Mandrake Corporate Server 2.1, Mandrake 9.1, Mandrake 9.2
Datum: Di, 4. November 2003, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0789
http://www.apache.org/dist/httpd/Announcement.html
http://www.apache.org/dist/httpd/Announcement2.html
Applikationen: Apache

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandrake Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           apache
 Advisory ID:            MDKSA-2003:103
 Date:                   November 3rd, 2003

 Affected versions:	 9.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A buffer overflow in mod_alias and mod_rewrite was discovered in Apache
 versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier.  This
 happens when a regular expression with more than 9 captures is
 confined.  An attacker would have to create a carefully crafted
 configuration file (.htaccess or httpd.conf) in order to exploit these
 problems.
 
 As well, another buffer overflow in Apache 2.0.47 and earlier in
 mod_cgid's mishandling of CGI redirect paths could result in CGI output
 going to the wrong client when a threaded MPM is used.
 
 Apache version 2.0.48 and 1.3.29 were released upstream to correct
 these bugs; backported patches have been applied to the provided
 packages.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789
  http://www.apache.org/dist/httpd/Announcement.html
  http://www.apache.org/dist/httpd/Announcement2.html
 ______________________________________________________________________

 Updated Packages:
  
 Corporate Server 2.1:
 02895e0914bc1a0885000cef805f7759 
 corporate/2.1/RPMS/apache-1.3.26-6.3.90mdk.i586.rpm
 ee997dd297049bc75878a5de8904c965 
 corporate/2.1/RPMS/apache-common-1.3.26-6.3.90mdk.i586.rpm
 63806c79f65ee1a1830caa41b0cf3784 
 corporate/2.1/RPMS/apache-devel-1.3.26-6.3.90mdk.i586.rpm
 68f2aca22d84d56b234aaaa2e348d2aa 
 corporate/2.1/RPMS/apache-manual-1.3.26-6.3.90mdk.i586.rpm
 ed0d46c1a861a09dbe36b5ccdb02754d 
 corporate/2.1/RPMS/apache-modules-1.3.26-6.3.90mdk.i586.rpm
 8788c3001078f32e975941aa7a556cd1 
 corporate/2.1/RPMS/apache-source-1.3.26-6.3.90mdk.i586.rpm
 ed87d94ec5aeb007d98717e7d1a3d314 
 corporate/2.1/SRPMS/apache-1.3.26-6.3.90mdk.src.rpm

 Corporate Server 2.1/x86_64:
 91700397109a221089871e610ee438f3 
 x86_64/corporate/2.1/RPMS/apache-1.3.26-6.3.90mdk.x86_64.rpm
 8e63504cfe91f209653401569c059042 
 x86_64/corporate/2.1/RPMS/apache-common-1.3.26-6.3.90mdk.x86_64.rpm
 c71ee8d0d00d504beaa1bd3259152d28 
 x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-6.3.90mdk.x86_64.rpm
 931135aefb6bc1214ba40621d9172ac1 
 x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-6.3.90mdk.x86_64.rpm
 d46a618a36786f7eec1d5f494e794bda 
 x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-6.3.90mdk.x86_64.rpm
 3b08e1dcfc7ef233dbd3ce9c6fff41d1 
 x86_64/corporate/2.1/RPMS/apache-source-1.3.26-6.3.90mdk.x86_64.rpm
 ed87d94ec5aeb007d98717e7d1a3d314 
 x86_64/corporate/2.1/SRPMS/apache-1.3.26-6.3.90mdk.src.rpm

 Mandrake Linux 9.0:
 02895e0914bc1a0885000cef805f7759  9.0/RPMS/apache-1.3.26-6.3.90mdk.i586.rpm
 ee997dd297049bc75878a5de8904c965 
 9.0/RPMS/apache-common-1.3.26-6.3.90mdk.i586.rpm
 63806c79f65ee1a1830caa41b0cf3784 
 9.0/RPMS/apache-devel-1.3.26-6.3.90mdk.i586.rpm
 68f2aca22d84d56b234aaaa2e348d2aa 
 9.0/RPMS/apache-manual-1.3.26-6.3.90mdk.i586.rpm
 ed0d46c1a861a09dbe36b5ccdb02754d 
 9.0/RPMS/apache-modules-1.3.26-6.3.90mdk.i586.rpm
 8788c3001078f32e975941aa7a556cd1 
 9.0/RPMS/apache-source-1.3.26-6.3.90mdk.i586.rpm
 ed87d94ec5aeb007d98717e7d1a3d314  9.0/SRPMS/apache-1.3.26-6.3.90mdk.src.rpm

 Mandrake Linux 9.1:
 3a24d35dcd08d4c82ccd6fac204047bc  9.1/RPMS/apache-1.3.27-8.1.91mdk.i586.rpm
 61cde3633d0866c6f03e29565ea56360 
 9.1/RPMS/apache-devel-1.3.27-8.1.91mdk.i586.rpm
 e58a9378cff2e24bcbfe6c56d08f2505 
 9.1/RPMS/apache-modules-1.3.27-8.1.91mdk.i586.rpm
 4b47d0bc773d59a17d5a40f627569707 
 9.1/RPMS/apache-source-1.3.27-8.1.91mdk.i586.rpm
 c780a92fd6dbb3cdd0d52049c534778f  9.1/RPMS/apache2-2.0.47-1.6.91mdk.i586.rpm
 41e7366c6dfa0331ed48027e3a2dd881 
 9.1/RPMS/apache2-common-2.0.47-1.6.91mdk.i586.rpm
 230d990186ca121121bbc4e1720afb3d 
 9.1/RPMS/apache2-devel-2.0.47-1.6.91mdk.i586.rpm
 36894b37c5eb5dfa628f6a2fe3de5580 
 9.1/RPMS/apache2-manual-2.0.47-1.6.91mdk.i586.rpm
 76e8293d061a84d9413453e1d6c282b6 
 9.1/RPMS/apache2-mod_dav-2.0.47-1.6.91mdk.i586.rpm
 bb106f0ebd893e4547ef3f0a6d1572f9 
 9.1/RPMS/apache2-mod_ldap-2.0.47-1.6.91mdk.i586.rpm
 17003f2c15c2379275caf21fe097c7a9 
 9.1/RPMS/apache2-mod_ssl-2.0.47-1.6.91mdk.i586.rpm
 d595f9e2c94b646869087a15e8138a44 
 9.1/RPMS/apache2-modules-2.0.47-1.6.91mdk.i586.rpm
 b119835d0d18b01613e7977f4daa7a38 
 9.1/RPMS/apache2-source-2.0.47-1.6.91mdk.i586.rpm
 7c3b7fc1bed6ed59b8a328d8ac3b3056  9.1/RPMS/libapr0-2.0.47-1.6.91mdk.i586.rpm
 a187d7819937e82deea23da621f38ee5  9.1/SRPMS/apache-1.3.27-8.1.91mdk.src.rpm
 31a46639efb035b67ea3b70f91815d9b  9.1/SRPMS/apache2-2.0.47-1.6.91mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 6cf015976106eaaa8bdbfb46501c5339  ppc/9.1/RPMS/apache-1.3.27-8.1.91mdk.ppc.rpm
 41f85b24716c140bdd5f041200d6f68c 
 ppc/9.1/RPMS/apache-devel-1.3.27-8.1.91mdk.ppc.rpm
 12ea7768f27c739f433f8cd856e8f3ed 
 ppc/9.1/RPMS/apache-modules-1.3.27-8.1.91mdk.ppc.rpm
 8ddfdeb72fe3058ae83076ad00b184c4 
 ppc/9.1/RPMS/apache-source-1.3.27-8.1.91mdk.ppc.rpm
 7ecb812bb84877964bd0244527042b7c 
 ppc/9.1/RPMS/apache2-2.0.47-1.6.91mdk.ppc.rpm
 df9dbdcaf995332bc2950f3b64e0b5cd 
 ppc/9.1/RPMS/apache2-common-2.0.47-1.6.91mdk.ppc.rpm
 7efb7e7271527bef25ac76c017cf940f 
 ppc/9.1/RPMS/apache2-devel-2.0.47-1.6.91mdk.ppc.rpm
 46e0066408b8c9c2f537315b9d7de495 
 ppc/9.1/RPMS/apache2-manual-2.0.47-1.6.91mdk.ppc.rpm
 832793eba23c7f55544ade7478d66971 
 ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.6.91mdk.ppc.rpm
 1338474c76c753216f024f6df189a369 
 ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.6.91mdk.ppc.rpm
 2f1fc4f54067d4ed4e13a24de93ac2b2 
 ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.6.91mdk.ppc.rpm
 c9e89384dced046092fb96e3f4c71cd3 
 ppc/9.1/RPMS/apache2-modules-2.0.47-1.6.91mdk.ppc.rpm
 893a388ffd122c25b021ccaedcaf3bc8 
 ppc/9.1/RPMS/apache2-source-2.0.47-1.6.91mdk.ppc.rpm
 8797a894c157099d8fa59e0ee6a09725 
 ppc/9.1/RPMS/libapr0-2.0.47-1.6.91mdk.ppc.rpm
 a187d7819937e82deea23da621f38ee5 
 ppc/9.1/SRPMS/apache-1.3.27-8.1.91mdk.src.rpm
 31a46639efb035b67ea3b70f91815d9b 
 ppc/9.1/SRPMS/apache2-2.0.47-1.6.91mdk.src.rpm

 Mandrake Linux 9.2:
 87b439a1ea3c7a53ae6bd65b8de8823d  9.2/RPMS/apache-1.3.28-3.1.92mdk.i586.rpm
 a7dd2cfc0f24e74285756df47b8b2560 
 9.2/RPMS/apache-devel-1.3.28-3.1.92mdk.i586.rpm
 e9396a1d140c37ed3c54c9fc8946b075 
 9.2/RPMS/apache-modules-1.3.28-3.1.92mdk.i586.rpm
 59f841c1809a057b7db9809f98902e2a 
 9.2/RPMS/apache-source-1.3.28-3.1.92mdk.i586.rpm
 67ea76c94fd96d4b58902f347e7424a4  9.2/RPMS/apache2-2.0.47-6.3.92mdk.i586.rpm
 57972c71c8489d0a3c9a68185031b879 
 9.2/RPMS/apache2-common-2.0.47-6.3.92mdk.i586.rpm
 3f3fb3d57b63cc56df9d6c7318a7cac5 
 9.2/RPMS/apache2-devel-2.0.47-6.3.92mdk.i586.rpm
 cea519816faccd534f542965fbbf9d15 
 9.2/RPMS/apache2-manual-2.0.47-6.3.92mdk.i586.rpm
 8d591555255d4348900fcd1bbc74061e 
 9.2/RPMS/apache2-mod_cache-2.0.47-6.3.92mdk.i586.rpm
 0e1fbe572782f546b44054a0265ea06e 
 9.2/RPMS/apache2-mod_dav-2.0.47-6.3.92mdk.i586.rpm
 3421ea0f95a7d897d9d339bf6e3aae33 
 9.2/RPMS/apache2-mod_deflate-2.0.47-6.3.92mdk.i586.rpm
 46bec7aa9274f16aa9768aa6ffec0cb5 
 9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.3.92mdk.i586.rpm
 d343b2d6a22f52a2ff5dd2844005c0f2 
 9.2/RPMS/apache2-mod_file_cache-2.0.47-6.3.92mdk.i586.rpm
 8f6b81b7933f766fc979254f4ce3b83c 
 9.2/RPMS/apache2-mod_ldap-2.0.47-6.3.92mdk.i586.rpm
 fedeaeb50040b8292f5b4da2cb27fc4e 
 9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.3.92mdk.i586.rpm
 63774164ba26208b71a2a7a5f5136550 
 9.2/RPMS/apache2-mod_proxy-2.0.47-6.3.92mdk.i586.rpm
 0399f23f2c87e07d18bb98617c79f24c 
 9.2/RPMS/apache2-mod_ssl-2.0.47-6.3.92mdk.i586.rpm
 36e47d1f2ba0a23d6c1055fe6f606134 
 9.2/RPMS/apache2-modules-2.0.47-6.3.92mdk.i586.rpm
 1af39eba2fff3635a323dfec02a333fb 
 9.2/RPMS/apache2-source-2.0.47-6.3.92mdk.i586.rpm
 4b7d2788a521162aa67237db2dbc0c3d  9.2/RPMS/libapr0-2.0.47-6.3.92mdk.i586.rpm
 e6603582c732931d8c8186547eee702d  9.2/SRPMS/apache-1.3.28-3.1.92mdk.src.rpm
 6407cf397b65ebf7b66554d7a1445489  9.2/SRPMS/apache2-2.0.47-6.3.92mdk.src.rpm

 Multi Network Firewall 8.2:
 4ae3471596b2301da8062c38e7406c38 
 mnf8.2/RPMS/apache-1.3.23-4.3.M82mdk.i586.rpm
 fd001d68be7fc7086ca7493da05db4f0 
 mnf8.2/RPMS/apache-common-1.3.23-4.3.M82mdk.i586.rpm
 b7776aac2533499a79c820d0097187a0 
 mnf8.2/RPMS/apache-modules-1.3.23-4.3.M82mdk.i586.rpm
 98df8da770fe4b3ede43e4af4e9de067 
 mnf8.2/SRPMS/apache-1.3.23-4.3.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by MandrakeSoft for security.  You can obtain
 the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

 MandrakeSoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/pu8lmqjQ0CJFipgRAkziAJ9NZx+harn15u3ZByaE6RMMKasl5wCeNRcq
iM5sSfISyCmb1GE8szE+aZM=
=qcI3
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung