Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities
From: Mandriva Security Team <xsecurity () mandriva com>
Date: Fri, 06 Jan 2006 19:28:00 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:009
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : apache2-mod_auth_pgsql
 Date    : January 6, 2006
 Affected: 10.1, 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 iDefense discovered several format string vulnerabilities in the way
 that mod_auth_pgsql logs information which could potentially be used
 by a remote attacker to execute arbitrary code as the apache user if
 mod_auth_pgsql is used for user authentication.
 
 The provided packages have been patched to prevent this problem.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3656
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 5fd1e2329146f2c03845fe516acaa123  10.1/RPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.i586.rpm
 c7cfefd7de46d13ee74f25e35f2fd76a  10.1/SRPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 631ed3b26fddd6f5198d4a33aa31326c  x86_64/10.1/RPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.x86_64.rpm
 c7cfefd7de46d13ee74f25e35f2fd76a  x86_64/10.1/SRPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm

 Mandriva Linux 10.2:
 477fd516e48926f13a66cc0a92366598  10.2/RPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.i586.rpm
 12baf2fcd6739141f29c4f6000f83e28  10.2/SRPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 7d5ba837da8f1681587c431fe219f9fa  x86_64/10.2/RPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.x86_64.rpm
 12baf2fcd6739141f29c4f6000f83e28  x86_64/10.2/SRPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.src.rpm

 Mandriva Linux 2006.0:
 abe116d3afce2e1dd6c29a4a922ecf0a  2006.0/RPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.i586.rpm
 c6755d865f6de4cf51a9f6918798aafc  2006.0/SRPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 a8e95a35a1eda50cc392193496c15721  x86_64/2006.0/RPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.x86_64.rpm
 c6755d865f6de4cf51a9f6918798aafc  x86_64/2006.0/SRPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDvvqymqjQ0CJFipgRAl5jAJwInb6yP+dO/9iXRdSeJxETV3Li+wCg7glF
tYByE5LQ2FHucxwe8fXvt2A=
=DB3Z
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities Mandriva Security Team (Jan 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]