Advisories

Mandriva Advisories

Package name	apache2
Date	September 8th, 2005
Advisory ID	MDKSA-2005:161
Affected versions	10.0, 10.1, CS3.0, MNF2.0, 10.2
Synopsis	Updated apache2 packages to address multiple vulnerabilities

Problem Description

A flaw was discovered in mod_ssl's handling of the "SSLVerifyClient"
directive. This flaw occurs if a virtual host is configured
using "SSLVerifyClient optional" and a directive "SSLVerifyClient
required" is set for a specific location. For servers configured in
this fashion, an attacker may be able to access resources that should
otherwise be protected, by not supplying a client certificate when
connecting. (CAN-2005-2700)

A flaw was discovered in Apache httpd where the byterange filter would
buffer certain responses into memory. If a server has a dynamic
resource such as a CGI script or PHP script that generates a large
amount of data, an attacker could send carefully crafted requests in
order to consume resources, potentially leading to a Denial of Service.
(CAN-2005-2728)

The updated packages have been patched to address these issues.

Updated Packages

Mandrakelinux 10.0

 c3ed23adb5520b012f1c10bd631c6018  10.0/RPMS/apache2-2.0.48-6.11.100mdk.i586.rpm
f8761ef4e61ce7744b75c8a8de61cdf1  10.0/RPMS/apache2-common-2.0.48-6.11.100mdk.i586.rpm
de2e7f74e89ebb37a6ef718a12be902f  10.0/RPMS/apache2-devel-2.0.48-6.11.100mdk.i586.rpm
ed0b72d5309626b96c3c38f1015c2860  10.0/RPMS/apache2-manual-2.0.48-6.11.100mdk.i586.rpm
f65a339780a083298403712270bf517a  10.0/RPMS/apache2-mod_cache-2.0.48-6.11.100mdk.i586.rpm
9810ac0cdc1d6215c4704f29eb315d0e  10.0/RPMS/apache2-mod_dav-2.0.48-6.11.100mdk.i586.rpm
1ec5364b1fcacfe2a38a9ec1d25b114b  10.0/RPMS/apache2-mod_deflate-2.0.48-6.11.100mdk.i586.rpm
b82a66e437c462e401fd3722a465bcf4  10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.11.100mdk.i586.rpm
e0fddaa3c8655c76dddeaefb3e0570ac  10.0/RPMS/apache2-mod_file_cache-2.0.48-6.11.100mdk.i586.rpm
59363c9c0d6525b269a40f975f4a6259  10.0/RPMS/apache2-mod_ldap-2.0.48-6.11.100mdk.i586.rpm
5b43545c79965b11d7957e6adba2313e  10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.11.100mdk.i586.rpm
dfcdfb0d8650d7c930172a3a5db3f441  10.0/RPMS/apache2-mod_proxy-2.0.48-6.11.100mdk.i586.rpm
0ce6233be2b2e36b0b386497bf208bc7  10.0/RPMS/apache2-mod_ssl-2.0.48-6.11.100mdk.i586.rpm
70dacf1f98682b910d0eaffd8b8e0eb9  10.0/RPMS/apache2-modules-2.0.48-6.11.100mdk.i586.rpm
7c409711aa895c8ea8cd3e7518e57bcb  10.0/RPMS/apache2-source-2.0.48-6.11.100mdk.i586.rpm
9bad55274b504895e56c53311c6b549f  10.0/RPMS/libapr0-2.0.48-6.11.100mdk.i586.rpm
8d29bf56013554140ee53950fcca9410  10.0/SRPMS/apache2-2.0.48-6.11.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 5959aa420b784a3c948a654f321cd2b9  amd64/10.0/RPMS/apache2-2.0.48-6.11.100mdk.amd64.rpm
111ac8f83281fb77a5dbc6736acacdb0  amd64/10.0/RPMS/apache2-common-2.0.48-6.11.100mdk.amd64.rpm
24ace7ff54ed9ca30ad63d2db911e488  amd64/10.0/RPMS/apache2-devel-2.0.48-6.11.100mdk.amd64.rpm
4d0c62200bcddbb537babe29ab8ee86a  amd64/10.0/RPMS/apache2-manual-2.0.48-6.11.100mdk.amd64.rpm
86bc78ee571b5e447d0db8178e0a4862  amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.11.100mdk.amd64.rpm
c7d69bd5d51eb9f234c818199fddbdea  amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.11.100mdk.amd64.rpm
4785b9e8da509317f018c582ea2fe9f4  amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.11.100mdk.amd64.rpm
ce00c70b1079da0a0a5432abc1d708a0  amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.11.100mdk.amd64.rpm
51e31767d8722fdd7e15fd7fc2c1bdde  amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.11.100mdk.amd64.rpm
562604623e02b8e4ad814dedb2c775eb  amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.11.100mdk.amd64.rpm
5f8bf2dab896c449e41702e400175d06  amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.11.100mdk.amd64.rpm
ea55786b6fc44014f08711fd6b94118e  amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.11.100mdk.amd64.rpm
0c4ee48682525c6c019ceaf7f3ffc21e  amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.11.100mdk.amd64.rpm
171cd403c98c5ffbc7085e458b52bbad  amd64/10.0/RPMS/apache2-modules-2.0.48-6.11.100mdk.amd64.rpm
f07995ed367ce585efa450d282a39f2a  amd64/10.0/RPMS/apache2-source-2.0.48-6.11.100mdk.amd64.rpm
7516f39fd25dfbe9df156d050cd5cf37  amd64/10.0/RPMS/lib64apr0-2.0.48-6.11.100mdk.amd64.rpm
8d29bf56013554140ee53950fcca9410  amd64/10.0/SRPMS/apache2-2.0.48-6.11.100mdk.src.rpm

Mandrakelinux 10.1

 9298f100a016ebf91e7ed2bb68ffa782  10.1/RPMS/apache2-2.0.50-7.4.101mdk.i586.rpm
c3c7c01a71aca7d898071fe38b9e0029  10.1/RPMS/apache2-common-2.0.50-7.4.101mdk.i586.rpm
06c7b2f7a0e294d7115472ec2795c6eb  10.1/RPMS/apache2-devel-2.0.50-7.4.101mdk.i586.rpm
3241deb8bfdce1d810552e1da4172eca  10.1/RPMS/apache2-manual-2.0.50-7.4.101mdk.i586.rpm
547d637c9af30e21159b7e5ca55f2e9e  10.1/RPMS/apache2-mod_cache-2.0.50-7.4.101mdk.i586.rpm
0d3b51a87cc28953a2f8e62a10060c78  10.1/RPMS/apache2-mod_dav-2.0.50-7.4.101mdk.i586.rpm
4a3e71db64f56229805ced06a2796143  10.1/RPMS/apache2-mod_deflate-2.0.50-7.4.101mdk.i586.rpm
7a14a53f7eb3c356c5f1aa377938e69d  10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.4.101mdk.i586.rpm
aa39ba4d397d0095a0854ee77ae72e1f  10.1/RPMS/apache2-mod_file_cache-2.0.50-7.4.101mdk.i586.rpm
a314cc48a755408e80bb9626e7a28731  10.1/RPMS/apache2-mod_ldap-2.0.50-7.4.101mdk.i586.rpm
b97420430cfd9190917dfb7a41e5f8d0  10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.4.101mdk.i586.rpm
5922f944a8fcf74ff0c9b45cffbb09f6  10.1/RPMS/apache2-mod_proxy-2.0.50-7.4.101mdk.i586.rpm
51111f25851c1bb2f4965070caf5ef0b  10.1/RPMS/apache2-mod_ssl-2.0.50-4.3.101mdk.i586.rpm
18d3410a2f360d821b60b46b3ec018a3  10.1/RPMS/apache2-modules-2.0.50-7.4.101mdk.i586.rpm
a5beb9688175b863ed6f6892bf23bed4  10.1/RPMS/apache2-source-2.0.50-7.4.101mdk.i586.rpm
bf038c8af8453bb09a25bd86d7a5d63f  10.1/RPMS/apache2-worker-2.0.50-7.4.101mdk.i586.rpm
02670d7f806c01e9733af31a5a829127  10.1/SRPMS/apache2-2.0.50-7.4.101mdk.src.rpm
bde0511732391a216ab69617740b1285  10.1/SRPMS/apache2-mod_ssl-2.0.50-4.3.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 cf3ffc2f4c6f77bef3fe9fdfbfa6ab18  x86_64/10.1/RPMS/apache2-2.0.50-7.4.101mdk.x86_64.rpm
0b859489be6190cc8864dd43ea25f6c9  x86_64/10.1/RPMS/apache2-common-2.0.50-7.4.101mdk.x86_64.rpm
f79e4889060bdaef1a0ba1f2e5e2d109  x86_64/10.1/RPMS/apache2-devel-2.0.50-7.4.101mdk.x86_64.rpm
9210487fb9bb2198ea9f7a344686ddfa  x86_64/10.1/RPMS/apache2-manual-2.0.50-7.4.101mdk.x86_64.rpm
2a003b0b92cf73dbd97357cdc83f7a80  x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.4.101mdk.x86_64.rpm
e9158f8904f42917b109d8c29a1eaef5  x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.4.101mdk.x86_64.rpm
7bc7ada5cb2e49eafacd58658a804e23  x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.4.101mdk.x86_64.rpm
3c2eb02ec0b6996b40ec2ed63ba0461b  x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.4.101mdk.x86_64.rpm
c5ef16ceace6b39b02980a2c1b2926db  x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.4.101mdk.x86_64.rpm
c8c0bd27d380053ae9639355a1879e12  x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.4.101mdk.x86_64.rpm
a0d9bb42c623783e2b69ace91ef8fe89  x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.4.101mdk.x86_64.rpm
4e01447b5b84020d1fef62334d134054  x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.4.101mdk.x86_64.rpm
b9452df883f869eb41ee8f1cbecbfe99  x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.3.101mdk.x86_64.rpm
f27ab73ba4c86da7d28185d01defa216  x86_64/10.1/RPMS/apache2-modules-2.0.50-7.4.101mdk.x86_64.rpm
f5b12191de96443e50de6d066e27bfa9  x86_64/10.1/RPMS/apache2-source-2.0.50-7.4.101mdk.x86_64.rpm
b9cec7a4e167a1f270452d4701447cb3  x86_64/10.1/RPMS/apache2-worker-2.0.50-7.4.101mdk.x86_64.rpm
02670d7f806c01e9733af31a5a829127  x86_64/10.1/SRPMS/apache2-2.0.50-7.4.101mdk.src.rpm
bde0511732391a216ab69617740b1285  x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.3.101mdk.src.rpm

Corporate Server 3.0

 22e18eaab021cfccf717d5eaec082ab1  corporate/3.0/RPMS/apache2-2.0.48-6.11.C30mdk.i586.rpm
24c63b872a0a532910acd4e700f69a06  corporate/3.0/RPMS/apache2-common-2.0.48-6.11.C30mdk.i586.rpm
764978136b58e99af9c26d57ef6f3b31  corporate/3.0/RPMS/apache2-manual-2.0.48-6.11.C30mdk.i586.rpm
4295a667e7658163c7b3f90556adce47  corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.11.C30mdk.i586.rpm
001d15856d121400c0dcfb3b5a1e9f3c  corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.11.C30mdk.i586.rpm
7d9c3ea628e86fbe2385c07f2b04a69d  corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.11.C30mdk.i586.rpm
eb7869e4b3f2e73b0636e6b06fce364a  corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.11.C30mdk.i586.rpm
457a47ed2f7279f303cc2e9d86030cda  corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.11.C30mdk.i586.rpm
4f929704feed4dcb3c9c443f3bed01dd  corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.11.C30mdk.i586.rpm
f7738c77a130fbbae2ee44b3af16e4a0  corporate/3.0/RPMS/apache2-modules-2.0.48-6.11.C30mdk.i586.rpm
d131b9a5dcd101b61779ee0ce619d105  corporate/3.0/RPMS/libapr0-2.0.48-6.11.C30mdk.i586.rpm
d9878cfe7baf397d8380155859a44f94  corporate/3.0/SRPMS/apache2-2.0.48-6.11.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 0a84ad543a6cf712509e12a0c013ab2a  x86_64/corporate/3.0/RPMS/apache2-2.0.48-6.11.C30mdk.x86_64.rpm
55b54f2b22a8f83e32fc73ec70f65f77  x86_64/corporate/3.0/RPMS/apache2-common-2.0.48-6.11.C30mdk.x86_64.rpm
02c191cae831d661661b579ca8e1c256  x86_64/corporate/3.0/RPMS/apache2-manual-2.0.48-6.11.C30mdk.x86_64.rpm
33fe9167e0a6d32d89161f8bed0bc814  x86_64/corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.11.C30mdk.x86_64.rpm
074cde9d633f8be9da84e0083650b18c  x86_64/corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.11.C30mdk.x86_64.rpm
4f6720edec1098c086840ce9bf299c07  x86_64/corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.11.C30mdk.x86_64.rpm
d080f16e0dd5ce782e3bf9e0090b4b90  x86_64/corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.11.C30mdk.x86_64.rpm
9b4be46d6b38c4e5532b34b8505a7bd8  x86_64/corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.11.C30mdk.x86_64.rpm
aa57fbec9ce8209025aacf4dcd810fab  x86_64/corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.11.C30mdk.x86_64.rpm
dd1c0390079c7417f9cb39b999644413  x86_64/corporate/3.0/RPMS/apache2-modules-2.0.48-6.11.C30mdk.x86_64.rpm
f1f046407392a27a740a5a63270b0ed3  x86_64/corporate/3.0/RPMS/lib64apr0-2.0.48-6.11.C30mdk.x86_64.rpm
d9878cfe7baf397d8380155859a44f94  x86_64/corporate/3.0/SRPMS/apache2-2.0.48-6.11.C30mdk.src.rpm

