Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2009:102 ] apache
From: security () mandriva com
Date: Fri, 01 May 2009 15:37:01 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:102
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : apache
 Date    : April 30, 2009
 Affected: 2009.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in apache:
 
 mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server
 2.2.11 allows remote attackers to obtain sensitive response data,
 intended for a client that sent an earlier POST request with no
 request body, via an HTTP request (CVE-2009-1191).
 
 This update provides fixes for that vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 84173d7808395e9764cf8a6bf73518b1  2009.1/i586/apache-base-2.2.11-10.1mdv2009.1.i586.rpm
 cf5436765525b3adc826daa5bc210ab5  2009.1/i586/apache-devel-2.2.11-10.1mdv2009.1.i586.rpm
 05da7f68e46c4314dccf1391f3e575d6  2009.1/i586/apache-htcacheclean-2.2.11-10.1mdv2009.1.i586.rpm
 a78717a71f2aeffc488b4a79e0f13a5c  2009.1/i586/apache-mod_authn_dbd-2.2.11-10.1mdv2009.1.i586.rpm
 d82c899d917a0432093a95a7994f3212  2009.1/i586/apache-mod_cache-2.2.11-10.1mdv2009.1.i586.rpm
 6286f9a46a5cf1c69389020f2b8f1ba9  2009.1/i586/apache-mod_dav-2.2.11-10.1mdv2009.1.i586.rpm
 f84e50430736a059f89036436cf093d0  2009.1/i586/apache-mod_dbd-2.2.11-10.1mdv2009.1.i586.rpm
 aa900c2245dda03318a50d1950466e70  2009.1/i586/apache-mod_deflate-2.2.11-10.1mdv2009.1.i586.rpm
 d7613d9f701996918b2e612b2f9945ce  2009.1/i586/apache-mod_disk_cache-2.2.11-10.1mdv2009.1.i586.rpm
 1584026aec3bb46e5a277d8c239d5cc4  2009.1/i586/apache-mod_file_cache-2.2.11-10.1mdv2009.1.i586.rpm
 85c01c35c9a10050d03c83fab0cc7b07  2009.1/i586/apache-mod_ldap-2.2.11-10.1mdv2009.1.i586.rpm
 dd3fe1449025622ee3bde812643c60cd  2009.1/i586/apache-mod_mem_cache-2.2.11-10.1mdv2009.1.i586.rpm
 3786880d703cea5a5a5e035318b63918  2009.1/i586/apache-mod_proxy-2.2.11-10.1mdv2009.1.i586.rpm
 b56fc78a2da3de576c685b641f8d620a  2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.1mdv2009.1.i586.rpm
 9cffd8c0587a34aa2d513aed57bccf07  2009.1/i586/apache-mod_ssl-2.2.11-10.1mdv2009.1.i586.rpm
 47891fcaefd8f5b22ab707353f3b8192  2009.1/i586/apache-modules-2.2.11-10.1mdv2009.1.i586.rpm
 0c3dcb4931fe01468275ec0e05a30595  2009.1/i586/apache-mod_userdir-2.2.11-10.1mdv2009.1.i586.rpm
 7eb07e1ae40b4d790275a96da9c0c40b  2009.1/i586/apache-mpm-event-2.2.11-10.1mdv2009.1.i586.rpm
 58b7e5edbee5510b2269ddbe051ea72a  2009.1/i586/apache-mpm-itk-2.2.11-10.1mdv2009.1.i586.rpm
 4bfbe7ff2ee129eb7acceff9ae92223d  2009.1/i586/apache-mpm-peruser-2.2.11-10.1mdv2009.1.i586.rpm
 4f282324726b702b83c101c718c6c5ce  2009.1/i586/apache-mpm-prefork-2.2.11-10.1mdv2009.1.i586.rpm
 3bfc7be3fc27b1b1c488092c609b31e9  2009.1/i586/apache-mpm-worker-2.2.11-10.1mdv2009.1.i586.rpm
 6acf6841d772e23440f83bd89ebf49ea  2009.1/i586/apache-source-2.2.11-10.1mdv2009.1.i586.rpm 
 1715fdb5dce7fd4b93c47c11e045d5ea  2009.1/SRPMS/apache-2.2.11-10.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 da7e1a2f61449581eb6472909c405554  2009.1/x86_64/apache-base-2.2.11-10.1mdv2009.1.x86_64.rpm
 370cd6bc3b5dddbe096c292d6c64b2a8  2009.1/x86_64/apache-devel-2.2.11-10.1mdv2009.1.x86_64.rpm
 0d40fd7ad65adf7ec4bce90d70b6cca1  2009.1/x86_64/apache-htcacheclean-2.2.11-10.1mdv2009.1.x86_64.rpm
 43b68e253a37cd3c849a5611cafdd3f4  2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.1mdv2009.1.x86_64.rpm
 fdd3942faeb19f783522485602d02aa5  2009.1/x86_64/apache-mod_cache-2.2.11-10.1mdv2009.1.x86_64.rpm
 4b1582292c86fb24d3012b9ec01f6b33  2009.1/x86_64/apache-mod_dav-2.2.11-10.1mdv2009.1.x86_64.rpm
 84f82788780a7a2143c47b902918b495  2009.1/x86_64/apache-mod_dbd-2.2.11-10.1mdv2009.1.x86_64.rpm
 d8da90b82dad28ffb6d08a37a3801623  2009.1/x86_64/apache-mod_deflate-2.2.11-10.1mdv2009.1.x86_64.rpm
 fb760b8890ced968acaae0c97e7ebe29  2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.1mdv2009.1.x86_64.rpm
 57508bfeff839917bd2840d88f1e7242  2009.1/x86_64/apache-mod_file_cache-2.2.11-10.1mdv2009.1.x86_64.rpm
 ec39a0800645bb3c2e70b6433f3be014  2009.1/x86_64/apache-mod_ldap-2.2.11-10.1mdv2009.1.x86_64.rpm
 03b1273fec51287c89eb728320865413  2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.1mdv2009.1.x86_64.rpm
 a47cd7dafa57ae146f3ef62f152ed652  2009.1/x86_64/apache-mod_proxy-2.2.11-10.1mdv2009.1.x86_64.rpm
 4cca6e597f9b42dc8df2d322abfef052  2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.1mdv2009.1.x86_64.rpm
 54b731a8732163081ef52005720bc10b  2009.1/x86_64/apache-mod_ssl-2.2.11-10.1mdv2009.1.x86_64.rpm
 8574d616adb823ab1204b3175a6d187c  2009.1/x86_64/apache-modules-2.2.11-10.1mdv2009.1.x86_64.rpm
 8da6f834e5dc5994acb5e21dde9db5ca  2009.1/x86_64/apache-mod_userdir-2.2.11-10.1mdv2009.1.x86_64.rpm
 cc7b72ebb9cb262b8650a77e2d231454  2009.1/x86_64/apache-mpm-event-2.2.11-10.1mdv2009.1.x86_64.rpm
 d44150c74bf7b5962942ef15b465e99f  2009.1/x86_64/apache-mpm-itk-2.2.11-10.1mdv2009.1.x86_64.rpm
 c39db13bb76acb414c2baae91f9a1261  2009.1/x86_64/apache-mpm-peruser-2.2.11-10.1mdv2009.1.x86_64.rpm
 b32f61458288390688c852502b6e6a9b  2009.1/x86_64/apache-mpm-prefork-2.2.11-10.1mdv2009.1.x86_64.rpm
 a9433a9b6f4b84e9f22e7705e0addf35  2009.1/x86_64/apache-mpm-worker-2.2.11-10.1mdv2009.1.x86_64.rpm
 e8546ef348460ceb6e71633621fe203c  2009.1/x86_64/apache-source-2.2.11-10.1mdv2009.1.x86_64.rpm 
 1715fdb5dce7fd4b93c47c11e045d5ea  2009.1/SRPMS/apache-2.2.11-10.1mdv2009.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ+tDlmqjQ0CJFipgRAq01AJ9Xlvt3Mwp4NAjlsIa8wxqBBDCAEgCg7PVt
lVg6vojqNkzklOdABMiZxLc=
=qVOR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2009:102 ] apache security (May 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault