Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:135 - Updated apache2 packages fix request DoS
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 17 Nov 2004 16:41:50 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           apache2
 Advisory ID:            MDKSA-2004:135
 Date:                   November 15th, 2004

 Affected versions:      10.0, 10.1, 9.2
 ______________________________________________________________________

 Problem Description:

 A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan
 Trivedi; he found that by sending a large amount of specially-
 crafted HTTP GET requests, a remote attacker could cause a Denial of
 Service on the httpd server.  This vulnerability is due to improper
 enforcement of the field length limit in the header-parsing code.
 
 The updated packages have been patched to prevent this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942
  http://xforce.iss.net/xforce/xfdb/17930
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 f59e6d0fc8c92b3ac3d8b39635da3633  10.0/RPMS/apache2-2.0.48-6.8.100mdk.i586.rpm
 5592a7be4c4127538a5e0abaf56ddd3d  10.0/RPMS/apache2-common-2.0.48-6.8.100mdk.i586.rpm
 c593e119362b4987861ba3e60eadc8d6  10.0/RPMS/apache2-devel-2.0.48-6.8.100mdk.i586.rpm
 623e060906c1d42d0b163edc0a3da720  10.0/RPMS/apache2-manual-2.0.48-6.8.100mdk.i586.rpm
 45d7ea390fa297e75890745152d7e5ab  10.0/RPMS/apache2-mod_cache-2.0.48-6.8.100mdk.i586.rpm
 29f52c3ebd003e2f40b93ebfb9232eb1  10.0/RPMS/apache2-mod_dav-2.0.48-6.8.100mdk.i586.rpm
 e10251cb9284c3608246562436dbb810  10.0/RPMS/apache2-mod_deflate-2.0.48-6.8.100mdk.i586.rpm
 bbafb2da31fc4f74e0f50daf3837e980  10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.8.100mdk.i586.rpm
 b4e0fc5f44800be9f533f49b02df98d1  10.0/RPMS/apache2-mod_file_cache-2.0.48-6.8.100mdk.i586.rpm
 165ea1b87ebdcb354104119151ef3224  10.0/RPMS/apache2-mod_ldap-2.0.48-6.8.100mdk.i586.rpm
 d520e26d61f087fa1fb5a883bc91b55a  10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.8.100mdk.i586.rpm
 fcd79d7f5311613a55bc7d93a3065bb7  10.0/RPMS/apache2-mod_proxy-2.0.48-6.8.100mdk.i586.rpm
 93b11dfa47fd2f50be4aa031ce5e5d31  10.0/RPMS/apache2-mod_ssl-2.0.48-6.8.100mdk.i586.rpm
 2a5b02bf2b63f56912939f1fd9c690c9  10.0/RPMS/apache2-modules-2.0.48-6.8.100mdk.i586.rpm
 d05928f34f67f97d5299933147005c80  10.0/RPMS/apache2-source-2.0.48-6.8.100mdk.i586.rpm
 658a009f02e56daf3ae70ab8eec58da4  10.0/RPMS/libapr0-2.0.48-6.8.100mdk.i586.rpm
 8de7f690532038f5efd72c8527d38c4d  10.0/SRPMS/apache2-2.0.48-6.8.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 e7804f074b0dc2801990fc0aef753e54  amd64/10.0/RPMS/apache2-2.0.48-6.8.100mdk.amd64.rpm
 c80dba0761efacb3798021b22de8ec2b  amd64/10.0/RPMS/apache2-common-2.0.48-6.8.100mdk.amd64.rpm
 2a14dfc90d7e4dbbe3ec346608996211  amd64/10.0/RPMS/apache2-devel-2.0.48-6.8.100mdk.amd64.rpm
 85755952a6b394088e1951b7156fb2ca  amd64/10.0/RPMS/apache2-manual-2.0.48-6.8.100mdk.amd64.rpm
 4ff901cbf27d7c931f5b0a66a89cd994  amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.8.100mdk.amd64.rpm
 9ec303b8c3b4c35be1ff7c0fce9d3792  amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.8.100mdk.amd64.rpm
 6fe45b12fc46724d194bebba4b2f6204  amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.8.100mdk.amd64.rpm
 b62d04892bfc7a13aa871c7756069ec5  amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.8.100mdk.amd64.rpm
 ca66b434e16a47350fdb8705874e8f4b  amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.8.100mdk.amd64.rpm
 684c7bc97456a5c2253883254766561f  amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.8.100mdk.amd64.rpm
 3b7bf8878063d12e0ad475cdb79f3102  amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.8.100mdk.amd64.rpm
 116fd17e52822ab212399eb5cdc1f664  amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.8.100mdk.amd64.rpm
 a0e901e05ec786161ab047c2392318dd  amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.8.100mdk.amd64.rpm
 5beaaaf7d348acfd0fb2f78a06982798  amd64/10.0/RPMS/apache2-modules-2.0.48-6.8.100mdk.amd64.rpm
 2613e81648633bbbc10f884f1abadb72  amd64/10.0/RPMS/apache2-source-2.0.48-6.8.100mdk.amd64.rpm
 457c1e2e15d1928c4a21448d3a61eb79  amd64/10.0/RPMS/lib64apr0-2.0.48-6.8.100mdk.amd64.rpm
 8de7f690532038f5efd72c8527d38c4d  amd64/10.0/SRPMS/apache2-2.0.48-6.8.100mdk.src.rpm