Multi Network Firewall 2.0

 ccade36dd4e32cfdea5aef5aabd9445d  mnf/2.0/RPMS/apache2-2.0.48-6.11.M20mdk.i586.rpm
c783539dc24d982c08475aaa3ce9a87b  mnf/2.0/RPMS/apache2-common-2.0.48-6.11.M20mdk.i586.rpm
062c695c4da5ba755e011b2aefe0f713  mnf/2.0/RPMS/apache2-mod_cache-2.0.48-6.11.M20mdk.i586.rpm
3bd4e212dde1b64cdc56c28ed04874b6  mnf/2.0/RPMS/apache2-mod_proxy-2.0.48-6.11.M20mdk.i586.rpm
8cd23bc9fa7986d2863cf8340b0ef260  mnf/2.0/RPMS/apache2-mod_ssl-2.0.48-6.11.M20mdk.i586.rpm
337ae7000dd56f6c0484ce0b23ae2fa6  mnf/2.0/RPMS/apache2-modules-2.0.48-6.11.M20mdk.i586.rpm
2925793c7118e7a223b30e0b070fbfa4  mnf/2.0/RPMS/libapr0-2.0.48-6.11.M20mdk.i586.rpm
b49bc4fa15deb0acd5d7365ce85c077b  mnf/2.0/SRPMS/apache2-2.0.48-6.11.M20mdk.src.rpm

Mandriva Linux LE2005

 181b063de484c836a09b4722f5062506  10.2/RPMS/apache2-2.0.53-9.2.102mdk.i586.rpm
1fec497d53d79ee8cc18a91d60986f87  10.2/RPMS/apache2-common-2.0.53-9.2.102mdk.i586.rpm
bcec08901215dc2e8848b877f04c23a0  10.2/RPMS/apache2-devel-2.0.53-9.2.102mdk.i586.rpm
f74f6cf726ab9108e617b9762388dd30  10.2/RPMS/apache2-manual-2.0.53-9.2.102mdk.i586.rpm
73772bfd561fc0ae7afb8eb374cc77d4  10.2/RPMS/apache2-mod_cache-2.0.53-9.2.102mdk.i586.rpm
39d5a0f538314926bc186071ca647425  10.2/RPMS/apache2-mod_dav-2.0.53-9.2.102mdk.i586.rpm
28226ee4f14f57a41dbbd91d83e9fdab  10.2/RPMS/apache2-mod_deflate-2.0.53-9.2.102mdk.i586.rpm
c252d21e6bcd0145152252f3f425aac4  10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.2.102mdk.i586.rpm
01bcf1dad802d65b8b4286f757561a0a  10.2/RPMS/apache2-mod_file_cache-2.0.53-9.2.102mdk.i586.rpm
c96c60e2f826aa9b6f1d639964541fd9  10.2/RPMS/apache2-mod_ldap-2.0.53-9.2.102mdk.i586.rpm
987c814d31bb5a7ef93d66902dfadbb4  10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.2.102mdk.i586.rpm
716e0be8b6f25d115b5ee01b5420db12  10.2/RPMS/apache2-mod_proxy-2.0.53-9.2.102mdk.i586.rpm
dd81510cb09113cdf2f9bc4acb4d4b1a  10.2/RPMS/apache2-mod_ssl-2.0.53-8.2.102mdk.i586.rpm
b9d81d6c8b1dcd45ae703b4507bdd3ac  10.2/RPMS/apache2-modules-2.0.53-9.2.102mdk.i586.rpm
51cb7958b2889d397d8d60d7f9a90a1b  10.2/RPMS/apache2-peruser-2.0.53-9.2.102mdk.i586.rpm
836bd59908b4db2796320ea09f5412a3  10.2/RPMS/apache2-source-2.0.53-9.2.102mdk.i586.rpm
d7d0f19642a1385224efc128d8081349  10.2/RPMS/apache2-worker-2.0.53-9.2.102mdk.i586.rpm
8a16e42b311c162399f3ae97d0744bbc  10.2/SRPMS/apache2-2.0.53-9.2.102mdk.src.rpm
9a0a2bd52a58f0ef58c5b0801487087a  10.2/SRPMS/apache2-mod_ssl-2.0.53-8.2.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 2da8a90a9b91e7428f87682ea11c18f0  x86_64/10.2/RPMS/apache2-2.0.53-9.2.102mdk.x86_64.rpm
e6242e8e02054a42492a981c11ac0c75  x86_64/10.2/RPMS/apache2-common-2.0.53-9.2.102mdk.x86_64.rpm
f6588bf6413735ead6f1f711fc8fa5ef  x86_64/10.2/RPMS/apache2-devel-2.0.53-9.2.102mdk.x86_64.rpm
6cdd4bde0e62373d0348b998b485a7c9  x86_64/10.2/RPMS/apache2-manual-2.0.53-9.2.102mdk.x86_64.rpm
bb1a0816904d1676b7607412fd1e8f96  x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.2.102mdk.x86_64.rpm
bc363f2c9b88261a3c5b02c15d0602a5  x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.2.102mdk.x86_64.rpm
4c7b1e938461c2919637fab4a56c1385  x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.2.102mdk.x86_64.rpm
8c4c5dace9c2c938a42cb6b9e6b5632f  x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.2.102mdk.x86_64.rpm
5a80b6838b2c801b2542aaacf2530767  x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.2.102mdk.x86_64.rpm
b7d2919c2c7aae6af042ee49f5cf02e6  x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.2.102mdk.x86_64.rpm
607abd1359be2164b57e4b9c69f8cc4f  x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.2.102mdk.x86_64.rpm
a676736f1b21bd03cacca254b2ede632  x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.2.102mdk.x86_64.rpm
2c771caff3e1d1d51a9b92b97fffd3c4  x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.2.102mdk.x86_64.rpm
5fd1df0e98c9e8216063b5445f0f7793  x86_64/10.2/RPMS/apache2-modules-2.0.53-9.2.102mdk.x86_64.rpm
45fbea3de4bcf57d751cc277d1ab4894  x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.2.102mdk.x86_64.rpm
344afa889c8eb9600f6a5c3064a12637  x86_64/10.2/RPMS/apache2-source-2.0.53-9.2.102mdk.x86_64.rpm
12f27ff5da9f84cfc21880bc241fad43  x86_64/10.2/RPMS/apache2-worker-2.0.53-9.2.102mdk.x86_64.rpm
8a16e42b311c162399f3ae97d0744bbc  x86_64/10.2/SRPMS/apache2-2.0.53-9.2.102mdk.src.rpm
9a0a2bd52a58f0ef58c5b0801487087a  x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.2.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2728

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer