Updated apache2 packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: apache2
Advisory ID: MDKSA-2005:129
Date: August 3rd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Multi Network Firewall 2.0
______________________________________________________________________
Problem Description:
Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback which can only be exploited if the Apache server is configured to use a malicious certificate revocation list (CAN-2005-1268).
Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a "Content-Length" header which would cause Apache to incorrectly handle and forward the body of the request in a way that the receiving server processed it as a separate HTTP request. This could be used to allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks (CAN-2005-2088).
The updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
db011ebbe2f6af2c15d5cc00a7ec57db 10.0/RPMS/apache2-2.0.48-6.9.100mdk.i586.rpm
56be5a7ebf1a857fc850f12b8a966804 10.0/RPMS/apache2-common-2.0.48-6.9.100mdk.i586.rpm
2a2a7659e74ca24b671e253e0b0a6739 10.0/RPMS/apache2-devel-2.0.48-6.9.100mdk.i586.rpm
c275c2858a0cd53d869bbebefcf9aadc 10.0/RPMS/apache2-manual-2.0.48-6.9.100mdk.i586.rpm
f1556470e4d676ae449890f748bb14d1 10.0/RPMS/apache2-mod_cache-2.0.48-6.9.100mdk.i586.rpm
bd167f7e3d977275342cef51e91c2120 10.0/RPMS/apache2-mod_dav-2.0.48-6.9.100mdk.i586.rpm
ce097a184f899faca51cccbc92c7a5cd 10.0/RPMS/apache2-mod_deflate-2.0.48-6.9.100mdk.i586.rpm
2e5f211efdfa2e5d2d284742f936e074 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.100mdk.i586.rpm
31303fa7f3cc1fd1c62263180c78a2e2 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.9.100mdk.i586.rpm
b3038c4dee15fca38447895df92d21ec 10.0/RPMS/apache2-mod_ldap-2.0.48-6.9.100mdk.i586.rpm
d2660486ae85e3d4b6891c1f90684191 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.9.100mdk.i586.rpm
5922750acc8dae9b452ed022eeb4506d 10.0/RPMS/apache2-mod_proxy-2.0.48-6.9.100mdk.i586.rpm
1d8df60bf49e3347f0f902b17e8b4537 10.0/RPMS/apache2-mod_ssl-2.0.48-6.9.100mdk.i586.rpm
1641514604f52069ccc72210e160202f 10.0/RPMS/apache2-modules-2.0.48-6.9.100mdk.i586.rpm
6fa60c33625eb3b6ab78e3aef64b3402 10.0/RPMS/apache2-source-2.0.48-6.9.100mdk.i586.rpm
e876c2150532f8516941fedad3d5f880 10.0/RPMS/libapr0-2.0.48-6.9.100mdk.i586.rpm
fde6b2d1a9fea0cb99d965b1cc431de6 10.0/SRPMS/apache2-2.0.48-6.9.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
bc016b31f98ec4e7bbf34f4d987bf294 amd64/10.0/RPMS/apache2-2.0.48-6.9.100mdk.amd64.rpm
793330fe7dde37952ec192cec49839a5 amd64/10.0/RPMS/apache2-common-2.0.48-6.9.100mdk.amd64.rpm
85cb508e4d82f86ce27f227e84348266 amd64/10.0/RPMS/apache2-devel-2.0.48-6.9.100mdk.amd64.rpm
a182c95d9e95707da1de2556107f3669 amd64/10.0/RPMS/apache2-manual-2.0.48-6.9.100mdk.amd64.rpm
1e6bdb5e7bcbcfa148146e7318600519 amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.9.100mdk.amd64.rpm
bfe3085c937a747721b53c19502bafa2 amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.9.100mdk.amd64.rpm
68e8b111eefe41bbeec6d34ffe00c826 amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.9.100mdk.amd64.rpm
2e1115aec2cea497b5871f0c632b7486 amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.100mdk.amd64.rpm
4734d75962c456ceceaecc591aaa2ba7 amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.9.100mdk.amd64.rpm
4d71b5036171d773f71618290496de05 amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.9.100mdk.amd64.rpm
5e8263605352c365a5b533cea2af6482 amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.9.100mdk.amd64.rpm
a1d4b30b9007d8ce6d3f14827f71105c amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.9.100mdk.amd64.rpm
c2a0cbf927cad0737273fc5c7376ae1f amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.9.100mdk.amd64.rpm
b25727c42f74d12f51016f2dbbc2877a amd64/10.0/RPMS/apache2-modules-2.0.48-6.9.100mdk.amd64.rpm
8488740c4bbf88228c94c85c69a179ff amd64/10.0/RPMS/apache2-source-2.0.48-6.9.100mdk.amd64.rpm
b6c8158c5f99c5700b351579749f5ed1 amd64/10.0/RPMS/lib64apr0-2.0.48-6.9.100mdk.amd64.rpm
fde6b2d1a9fea0cb99d965b1cc431de6 amd64/10.0/SRPMS/apache2-2.0.48-6.9.100mdk.src.rpm
Mandrakelinux 10.1:
dfc22a83dc0fa3954130396056b3fcb4 10.1/RPMS/apache2-2.0.50-7.3.101mdk.i586.rpm
5a957baf5d3b3a4e23c9f753209a7cb8 10.1/RPMS/apache2-common-2.0.50-7.3.101mdk.i586.rpm
bbb22f539624def5a6834b3a2f41f151 10.1/RPMS/apache2-devel-2.0.50-7.3.101mdk.i586.rpm
1f8f5bd9629ef5b1007239d264e0163b 10.1/RPMS/apache2-manual-2.0.50-7.3.101mdk.i586.rpm
3e3d9a633fc64249a6c2ffc4a34312bd 10.1/RPMS/apache2-mod_cache-2.0.50-7.3.101mdk.i586.rpm
7b4c85871bd02ca5a16285adb4b6b0e1 10.1/RPMS/apache2-mod_dav-2.0.50-7.3.101mdk.i586.rpm
e9099625fdd18a375a2a5dfb50466a34 10.1/RPMS/apache2-mod_deflate-2.0.50-7.3.101mdk.i586.rpm
a01faaa30912a50b8b05578bd09906db 10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.3.101mdk.i586.rpm
e0afe6bcc497bc7675ca19e302edee54 10.1/RPMS/apache2-mod_file_cache-2.0.50-7.3.101mdk.i586.rpm
d7625aae3dd70d31a4e018c47d8c752a 10.1/RPMS/apache2-mod_ldap-2.0.50-7.3.101mdk.i586.rpm
2875579dbbb6fb2275888eb82edd2405 10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.3.101mdk.i586.rpm
1038eaae39e9bf271c5e291cf2f1e9c2 10.1/RPMS/apache2-mod_proxy-2.0.50-7.3.101mdk.i586.rpm
1180740c23a017aa18657b84ecbf3185 10.1/RPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.i586.rpm
af7be1db9940b8a9cf6227365bfe4953 10.1/RPMS/apache2-modules-2.0.50-7.3.101mdk.i586.rpm
de97b3d4332e1971d0a53f4556a56106 10.1/RPMS/apache2-source-2.0.50-7.3.101mdk.i586.rpm
7478ba1527f37f5d0d45b09c6c956892 10.1/RPMS/apache2-worker-2.0.50-7.3.101mdk.i586.rpm
7dfb5acdff36dbba754f553d52ad7fd0 10.1/SRPMS/apache2-2.0.50-7.3.101mdk.src.rpm
59099063cd9ce08dd4919047a3fabbea 10.1/SRPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
9b123ac403579bddd160c2e004e4474a x86_64/10.1/RPMS/apache2-2.0.50-7.3.101mdk.x86_64.rpm
d177b0a39048150fdcbe1c76ca06b76c x86_64/10.1/RPMS/apache2-common-2.0.50-7.3.101mdk.x86_64.rpm
f0543159b56b949cefda9d371953710b x86_64/10.1/RPMS/apache2-devel-2.0.50-7.3.101mdk.x86_64.rpm
e5cd3e4d5783c9d9c8bc6e3507cbcf55 x86_64/10.1/RPMS/apache2-manual-2.0.50-7.3.101mdk.x86_64.rpm
28cb57e08c8507632f33fb4f93bff147 x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.3.101mdk.x86_64.rpm
10a1467eb3467f24d47c418fa474e354 x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.3.101mdk.x86_64.rpm
2231db9e54fd0751c9535f65d92b8204 x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.3.101mdk.x86_64.rpm
dd8055fed5ab3a973b7564bbda69b85b x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.3.101mdk.x86_64.rpm
99420a62c756726d1f2943dc114e2252 x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.3.101mdk.x86_64.rpm
7f6b63a9aae218b5facac164cfc373df x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.3.101mdk.x86_64.rpm
f2c31e3c06f1a724452a312638e289e9 x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.3.101mdk.x86_64.rpm
65ca005aa9da5ca0217bab1ab160e3f0 x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.3.101mdk.x86_64.rpm
5e628b11db17519443b99ffbf9ee15d1 x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.x86_64.rpm
87e0dcda381114284edcde89abad618b x86_64/10.1/RPMS/apache2-modules-2.0.50-7.3.101mdk.x86_64.rpm
c9129e8f3250b988a54f12422ae8b19e x86_64/10.1/RPMS/apache2-source-2.0.50-7.3.101mdk.x86_64.rpm
767b15ae30336bfd2234c1321f6f66d2 x86_64/10.1/RPMS/apache2-worker-2.0.50-7.3.101mdk.x86_64.rpm
7dfb5acdff36dbba754f553d52ad7fd0 x86_64/10.1/SRPMS/apache2-2.0.50-7.3.101mdk.src.rpm
59099063cd9ce08dd4919047a3fabbea x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.src.rpm
Mandrakelinux 10.2:
1ca2ae50d22638a31c8af6c734a10708 10.2/RPMS/apache2-2.0.53-9.1.102mdk.i586.rpm
cb37acc10b2cb54fd1c130eb9bc1c91b 10.2/RPMS/apache2-common-2.0.53-9.1.102mdk.i586.rpm
81f76caa697c70bd1664f6b8d2240b48 10.2/RPMS/apache2-devel-2.0.53-9.1.102mdk.i586.rpm
187ef5bee839462b228c27b0e3030bc1 10.2/RPMS/apache2-manual-2.0.53-9.1.102mdk.i586.rpm
341212271ce65e34e45c6387cc8db140 10.2/RPMS/apache2-mod_cache-2.0.53-9.1.102mdk.i586.rpm
80481386b09d14db6bc003fe63478d7b 10.2/RPMS/apache2-mod_dav-2.0.53-9.1.102mdk.i586.rpm
35f7d8092a015ede56dc839e959b1b48 10.2/RPMS/apache2-mod_deflate-2.0.53-9.1.102mdk.i586.rpm
5def4e1615db9c737bf2e0ddb3006e86 10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.1.102mdk.i586.rpm
f583040aef7deaa580ab9ba62073d2bf 10.2/RPMS/apache2-mod_file_cache-2.0.53-9.1.102mdk.i586.rpm
6f1e9594d1505ab09306a4c62f954465 10.2/RPMS/apache2-mod_ldap-2.0.53-9.1.102mdk.i586.rpm
05b9a88df5ea49d99d39afca7406424f 10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.1.102mdk.i586.rpm
93aefd71936b00b41b12ef94b2ce2846 10.2/RPMS/apache2-mod_proxy-2.0.53-9.1.102mdk.i586.rpm
ed2df774035eb0dbe59068072aeeec79 10.2/RPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.i586.rpm
7ee623fb31b7f376b39975dfee0f31c0 10.2/RPMS/apache2-modules-2.0.53-9.1.102mdk.i586.rpm
59051fb0fe21645879fe0281e91db3e8 10.2/RPMS/apache2-peruser-2.0.53-9.1.102mdk.i586.rpm
ad69e3d21133523c91636385000d3bda 10.2/RPMS/apache2-source-2.0.53-9.1.102mdk.i586.rpm
a54b95b2c62f2fd8027576b26cf37c18 10.2/RPMS/apache2-worker-2.0.53-9.1.102mdk.i586.rpm
2b0c98cc0b33008809b0598548449765 10.2/SRPMS/apache2-2.0.53-9.1.102mdk.src.rpm
d661143590371366ed74be65d5e425ad 10.2/SRPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
e9af8fb208bd208b7ffa481643b8469b x86_64/10.2/RPMS/apache2-2.0.53-9.1.102mdk.x86_64.rpm
2cd3a72352db34a00186618d3f81b426 x86_64/10.2/RPMS/apache2-common-2.0.53-9.1.102mdk.x86_64.rpm
44bfc9125cf981b85c58b4d7550444a7 x86_64/10.2/RPMS/apache2-devel-2.0.53-9.1.102mdk.x86_64.rpm
3a5dcbd5883c8fd8b82fc29511ab49a4 x86_64/10.2/RPMS/apache2-manual-2.0.53-9.1.102mdk.x86_64.rpm
966050237bfa99fb5b12c219c2c92828 x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.1.102mdk.x86_64.rpm
c5b4cd5f4b13fa715f864b16fe93aa57 x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.1.102mdk.x86_64.rpm
951c80d965d5d726c24c25dc1a8a16df x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.1.102mdk.x86_64.rpm
70e59f70873401e6f6860037b7e4aed3 x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.1.102mdk.x86_64.rpm
2c908e5104d4b82e0f022f4ac626b4f2 x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.1.102mdk.x86_64.rpm
21433e67d76597d40f861ccb4cbfe87a x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.1.102mdk.x86_64.rpm
0d0eb089f16df8bdae792a07afe14bcf x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.1.102mdk.x86_64.rpm
cdf79606f5a389626a617bb3c686da33 x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.1.102mdk.x86_64.rpm
b4773216a19e79e54784f9e9ff096ddf x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.x86_64.rpm
7182963429a49b17c5bea219b04a2206 x86_64/10.2/RPMS/apache2-modules-2.0.53-9.1.102mdk.x86_64.rpm
26c382f742185b98696043ef49477527 x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.1.102mdk.x86_64.rpm
0a075ac9d255c6973696fbd8235b59a8 x86_64/10.2/RPMS/apache2-source-2.0.53-9.1.102mdk.x86_64.rpm
095fef6176f224c42145827b344946f2 x86_64/10.2/RPMS/apache2-worker-2.0.53-9.1.102mdk.x86_64.rpm
2b0c98cc0b33008809b0598548449765 x86_64/10.2/SRPMS/apache2-2.0.53-9.1.102mdk.src.rpm
d661143590371366ed74be65d5e425ad x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.src.rpm
Multi Network Firewall 2.0:
1a18dfe450b2f222bd303d699f9d6ad2 mnf/2.0/RPMS/apache2-2.0.48-6.9.M20mdk.i586.rpm
501464d0d433addc3bb4f40184c3c087 mnf/2.0/RPMS/apache2-common-2.0.48-6.9.M20mdk.i586.rpm
88d2c5d67cc53bce6681e6c155c97a04 mnf/2.0/RPMS/apache2-mod_cache-2.0.48-6.9.M20mdk.i586.rpm
59c231b8ca8fa4ac0e231e1cb0ab581d mnf/2.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.M20mdk.i586.rpm
30df96dcea309c22fa35501455692dc5 mnf/2.0/RPMS/apache2-mod_proxy-2.0.48-6.9.M20mdk.i586.rpm
82ca0e9319ef4ce1c0e4035affbc3f77 mnf/2.0/RPMS/apache2-mod_ssl-2.0.48-6.9.M20mdk.i586.rpm
69a57868e0bb930aa1f80a2a52ce66ed mnf/2.0/RPMS/apache2-modules-2.0.48-6.9.M20mdk.i586.rpm
d68d321fa52e1fda5740130d1bc73821 mnf/2.0/RPMS/libapr0-2.0.48-6.9.M20mdk.i586.rpm
e23874e9cec97aa3f720d00fe9694619 mnf/2.0/SRPMS/apache2-2.0.48-6.9.M20mdk.src.rpm
Corporate 3.0:
1c89b3ad77c737313acb5f1d5f48129b corporate/3.0/RPMS/apache2-2.0.48-6.9.C30mdk.i586.rpm
35e9f3b14c4de61538770009015a9554 corporate/3.0/RPMS/apache2-common-2.0.48-6.9.C30mdk.i586.rpm
55c0c1c976e29e79b44df58de2fea4ab corporate/3.0/RPMS/apache2-manual-2.0.48-6.9.C30mdk.i586.rpm
e65aa8841fc1a7bc3146c7370ca55e5b corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.9.C30mdk.i586.rpm
b6b5d352206a7643688e64d6a72219da corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.9.C30mdk.i586.rpm
2b281f5ab46acca21ead65966e46fbc4 corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.C30mdk.i586.rpm
715c79fd4f46883621a099c4124a8f68 corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.9.C30mdk.i586.rpm
64eca9c3242e64a98bbd7d0f20eb9ce0 corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.9.C30mdk.i586.rpm
589a154565d218cfaecb31992df1516e corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.9.C30mdk.i586.rpm
5ee73292109ad86649cd7345de4a895d corporate/3.0/RPMS/apache2-modules-2.0.48-6.9.C30mdk.i586.rpm
19dca123d4f2680b42972c438d57c6c5 corporate/3.0/RPMS/libapr0-2.0.48-6.9.C30mdk.i586.rpm
49e85703438cbe2e91a6c9cdf114b68c corporate/3.0/SRPMS/apache2-2.0.48-6.9.C30mdk.src.rpm
Corporate 3.0/X86_64:
ecb414e090a0f9fa94286960b5802a18 x86_64/corporate/3.0/RPMS/apache2-2.0.48-6.9.C30mdk.x86_64.rpm
af212e22e9fd393fc20a571ce7b5ef0a x86_64/corporate/3.0/RPMS/apache2-common-2.0.48-6.9.C30mdk.x86_64.rpm
dc68ff259e52b77291649ab877a4e8ca x86_64/corporate/3.0/RPMS/apache2-manual-2.0.48-6.9.C30mdk.x86_64.rpm
adc6238e04c25e2cacd27970c0c2127b x86_64/corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.9.C30mdk.x86_64.rpm
9487b688732a0da0ccef34527dac2b99 x86_64/corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.9.C30mdk.x86_64.rpm
59f097e6e3f07b4ab9d98d8399da2a11 x86_64/corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.C30mdk.x86_64.rpm
e2be8dce1adfb811af8a84595c5ab383 x86_64/corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.9.C30mdk.x86_64.rpm
bfba74b829509c6031e5ba0bae21ebd7 x86_64/corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.9.C30mdk.x86_64.rpm
5bf5d2e8968de23e9d80d187210ee1ba x86_64/corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.9.C30mdk.x86_64.rpm
c33572e8d8a3468531ee59f6e37e0f4f x86_64/corporate/3.0/RPMS/apache2-modules-2.0.48-6.9.C30mdk.x86_64.rpm
c9e65871380ca2fd72be75f532081bad x86_64/corporate/3.0/RPMS/lib64apr0-2.0.48-6.9.C30mdk.x86_64.rpm
49e85703438cbe2e91a6c9cdf114b68c x86_64/corporate/3.0/SRPMS/apache2-2.0.48-6.9.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: apache2
Advisory ID: MDKSA-2005:129
Date: August 3rd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Multi Network Firewall 2.0
______________________________________________________________________
Problem Description:
Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback which can only be exploited if the Apache server is configured to use a malicious certificate revocation list (CAN-2005-1268).
Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a "Content-Length" header which would cause Apache to incorrectly handle and forward the body of the request in a way that the receiving server processed it as a separate HTTP request. This could be used to allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks (CAN-2005-2088).
The updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
db011ebbe2f6af2c15d5cc00a7ec57db 10.0/RPMS/apache2-2.0.48-6.9.100mdk.i586.rpm
56be5a7ebf1a857fc850f12b8a966804 10.0/RPMS/apache2-common-2.0.48-6.9.100mdk.i586.rpm
2a2a7659e74ca24b671e253e0b0a6739 10.0/RPMS/apache2-devel-2.0.48-6.9.100mdk.i586.rpm
c275c2858a0cd53d869bbebefcf9aadc 10.0/RPMS/apache2-manual-2.0.48-6.9.100mdk.i586.rpm
f1556470e4d676ae449890f748bb14d1 10.0/RPMS/apache2-mod_cache-2.0.48-6.9.100mdk.i586.rpm
bd167f7e3d977275342cef51e91c2120 10.0/RPMS/apache2-mod_dav-2.0.48-6.9.100mdk.i586.rpm
ce097a184f899faca51cccbc92c7a5cd 10.0/RPMS/apache2-mod_deflate-2.0.48-6.9.100mdk.i586.rpm
2e5f211efdfa2e5d2d284742f936e074 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.100mdk.i586.rpm
31303fa7f3cc1fd1c62263180c78a2e2 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.9.100mdk.i586.rpm
b3038c4dee15fca38447895df92d21ec 10.0/RPMS/apache2-mod_ldap-2.0.48-6.9.100mdk.i586.rpm
d2660486ae85e3d4b6891c1f90684191 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.9.100mdk.i586.rpm
5922750acc8dae9b452ed022eeb4506d 10.0/RPMS/apache2-mod_proxy-2.0.48-6.9.100mdk.i586.rpm
1d8df60bf49e3347f0f902b17e8b4537 10.0/RPMS/apache2-mod_ssl-2.0.48-6.9.100mdk.i586.rpm
1641514604f52069ccc72210e160202f 10.0/RPMS/apache2-modules-2.0.48-6.9.100mdk.i586.rpm
6fa60c33625eb3b6ab78e3aef64b3402 10.0/RPMS/apache2-source-2.0.48-6.9.100mdk.i586.rpm
e876c2150532f8516941fedad3d5f880 10.0/RPMS/libapr0-2.0.48-6.9.100mdk.i586.rpm
fde6b2d1a9fea0cb99d965b1cc431de6 10.0/SRPMS/apache2-2.0.48-6.9.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
bc016b31f98ec4e7bbf34f4d987bf294 amd64/10.0/RPMS/apache2-2.0.48-6.9.100mdk.amd64.rpm
793330fe7dde37952ec192cec49839a5 amd64/10.0/RPMS/apache2-common-2.0.48-6.9.100mdk.amd64.rpm
85cb508e4d82f86ce27f227e84348266 amd64/10.0/RPMS/apache2-devel-2.0.48-6.9.100mdk.amd64.rpm
a182c95d9e95707da1de2556107f3669 amd64/10.0/RPMS/apache2-manual-2.0.48-6.9.100mdk.amd64.rpm
1e6bdb5e7bcbcfa148146e7318600519 amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.9.100mdk.amd64.rpm
bfe3085c937a747721b53c19502bafa2 amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.9.100mdk.amd64.rpm
68e8b111eefe41bbeec6d34ffe00c826 amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.9.100mdk.amd64.rpm
2e1115aec2cea497b5871f0c632b7486 amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.100mdk.amd64.rpm
4734d75962c456ceceaecc591aaa2ba7 amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.9.100mdk.amd64.rpm
4d71b5036171d773f71618290496de05 amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.9.100mdk.amd64.rpm
5e8263605352c365a5b533cea2af6482 amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.9.100mdk.amd64.rpm
a1d4b30b9007d8ce6d3f14827f71105c amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.9.100mdk.amd64.rpm
c2a0cbf927cad0737273fc5c7376ae1f amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.9.100mdk.amd64.rpm
b25727c42f74d12f51016f2dbbc2877a amd64/10.0/RPMS/apache2-modules-2.0.48-6.9.100mdk.amd64.rpm
8488740c4bbf88228c94c85c69a179ff amd64/10.0/RPMS/apache2-source-2.0.48-6.9.100mdk.amd64.rpm
b6c8158c5f99c5700b351579749f5ed1 amd64/10.0/RPMS/lib64apr0-2.0.48-6.9.100mdk.amd64.rpm
fde6b2d1a9fea0cb99d965b1cc431de6 amd64/10.0/SRPMS/apache2-2.0.48-6.9.100mdk.src.rpm
Mandrakelinux 10.1:
dfc22a83dc0fa3954130396056b3fcb4 10.1/RPMS/apache2-2.0.50-7.3.101mdk.i586.rpm
5a957baf5d3b3a4e23c9f753209a7cb8 10.1/RPMS/apache2-common-2.0.50-7.3.101mdk.i586.rpm
bbb22f539624def5a6834b3a2f41f151 10.1/RPMS/apache2-devel-2.0.50-7.3.101mdk.i586.rpm
1f8f5bd9629ef5b1007239d264e0163b 10.1/RPMS/apache2-manual-2.0.50-7.3.101mdk.i586.rpm
3e3d9a633fc64249a6c2ffc4a34312bd 10.1/RPMS/apache2-mod_cache-2.0.50-7.3.101mdk.i586.rpm
7b4c85871bd02ca5a16285adb4b6b0e1 10.1/RPMS/apache2-mod_dav-2.0.50-7.3.101mdk.i586.rpm
e9099625fdd18a375a2a5dfb50466a34 10.1/RPMS/apache2-mod_deflate-2.0.50-7.3.101mdk.i586.rpm
a01faaa30912a50b8b05578bd09906db 10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.3.101mdk.i586.rpm
e0afe6bcc497bc7675ca19e302edee54 10.1/RPMS/apache2-mod_file_cache-2.0.50-7.3.101mdk.i586.rpm
d7625aae3dd70d31a4e018c47d8c752a 10.1/RPMS/apache2-mod_ldap-2.0.50-7.3.101mdk.i586.rpm
2875579dbbb6fb2275888eb82edd2405 10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.3.101mdk.i586.rpm
1038eaae39e9bf271c5e291cf2f1e9c2 10.1/RPMS/apache2-mod_proxy-2.0.50-7.3.101mdk.i586.rpm
1180740c23a017aa18657b84ecbf3185 10.1/RPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.i586.rpm
af7be1db9940b8a9cf6227365bfe4953 10.1/RPMS/apache2-modules-2.0.50-7.3.101mdk.i586.rpm
de97b3d4332e1971d0a53f4556a56106 10.1/RPMS/apache2-source-2.0.50-7.3.101mdk.i586.rpm
7478ba1527f37f5d0d45b09c6c956892 10.1/RPMS/apache2-worker-2.0.50-7.3.101mdk.i586.rpm
7dfb5acdff36dbba754f553d52ad7fd0 10.1/SRPMS/apache2-2.0.50-7.3.101mdk.src.rpm
59099063cd9ce08dd4919047a3fabbea 10.1/SRPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
9b123ac403579bddd160c2e004e4474a x86_64/10.1/RPMS/apache2-2.0.50-7.3.101mdk.x86_64.rpm
d177b0a39048150fdcbe1c76ca06b76c x86_64/10.1/RPMS/apache2-common-2.0.50-7.3.101mdk.x86_64.rpm
f0543159b56b949cefda9d371953710b x86_64/10.1/RPMS/apache2-devel-2.0.50-7.3.101mdk.x86_64.rpm
e5cd3e4d5783c9d9c8bc6e3507cbcf55 x86_64/10.1/RPMS/apache2-manual-2.0.50-7.3.101mdk.x86_64.rpm
28cb57e08c8507632f33fb4f93bff147 x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.3.101mdk.x86_64.rpm
10a1467eb3467f24d47c418fa474e354 x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.3.101mdk.x86_64.rpm
2231db9e54fd0751c9535f65d92b8204 x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.3.101mdk.x86_64.rpm
dd8055fed5ab3a973b7564bbda69b85b x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.3.101mdk.x86_64.rpm
99420a62c756726d1f2943dc114e2252 x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.3.101mdk.x86_64.rpm
7f6b63a9aae218b5facac164cfc373df x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.3.101mdk.x86_64.rpm
f2c31e3c06f1a724452a312638e289e9 x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.3.101mdk.x86_64.rpm
65ca005aa9da5ca0217bab1ab160e3f0 x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.3.101mdk.x86_64.rpm
5e628b11db17519443b99ffbf9ee15d1 x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.x86_64.rpm
87e0dcda381114284edcde89abad618b x86_64/10.1/RPMS/apache2-modules-2.0.50-7.3.101mdk.x86_64.rpm
c9129e8f3250b988a54f12422ae8b19e x86_64/10.1/RPMS/apache2-source-2.0.50-7.3.101mdk.x86_64.rpm
767b15ae30336bfd2234c1321f6f66d2 x86_64/10.1/RPMS/apache2-worker-2.0.50-7.3.101mdk.x86_64.rpm
7dfb5acdff36dbba754f553d52ad7fd0 x86_64/10.1/SRPMS/apache2-2.0.50-7.3.101mdk.src.rpm
59099063cd9ce08dd4919047a3fabbea x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.src.rpm
Mandrakelinux 10.2:
1ca2ae50d22638a31c8af6c734a10708 10.2/RPMS/apache2-2.0.53-9.1.102mdk.i586.rpm
cb37acc10b2cb54fd1c130eb9bc1c91b 10.2/RPMS/apache2-common-2.0.53-9.1.102mdk.i586.rpm
81f76caa697c70bd1664f6b8d2240b48 10.2/RPMS/apache2-devel-2.0.53-9.1.102mdk.i586.rpm
187ef5bee839462b228c27b0e3030bc1 10.2/RPMS/apache2-manual-2.0.53-9.1.102mdk.i586.rpm
341212271ce65e34e45c6387cc8db140 10.2/RPMS/apache2-mod_cache-2.0.53-9.1.102mdk.i586.rpm
80481386b09d14db6bc003fe63478d7b 10.2/RPMS/apache2-mod_dav-2.0.53-9.1.102mdk.i586.rpm
35f7d8092a015ede56dc839e959b1b48 10.2/RPMS/apache2-mod_deflate-2.0.53-9.1.102mdk.i586.rpm
5def4e1615db9c737bf2e0ddb3006e86 10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.1.102mdk.i586.rpm
f583040aef7deaa580ab9ba62073d2bf 10.2/RPMS/apache2-mod_file_cache-2.0.53-9.1.102mdk.i586.rpm
6f1e9594d1505ab09306a4c62f954465 10.2/RPMS/apache2-mod_ldap-2.0.53-9.1.102mdk.i586.rpm
05b9a88df5ea49d99d39afca7406424f 10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.1.102mdk.i586.rpm
93aefd71936b00b41b12ef94b2ce2846 10.2/RPMS/apache2-mod_proxy-2.0.53-9.1.102mdk.i586.rpm
ed2df774035eb0dbe59068072aeeec79 10.2/RPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.i586.rpm
7ee623fb31b7f376b39975dfee0f31c0 10.2/RPMS/apache2-modules-2.0.53-9.1.102mdk.i586.rpm
59051fb0fe21645879fe0281e91db3e8 10.2/RPMS/apache2-peruser-2.0.53-9.1.102mdk.i586.rpm
ad69e3d21133523c91636385000d3bda 10.2/RPMS/apache2-source-2.0.53-9.1.102mdk.i586.rpm
a54b95b2c62f2fd8027576b26cf37c18 10.2/RPMS/apache2-worker-2.0.53-9.1.102mdk.i586.rpm
2b0c98cc0b33008809b0598548449765 10.2/SRPMS/apache2-2.0.53-9.1.102mdk.src.rpm
d661143590371366ed74be65d5e425ad 10.2/SRPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
e9af8fb208bd208b7ffa481643b8469b x86_64/10.2/RPMS/apache2-2.0.53-9.1.102mdk.x86_64.rpm
2cd3a72352db34a00186618d3f81b426 x86_64/10.2/RPMS/apache2-common-2.0.53-9.1.102mdk.x86_64.rpm
44bfc9125cf981b85c58b4d7550444a7 x86_64/10.2/RPMS/apache2-devel-2.0.53-9.1.102mdk.x86_64.rpm
3a5dcbd5883c8fd8b82fc29511ab49a4 x86_64/10.2/RPMS/apache2-manual-2.0.53-9.1.102mdk.x86_64.rpm
966050237bfa99fb5b12c219c2c92828 x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.1.102mdk.x86_64.rpm
c5b4cd5f4b13fa715f864b16fe93aa57 x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.1.102mdk.x86_64.rpm
951c80d965d5d726c24c25dc1a8a16df x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.1.102mdk.x86_64.rpm
70e59f70873401e6f6860037b7e4aed3 x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.1.102mdk.x86_64.rpm
2c908e5104d4b82e0f022f4ac626b4f2 x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.1.102mdk.x86_64.rpm
21433e67d76597d40f861ccb4cbfe87a x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.1.102mdk.x86_64.rpm
0d0eb089f16df8bdae792a07afe14bcf x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.1.102mdk.x86_64.rpm
cdf79606f5a389626a617bb3c686da33 x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.1.102mdk.x86_64.rpm
b4773216a19e79e54784f9e9ff096ddf x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.x86_64.rpm
7182963429a49b17c5bea219b04a2206 x86_64/10.2/RPMS/apache2-modules-2.0.53-9.1.102mdk.x86_64.rpm
26c382f742185b98696043ef49477527 x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.1.102mdk.x86_64.rpm
0a075ac9d255c6973696fbd8235b59a8 x86_64/10.2/RPMS/apache2-source-2.0.53-9.1.102mdk.x86_64.rpm
095fef6176f224c42145827b344946f2 x86_64/10.2/RPMS/apache2-worker-2.0.53-9.1.102mdk.x86_64.rpm
2b0c98cc0b33008809b0598548449765 x86_64/10.2/SRPMS/apache2-2.0.53-9.1.102mdk.src.rpm
d661143590371366ed74be65d5e425ad x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.src.rpm
Multi Network Firewall 2.0:
1a18dfe450b2f222bd303d699f9d6ad2 mnf/2.0/RPMS/apache2-2.0.48-6.9.M20mdk.i586.rpm
501464d0d433addc3bb4f40184c3c087 mnf/2.0/RPMS/apache2-common-2.0.48-6.9.M20mdk.i586.rpm
88d2c5d67cc53bce6681e6c155c97a04 mnf/2.0/RPMS/apache2-mod_cache-2.0.48-6.9.M20mdk.i586.rpm
59c231b8ca8fa4ac0e231e1cb0ab581d mnf/2.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.M20mdk.i586.rpm
30df96dcea309c22fa35501455692dc5 mnf/2.0/RPMS/apache2-mod_proxy-2.0.48-6.9.M20mdk.i586.rpm
82ca0e9319ef4ce1c0e4035affbc3f77 mnf/2.0/RPMS/apache2-mod_ssl-2.0.48-6.9.M20mdk.i586.rpm
69a57868e0bb930aa1f80a2a52ce66ed mnf/2.0/RPMS/apache2-modules-2.0.48-6.9.M20mdk.i586.rpm
d68d321fa52e1fda5740130d1bc73821 mnf/2.0/RPMS/libapr0-2.0.48-6.9.M20mdk.i586.rpm
e23874e9cec97aa3f720d00fe9694619 mnf/2.0/SRPMS/apache2-2.0.48-6.9.M20mdk.src.rpm
Corporate 3.0:
1c89b3ad77c737313acb5f1d5f48129b corporate/3.0/RPMS/apache2-2.0.48-6.9.C30mdk.i586.rpm
35e9f3b14c4de61538770009015a9554 corporate/3.0/RPMS/apache2-common-2.0.48-6.9.C30mdk.i586.rpm
55c0c1c976e29e79b44df58de2fea4ab corporate/3.0/RPMS/apache2-manual-2.0.48-6.9.C30mdk.i586.rpm
e65aa8841fc1a7bc3146c7370ca55e5b corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.9.C30mdk.i586.rpm
b6b5d352206a7643688e64d6a72219da corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.9.C30mdk.i586.rpm
2b281f5ab46acca21ead65966e46fbc4 corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.C30mdk.i586.rpm
715c79fd4f46883621a099c4124a8f68 corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.9.C30mdk.i586.rpm
64eca9c3242e64a98bbd7d0f20eb9ce0 corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.9.C30mdk.i586.rpm
589a154565d218cfaecb31992df1516e corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.9.C30mdk.i586.rpm
5ee73292109ad86649cd7345de4a895d corporate/3.0/RPMS/apache2-modules-2.0.48-6.9.C30mdk.i586.rpm
19dca123d4f2680b42972c438d57c6c5 corporate/3.0/RPMS/libapr0-2.0.48-6.9.C30mdk.i586.rpm
49e85703438cbe2e91a6c9cdf114b68c corporate/3.0/SRPMS/apache2-2.0.48-6.9.C30mdk.src.rpm
Corporate 3.0/X86_64:
ecb414e090a0f9fa94286960b5802a18 x86_64/corporate/3.0/RPMS/apache2-2.0.48-6.9.C30mdk.x86_64.rpm
af212e22e9fd393fc20a571ce7b5ef0a x86_64/corporate/3.0/RPMS/apache2-common-2.0.48-6.9.C30mdk.x86_64.rpm
dc68ff259e52b77291649ab877a4e8ca x86_64/corporate/3.0/RPMS/apache2-manual-2.0.48-6.9.C30mdk.x86_64.rpm
adc6238e04c25e2cacd27970c0c2127b x86_64/corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.9.C30mdk.x86_64.rpm
9487b688732a0da0ccef34527dac2b99 x86_64/corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.9.C30mdk.x86_64.rpm
59f097e6e3f07b4ab9d98d8399da2a11 x86_64/corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.C30mdk.x86_64.rpm
e2be8dce1adfb811af8a84595c5ab383 x86_64/corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.9.C30mdk.x86_64.rpm
bfba74b829509c6031e5ba0bae21ebd7 x86_64/corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.9.C30mdk.x86_64.rpm
5bf5d2e8968de23e9d80d187210ee1ba x86_64/corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.9.C30mdk.x86_64.rpm
c33572e8d8a3468531ee59f6e37e0f4f x86_64/corporate/3.0/RPMS/apache2-modules-2.0.48-6.9.C30mdk.x86_64.rpm
c9e65871380ca2fd72be75f532081bad x86_64/corporate/3.0/RPMS/lib64apr0-2.0.48-6.9.C30mdk.x86_64.rpm
49e85703438cbe2e91a6c9cdf114b68c x86_64/corporate/3.0/SRPMS/apache2-2.0.48-6.9.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com