 Mandrakelinux 10.1:
 16039f8491bf2fbdd238978e6363d2a9  10.1/RPMS/apache2-2.0.50-7.2.101mdk.i586.rpm
 4d6b79af111ab3dafd8329c7bd67fc14  10.1/RPMS/apache2-common-2.0.50-7.2.101mdk.i586.rpm
 8dea7dc4b57de4f20bd355c93253473b  10.1/RPMS/apache2-devel-2.0.50-7.2.101mdk.i586.rpm
 011decc40287db6e6a379cb341c59919  10.1/RPMS/apache2-manual-2.0.50-7.2.101mdk.i586.rpm
 e1e52e7fb5f230e4048933e564b323ed  10.1/RPMS/apache2-mod_cache-2.0.50-7.2.101mdk.i586.rpm
 958306ad451ffc8421cc3efa8c659de0  10.1/RPMS/apache2-mod_dav-2.0.50-7.2.101mdk.i586.rpm
 d0863e950273d41fd57a4fa64f18eb7e  10.1/RPMS/apache2-mod_deflate-2.0.50-7.2.101mdk.i586.rpm
 78dc9759a7eee64ee61f2fd986eb432f  10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.2.101mdk.i586.rpm
 029950eaf6594273de25983c6bee9072  10.1/RPMS/apache2-mod_file_cache-2.0.50-7.2.101mdk.i586.rpm
 dccac914196bd561e922b1cebc0a6a7f  10.1/RPMS/apache2-mod_ldap-2.0.50-7.2.101mdk.i586.rpm
 2a7e89547db4b274577a034bb6867e08  10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.2.101mdk.i586.rpm
 8bbe293404cc0994473dd0aa7365998d  10.1/RPMS/apache2-mod_proxy-2.0.50-7.2.101mdk.i586.rpm
 1d1b03966960ce3394f6b3194ca3dc41  10.1/RPMS/apache2-modules-2.0.50-7.2.101mdk.i586.rpm
 c87789fffe89c9981c3291b6a35a1e05  10.1/RPMS/apache2-source-2.0.50-7.2.101mdk.i586.rpm
 089e5a780b8f5e4865a7cbe793eeeddf  10.1/RPMS/apache2-worker-2.0.50-7.2.101mdk.i586.rpm
 02d809e58f808c057d785ef4f3f21c14  10.1/SRPMS/apache2-2.0.50-7.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 4fe0c117b8cac54079608155b81c224d  x86_64/10.1/RPMS/apache2-2.0.50-7.2.101mdk.x86_64.rpm
 24efba0385e75945e5a8ae15890bd77c  x86_64/10.1/RPMS/apache2-common-2.0.50-7.2.101mdk.x86_64.rpm
 472d4e2cbb9fcaafd7ebd863a6cc89bd  x86_64/10.1/RPMS/apache2-devel-2.0.50-7.2.101mdk.x86_64.rpm
 ef8986383f71285fd0ec58a0ca93280b  x86_64/10.1/RPMS/apache2-manual-2.0.50-7.2.101mdk.x86_64.rpm
 c74a80012899ceeacbb7d047cd2dbe8d  x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.2.101mdk.x86_64.rpm
 be2295b2379419fdc9a03cf6e23a3aab  x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.2.101mdk.x86_64.rpm
 46ee547ae1c7cd611ded4a5601d51863  x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.2.101mdk.x86_64.rpm
 35a7619d714a5c77d890efe53106ccbf  x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.2.101mdk.x86_64.rpm
 6bb3e3b81f7f23dd21a22d0a53d434a4  x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.2.101mdk.x86_64.rpm
 4f669ee2e99a5276fe0bd5d6abff4af2  x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.2.101mdk.x86_64.rpm
 1d9c7818cb5f12124c8bba86d834fab4  x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.2.101mdk.x86_64.rpm
 de17aaf377740cba7c9aff49cb65a2c3  x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.2.101mdk.x86_64.rpm
 e0ae0791e22f3152f7d072545cfb650c  x86_64/10.1/RPMS/apache2-modules-2.0.50-7.2.101mdk.x86_64.rpm
 7c7559306af15dd4099b378a62831fd2  x86_64/10.1/RPMS/apache2-source-2.0.50-7.2.101mdk.x86_64.rpm
 44c0eb326c9ab8079daad071b1c4b7d8  x86_64/10.1/RPMS/apache2-worker-2.0.50-7.2.101mdk.x86_64.rpm
 02d809e58f808c057d785ef4f3f21c14  x86_64/10.1/SRPMS/apache2-2.0.50-7.2.101mdk.src.rpm

 Mandrakelinux 9.2:
 81e826dbbb53f1afd028aaf942ef34fa  9.2/RPMS/apache2-2.0.47-6.12.92mdk.i586.rpm
 5eb09aa53c4797127dcaff29a51466e1  9.2/RPMS/apache2-common-2.0.47-6.12.92mdk.i586.rpm
 4ae975b3a71f235f571a9416669d33cc  9.2/RPMS/apache2-devel-2.0.47-6.12.92mdk.i586.rpm
 aeead62b4b1cde7856abb59973de12f3  9.2/RPMS/apache2-manual-2.0.47-6.12.92mdk.i586.rpm
 e507fd59b128eb7695de8e48266856f1  9.2/RPMS/apache2-mod_cache-2.0.47-6.12.92mdk.i586.rpm
 a587b79ba673bce2e861983974326401  9.2/RPMS/apache2-mod_dav-2.0.47-6.12.92mdk.i586.rpm
 67f29703706ea7186b736557b587b479  9.2/RPMS/apache2-mod_deflate-2.0.47-6.12.92mdk.i586.rpm
 9cea90e1f78d730ef2f642156b21e342  9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.12.92mdk.i586.rpm
 fb984479331fcdffdd99e7fc6a7171e8  9.2/RPMS/apache2-mod_file_cache-2.0.47-6.12.92mdk.i586.rpm
 a60783a916377523c30beee23e89fd71  9.2/RPMS/apache2-mod_ldap-2.0.47-6.12.92mdk.i586.rpm
 6bb69cbc91edcc26bfc75db3be69ac24  9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.12.92mdk.i586.rpm
 2fd2cb92a11e721263a13acc1a060335  9.2/RPMS/apache2-mod_proxy-2.0.47-6.12.92mdk.i586.rpm
 7c378068f81b284dedf9da276316e2cd  9.2/RPMS/apache2-mod_ssl-2.0.47-6.12.92mdk.i586.rpm
 dd88112fed3c6f8685b6d189d2dd9fef  9.2/RPMS/apache2-modules-2.0.47-6.12.92mdk.i586.rpm
 2822ffc39d200625a4c6ee5b8a82e955  9.2/RPMS/apache2-source-2.0.47-6.12.92mdk.i586.rpm
 97506f5f8cdddc345fad3e0b3b9d0114  9.2/RPMS/libapr0-2.0.47-6.12.92mdk.i586.rpm
 c91e0454eab442bde69f34e7758ad5e3  9.2/SRPMS/apache2-2.0.47-6.12.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 ffdc84af32a7b7899d59ff8dfc307091  amd64/9.2/RPMS/apache2-2.0.47-6.12.92mdk.amd64.rpm
 4599284dcff811b2f020a9cf9165b738  amd64/9.2/RPMS/apache2-common-2.0.47-6.12.92mdk.amd64.rpm
 f3e1196c739fd7d5480b0feb035e39d3  amd64/9.2/RPMS/apache2-devel-2.0.47-6.12.92mdk.amd64.rpm
 b7be6cec985f47da1a5e13235a7fe936  amd64/9.2/RPMS/apache2-manual-2.0.47-6.12.92mdk.amd64.rpm
 c28fc0911d0ce71f2ab7acbd2d2fffaa  amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.12.92mdk.amd64.rpm
 9cd863be9bf4d75d95e9fba6470fb201  amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.12.92mdk.amd64.rpm
 799fc0969241847ee7a1c2de1b00863c  amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.12.92mdk.amd64.rpm
 085a637a70c683a1d5b9bdca1db4aab5  amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.12.92mdk.amd64.rpm
 277f9fe3f0a3c4ae97339b5a7a601d00  amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.12.92mdk.amd64.rpm
 ebd239d0bcf564be6f3f72182220129b  amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.12.92mdk.amd64.rpm
 5212481a4e767c166514388454d6736f  amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.12.92mdk.amd64.rpm
 37af1d940d37958526585657b00e0828  amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.12.92mdk.amd64.rpm
 493f6ea8512ecb0591ca529ed0d322ee  amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.12.92mdk.amd64.rpm
 da5c26d25fbada62a6059d09617ea47a  amd64/9.2/RPMS/apache2-modules-2.0.47-6.12.92mdk.amd64.rpm
 b1ddbf6124a02e0174b0090d39488496  amd64/9.2/RPMS/apache2-source-2.0.47-6.12.92mdk.amd64.rpm
 cd73c4d51a0b3694b943f231156dceca  amd64/9.2/RPMS/lib64apr0-2.0.47-6.12.92mdk.amd64.rpm
 c91e0454eab442bde69f34e7758ad5e3  amd64/9.2/SRPMS/apache2-2.0.47-6.12.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBm39OmqjQ0CJFipgRAunbAJ43VXKSFHuI6vsxi+KmNHHho30yOwCfYFTq
gHEToqoAA9nABdJsligZpsg=
=oVcK
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:135 - Updated apache2 packages fix request DoS Mandrake Linux Security Team (Nov 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault