Security 10816 Published by

MandrakeSoft has released updated versions of Apache 2 and cups for Mandrake Linux

Apache 2
Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server "httpd.worker", which is not the default for Mandrake Linux.
Read more

cups
A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default)
Read more