Advisories
Mandriva Advisories
|
 |
| Problem Description |
PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm
in mod_perl 2.x, does not properly escape PATH_INFO before use in a
regular expression, which allows remote attackers to cause a denial
of service (resource consumption) via a crafted URI.
Updated packages have been patched to correct this issue.
| Updated Packages |
Corporate Server 3.0
e5e446755e5b3b403e573ee356bd01be corporate/3.0/i586/HTML-Embperl-1.3.29_1.3.6-3.2.C30mdk.i586.rpm 1399d977fdae6085bc59102b8577c052 corporate/3.0/i586/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.i586.rpm c49b2f2564a381aa22dd02b9d4f7c607 corporate/3.0/i586/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.i586.rpm f2534e8cd62267e0cfffb147323e816c corporate/3.0/i586/apache2-mod_perl-devel-2.0.48_1.99_11-3.1.C30mdk.i586.rpm cd85d71d94598d066a912b57ea8b1534 corporate/3.0/i586/mod_perl-common-1.3.29_1.29-3.2.C30mdk.i586.rpm 32700fd599acc6d2e012f00155586bc1 corporate/3.0/i586/mod_perl-devel-1.3.29_1.29-3.2.C30mdk.i586.rpm 0ff32be9c7e314b93142b25c0ccfc3ff corporate/3.0/SRPMS/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.src.rpm 672b33503464c59bdda5025f1004ab0b corporate/3.0/SRPMS/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.src.rpm
Corporate Server 3.0/X86_64
afc8e04510079792d9bf6a2c43dad3cf corporate/3.0/x86_64/HTML-Embperl-1.3.29_1.3.6-3.2.C30mdk.x86_64.rpm 35977f84e3a1ce37e0f5a50814675c7a corporate/3.0/x86_64/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.x86_64.rpm a8c7bd9351bcc6c83b204646df7bffdd corporate/3.0/x86_64/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.x86_64.rpm 397ad0e9ea70f6f0bcdae436b7dd4e53 corporate/3.0/x86_64/apache2-mod_perl-devel-2.0.48_1.99_11-3.1.C30mdk.x86_64.rpm 42c4e59c5174e84b7b7659de0f6d0b3e corporate/3.0/x86_64/mod_perl-common-1.3.29_1.29-3.2.C30mdk.x86_64.rpm 7acc7a6c50b41a4c9900910a0c1b3ec0 corporate/3.0/x86_64/mod_perl-devel-1.3.29_1.29-3.2.C30mdk.x86_64.rpm 0ff32be9c7e314b93142b25c0ccfc3ff corporate/3.0/SRPMS/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.src.rpm 672b33503464c59bdda5025f1004ab0b corporate/3.0/SRPMS/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.src.rpm
Mandriva Linux 2006
36fc6ebd1647bf1cd0d404f19342ad7e 2006.0/i586/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.i586.rpm 02dce36084140d70e829e47d960ea576 2006.0/i586/apache-mod_perl-devel-2.0.54_2.0.1-6.1.20060mdk.i586.rpm 0b880a7578f7f0d4378f9e21204696c9 2006.0/SRPMS/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.src.rpm
Mandriva Linux 2006/X86_64
fa69d3b6658b440e244404c8a27dc31a 2006.0/x86_64/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.x86_64.rpm e2cd324ddefb059d9e15c7cf29378dd6 2006.0/x86_64/apache-mod_perl-devel-2.0.54_2.0.1-6.1.20060mdk.x86_64.rpm 0b880a7578f7f0d4378f9e21204696c9 2006.0/SRPMS/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.src.rpm
Mandriva Linux 2007
a5144771fa71b818e2d89f8c417c5243 2007.0/i586/apache-mod_perl-2.0.2-8.1mdv2007.0.i586.rpm a165f6820d6c1ffd2cfc671aa2a44310 2007.0/i586/apache-mod_perl-devel-2.0.2-8.1mdv2007.0.i586.rpm a3829703a55a306a1132d496e63ec652 2007.0/SRPMS/apache-mod_perl-2.0.2-8.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
af928b60d4291c583bad0f4c04ca6169 2007.0/x86_64/apache-mod_perl-2.0.2-8.1mdv2007.0.x86_64.rpm e54445500f5ca4a28a3a4bbb2223d792 2007.0/x86_64/apache-mod_perl-devel-2.0.2-8.1mdv2007.0.x86_64.rpm a3829703a55a306a1132d496e63ec652 2007.0/SRPMS/apache-mod_perl-2.0.2-8.1mdv2007.0.src.rpm
Corporate Server 4.0
c7dbc8d2b1f4a7959cc8ba28b229512c corporate/4.0/i586/apache-mod_perl-2.0.2-8.1.20060mlcs4.i586.rpm 88e16a7e0755a3a1fe987f6f2c44336c corporate/4.0/i586/apache-mod_perl-devel-2.0.2-8.1.20060mlcs4.i586.rpm b540d29b6047b936c56df54fc112840a corporate/4.0/SRPMS/apache-mod_perl-2.0.2-8.1.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
737b44aec85fe3177a10c95e42394f08 corporate/4.0/x86_64/apache-mod_perl-2.0.2-8.1.20060mlcs4.x86_64.rpm f0244a54e2366d511486a2b4a0243ccb corporate/4.0/x86_64/apache-mod_perl-devel-2.0.2-8.1.20060mlcs4.x86_64.rpm b540d29b6047b936c56df54fc112840a corporate/4.0/SRPMS/apache-mod_perl-2.0.2-8.1.20060mlcs4.src.rpm
Mandriva Linux 2007.1
e52c43b0f7a66915e4c76aae38d3877b 2007.1/i586/apache-mod_perl-2.0.3-3.1mdv2007.1.i586.rpm 01fcca2beb3f2c79d9f4ac8aae13c631 2007.1/i586/apache-mod_perl-devel-2.0.3-3.1mdv2007.1.i586.rpm 3d752f5e1d08baf118da6ce8407a4ee7 2007.1/SRPMS/apache-mod_perl-2.0.3-3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64
e969fb39acb7ce53cf8528fbc6283a9d 2007.1/x86_64/apache-mod_perl-2.0.3-3.1mdv2007.1.x86_64.rpm 4d43ab40be1bd7b404866ae0af6e2663 2007.1/x86_64/apache-mod_perl-devel-2.0.3-3.1mdv2007.1.x86_64.rpm 3d752f5e1d08baf118da6ce8407a4ee7 2007.1/SRPMS/apache-mod_perl-2.0.3-3.1mdv2007.1.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.