|
 |
| Problem Description |
Four security vulnerabilities were fixed with the 1.3.31 release of
Apache. All of these issues have been backported and applied to the
provided packages. Thanks to Ralf Engelschall of OpenPKG for providing
the patches.
Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences
from its error logs. This could make it easier for attackers to insert
those sequences into the terminal emulators of administrators viewing
the error logs that contain vulnerabilities related to escape sequence
handling (CAN-2003-0020).
mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the
nonce of a client response by using an AuthNonce secret. Apache now
verifies the nonce returned in the client response to check whether it
was issued by itself by means of a "AuthDigestRealmSeed" secret exposed
as an MD5 checksum (CAN-2003-0987).
mod_acces in Apache 1.3 prior to 1.3.30, when running on big-endian
64-bit platforms, did not properly parse Allow/Deny rules using IP
addresses without a netmask. This could allow a remote attacker to
bypass intended access restrictions (CAN-2003-0993).
Apache 1.3 prior to 1.3.30, when using multiple listening sockets on
certain platforms, allows a remote attacker to cause a DoS by blocking
new connections via a short-lived connection on a rarely-accessed
listening socket (CAN-2004-0174). While this particular vulnerability
does not affect Linux, we felt it prudent to include the fix.
| Updated Packages |
Mandrakelinux 9.1
8430439cc946758536b8995214c6b241 9.1/RPMS/apache-1.3.27-8.2.91mdk.i586.rpm dafe80db84dc3ea0045a3cc88b706025 9.1/RPMS/apache-devel-1.3.27-8.2.91mdk.i586.rpm 8c94ba2f3663be3808f0b730aa816925 9.1/RPMS/apache-modules-1.3.27-8.2.91mdk.i586.rpm dfd5b600ad329ecbbaa48d86f87ac727 9.1/RPMS/apache-source-1.3.27-8.2.91mdk.i586.rpm cecbcfb44ca1f13fa3f0afacd8bb21df 9.1/SRPMS/apache-1.3.27-8.2.91mdk.src.rpm
Mandrakelinux 9.1/PPC
576fd9a94c7b0bdacbf87f03e6e1b193 ppc/9.1/RPMS/apache-1.3.27-8.2.91mdk.ppc.rpm 5cd0231dd70c466e62ef4774de67ea2c ppc/9.1/RPMS/apache-devel-1.3.27-8.2.91mdk.ppc.rpm e2bc6d8c1bc8fc35f8591ac2321f1796 ppc/9.1/RPMS/apache-modules-1.3.27-8.2.91mdk.ppc.rpm 0cf21078ea8708932689c3d1857cd21a ppc/9.1/RPMS/apache-source-1.3.27-8.2.91mdk.ppc.rpm cecbcfb44ca1f13fa3f0afacd8bb21df ppc/9.1/SRPMS/apache-1.3.27-8.2.91mdk.src.rpm
Mandrakelinux 9.2
ad40d4c4d037d2325f517a83b4a6ddbc 9.2/RPMS/apache-1.3.28-3.2.92mdk.i586.rpm 898d8e855ef2dca810a5e85740fbf418 9.2/RPMS/apache-devel-1.3.28-3.2.92mdk.i586.rpm c67b6a75cf890b8514746e486e498fc9 9.2/RPMS/apache-modules-1.3.28-3.2.92mdk.i586.rpm 66e48a0a86fe3f5b39e195e2b7fad7b3 9.2/RPMS/apache-source-1.3.28-3.2.92mdk.i586.rpm 929aae2cbc5af8267664e45855d7ca86 9.2/SRPMS/apache-1.3.28-3.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64
b4d4119cf47406a0a7aab2673588e4af amd64/9.2/RPMS/apache-1.3.28-3.2.92mdk.amd64.rpm 4bf14eabf3e85ae498b5d4fd2603fe8d amd64/9.2/RPMS/apache-devel-1.3.28-3.2.92mdk.amd64.rpm 2edc0182131aa5320a36525b4608a342 amd64/9.2/RPMS/apache-modules-1.3.28-3.2.92mdk.amd64.rpm e6e811b93283881650fd767167b4b85e amd64/9.2/RPMS/apache-source-1.3.28-3.2.92mdk.amd64.rpm 929aae2cbc5af8267664e45855d7ca86 amd64/9.2/SRPMS/apache-1.3.28-3.2.92mdk.src.rpm
Mandrakelinux 10.0
c10b863b2c71da6e3896135b51e28067 10.0/RPMS/apache-1.3.29-1.1.100mdk.i586.rpm 547ec6569770d99dcc38a2a516def5e1 10.0/RPMS/apache-devel-1.3.29-1.1.100mdk.i586.rpm e97605cb95bc7ee68c1622e4b7876bbe 10.0/RPMS/apache-modules-1.3.29-1.1.100mdk.i586.rpm 86e0eb12c74c6cf387c90bb871e05d96 10.0/RPMS/apache-source-1.3.29-1.1.100mdk.i586.rpm 8ea42133866f1dc766a66fdb0fbcef2c 10.0/SRPMS/apache-1.3.29-1.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
b3d493f6c856eaba6b6916c05c68b951 amd64/10.0/RPMS/apache-1.3.29-1.1.100mdk.amd64.rpm 7c3e65be2760ff13ae094a86972304d8 amd64/10.0/RPMS/apache-devel-1.3.29-1.1.100mdk.amd64.rpm 6fda2efdbcb30f7e2fa9686fb0f1a584 amd64/10.0/RPMS/apache-modules-1.3.29-1.1.100mdk.amd64.rpm d358734dc2a2829ecd05ebe368306c9c amd64/10.0/RPMS/apache-source-1.3.29-1.1.100mdk.amd64.rpm 8ea42133866f1dc766a66fdb0fbcef2c amd64/10.0/SRPMS/apache-1.3.29-1.1.100mdk.src.rpm
Multi Network Firewall 8.2
a7749a8b4c3c9812628b26a5936a7ec5 mnf8.2/RPMS/apache-1.3.23-4.4.M82mdk.i586.rpm 3bec21aa4d1a2c02eb46ea73ef1d073b mnf8.2/RPMS/apache-common-1.3.23-4.4.M82mdk.i586.rpm 55d3551d21662fcd0f9ff71c4ccebeff mnf8.2/RPMS/apache-modules-1.3.23-4.4.M82mdk.i586.rpm 7acbac463605bbd7e1eb438b3a48003a mnf8.2/SRPMS/apache-1.3.23-4.4.M82mdk.src.rpm
Corporate Server 2.1
2ba3f60a80db761f9e632807bb68490e corporate/2.1/RPMS/apache-1.3.26-7.1.C21mdk.i586.rpm b4d2ebf8611b8a7c96e2e4c573d82d04 corporate/2.1/RPMS/apache-common-1.3.26-7.1.C21mdk.i586.rpm 759c9a160cadf607f5e0b05f2527ef62 corporate/2.1/RPMS/apache-devel-1.3.26-7.1.C21mdk.i586.rpm 5cd5fc3340a801be7d6478c349e11356 corporate/2.1/RPMS/apache-manual-1.3.26-7.1.C21mdk.i586.rpm af88fd7db2f187abfa0f5bed00d2ea28 corporate/2.1/RPMS/apache-modules-1.3.26-7.1.C21mdk.i586.rpm 17541a17f20b94cd63c1ce208dd92161 corporate/2.1/RPMS/apache-source-1.3.26-7.1.C21mdk.i586.rpm 20022ad2481a7f9b6c589c5d54ff3ef2 corporate/2.1/SRPMS/apache-1.3.26-7.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64
0b97faa3320694e450b42b7c4c35117b x86_64/corporate/2.1/RPMS/apache-1.3.26-7.1.C21mdk.x86_64.rpm 2923a077d31e25128ca26f2ff39b2218 x86_64/corporate/2.1/RPMS/apache-common-1.3.26-7.1.C21mdk.x86_64.rpm bc02caab78d66f916497adef35813f66 x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-7.1.C21mdk.x86_64.rpm 946381e40bfd066e1eea5897dd2f1ccd x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-7.1.C21mdk.x86_64.rpm 165ae3c407da223e08c10cfd69ae1919 x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-7.1.C21mdk.x86_64.rpm 4904816fd0f79bf8aa2edf32487bdeb1 x86_64/corporate/2.1/RPMS/apache-source-1.3.26-7.1.C21mdk.x86_64.rpm 20022ad2481a7f9b6c589c5d54ff3ef2 x86_64/corporate/2.1/SRPMS/apache-1.3.26-7.1.C21mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.