Linux Today - Mandrakelinux Advisories: apache2, rsync

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

Malware devs embrace open-source

A tale of two distros: Ubuntu and Linux Mint

Raspberry Pi benchmarked against Beagleboard, low price is long term

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Mandrakelinux Advisories: apache2, rsync

Mandrakelinux Advisories: apache2, rsync
May 12, 2004, 02 :24 UTC (0 Talkback[s]) (2450 reads)

Mandrakelinux Security Update Advisory

Package name: apache2
Advisory ID: MDKSA-2004:043
Date: May 10th, 2004
Affected versions: 10.0, 9.1, 9.2

Problem Description:

A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server.

The updated packages provide a patched mod_ssl to correct these problems.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113

Updated Packages:

Mandrakelinux 10.0:
532c951a2e856a199362407bbd720bea 10.0/RPMS/apache2-2.0.48-6.1.100mdk.i586.rpm
aaf7818ed49d7eea93cd8be9bafc9604 10.0/RPMS/apache2-common-2.0.48-6.1.100mdk.i586.rpm
42e8e3361a2870ae5c764bee2334d3d2 10.0/RPMS/apache2-devel-2.0.48-6.1.100mdk.i586.rpm
93974a49c89c02483887bdbd80108ab2 10.0/RPMS/apache2-manual-2.0.48-6.1.100mdk.i586.rpm
ba37cf3b1997eb9449a7b1639c495afe 10.0/RPMS/apache2-mod_cache-2.0.48-6.1.100mdk.i586.rpm
16a6141a93fb829f491daf60860f5666 10.0/RPMS/apache2-mod_dav-2.0.48-6.1.100mdk.i586.rpm
6a8d97f4e4ac74aad25483b22fad95fc 10.0/RPMS/apache2-mod_deflate-2.0.48-6.1.100mdk.i586.rpm
1827a1ecf6250cb6d31c2613ad810463 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.1.100mdk.i586.rpm
5ef4c065e071275a9b291e483b3986e5 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.1.100mdk.i586.rpm
9c863cb5101db085b9955824bd452092 10.0/RPMS/apache2-mod_ldap-2.0.48-6.1.100mdk.i586.rpm
677d50bcfd6400e2d599a0f6076b68af 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.1.100mdk.i586.rpm
b76151c0bedac4f608617ed2af18abf4 10.0/RPMS/apache2-mod_proxy-2.0.48-6.1.100mdk.i586.rpm
e2adf66af1c6741fb2054197c2dbd6a6 10.0/RPMS/apache2-mod_ssl-2.0.48-6.1.100mdk.i586.rpm
7a27537ef71bc4d5c54625b060dbedf5 10.0/RPMS/apache2-modules-2.0.48-6.1.100mdk.i586.rpm
62e878523dc30fa0eb026b89d53c1194 10.0/RPMS/apache2-source-2.0.48-6.1.100mdk.i586.rpm
2a6c31fcaeb7bd382b2014c0e26e7aa1 10.0/RPMS/libapr0-2.0.48-6.1.100mdk.i586.rpm
10f0202c416df685f75cdf2e9e17371e 10.0/SRPMS/apache2-2.0.48-6.1.100mdk.src.rpm

Mandrakelinux 9.1:
224e5dda94a7a7dab82d79f6c46396a8 9.1/RPMS/apache2-2.0.47-1.7.91mdk.i586.rpm
22968f6ad5b25bff2642ad28021fc4af 9.1/RPMS/apache2-common-2.0.47-1.7.91mdk.i586.rpm
f1f68cdc9b7b7d0c54147dc3bf6640fa 9.1/RPMS/apache2-devel-2.0.47-1.7.91mdk.i586.rpm
0be71b125b03073f6488f36169559c47 9.1/RPMS/apache2-manual-2.0.47-1.7.91mdk.i586.rpm
1ce19c65a7934dfb5fa62ed2115351eb 9.1/RPMS/apache2-mod_dav-2.0.47-1.7.91mdk.i586.rpm
7887a7082207cce69fcc2ced053a4044 9.1/RPMS/apache2-mod_ldap-2.0.47-1.7.91mdk.i586.rpm
4e719e3ec078fe05b6b58916baf311eb 9.1/RPMS/apache2-mod_ssl-2.0.47-1.7.91mdk.i586.rpm
1908bcc959a702a9d7265dc3116a6ead 9.1/RPMS/apache2-modules-2.0.47-1.7.91mdk.i586.rpm
5817db5654c325471219ec4b3c98ccf4 9.1/RPMS/apache2-source-2.0.47-1.7.91mdk.i586.rpm
fcbc8d2e20e477aa0b63bb6a7e67c55b 9.1/RPMS/libapr0-2.0.47-1.7.91mdk.i586.rpm
3a63938eae592a0437fb76f64c7efd60 9.1/SRPMS/apache2-2.0.47-1.7.91mdk.src.rpm

Mandrakelinux 9.1/PPC:
b55c0dfd5a5d90ebc2e536c90d20ccf1 ppc/9.1/RPMS/apache2-2.0.47-1.7.91mdk.ppc.rpm
49400d29d0f7589bbd26f0ae3c4c689d ppc/9.1/RPMS/apache2-common-2.0.47-1.7.91mdk.ppc.rpm
b07803b544d4e001976229d21fbc531e ppc/9.1/RPMS/apache2-devel-2.0.47-1.7.91mdk.ppc.rpm
1fb08c4e5db906dc378b2f1c4899ea33 ppc/9.1/RPMS/apache2-manual-2.0.47-1.7.91mdk.ppc.rpm
fda663af745d7ad64279e9572dae211e ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.7.91mdk.ppc.rpm
d4de598464a6428923de3043ffa0c2a6 ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.7.91mdk.ppc.rpm
2105ce6164a02e459bb3eeeb07f3c8dd ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.7.91mdk.ppc.rpm
65b7f816e1931d238675d24b8395c610 ppc/9.1/RPMS/apache2-modules-2.0.47-1.7.91mdk.ppc.rpm
b1857e8f6b90546a8f0e1640e5af378d ppc/9.1/RPMS/apache2-source-2.0.47-1.7.91mdk.ppc.rpm
68860abfbb9e7ebd1454feebf2b261dd ppc/9.1/RPMS/libapr0-2.0.47-1.7.91mdk.ppc.rpm
3a63938eae592a0437fb76f64c7efd60 ppc/9.1/SRPMS/apache2-2.0.47-1.7.91mdk.src.rpm

Mandrakelinux 9.2:
789a99411d67d1ce4ea4476739fe8f05 9.2/RPMS/apache2-2.0.47-6.4.92mdk.i586.rpm
4a69dbc249db52654ce08c458bb12590 9.2/RPMS/apache2-common-2.0.47-6.4.92mdk.i586.rpm
e637e85cf0e7d26a3db224ca275873d4 9.2/RPMS/apache2-devel-2.0.47-6.4.92mdk.i586.rpm
aeba5b682e253a78068a7ee65de2f66c 9.2/RPMS/apache2-manual-2.0.47-6.4.92mdk.i586.rpm
81d435af697858141a8fabc90b33ae26 9.2/RPMS/apache2-mod_cache-2.0.47-6.4.92mdk.i586.rpm
b893135ff384838c0a349ea2eac4d3de 9.2/RPMS/apache2-mod_dav-2.0.47-6.4.92mdk.i586.rpm
9a20ef3b0904bf445b3ece28b7080164 9.2/RPMS/apache2-mod_deflate-2.0.47-6.4.92mdk.i586.rpm
ddec306b01653022bc65631bf05e5fde 9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.4.92mdk.i586.rpm
ffd1676b2b7b86846634979f4b168859 9.2/RPMS/apache2-mod_file_cache-2.0.47-6.4.92mdk.i586.rpm
bac512f8f990400ad0dbef903b38448b 9.2/RPMS/apache2-mod_ldap-2.0.47-6.4.92mdk.i586.rpm
7eda96296894a887d4d7618a24dc5aec 9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.4.92mdk.i586.rpm
6a79afc9bd5f1850be2bd82d244d8ccb 9.2/RPMS/apache2-mod_proxy-2.0.47-6.4.92mdk.i586.rpm
61972ba631c361f0e3f0863a26001d20 9.2/RPMS/apache2-mod_ssl-2.0.47-6.4.92mdk.i586.rpm
d97100f8181716eeb5d2ab4d20bb8bc1 9.2/RPMS/apache2-modules-2.0.47-6.4.92mdk.i586.rpm
08905fea2a078dbb36f953c17f334dce 9.2/RPMS/apache2-source-2.0.47-6.4.92mdk.i586.rpm
93c6a24dd9f4af88157e193df63a47c6 9.2/RPMS/libapr0-2.0.47-6.4.92mdk.i586.rpm
7d51dac774f2d887b4856990dc9fd5b1 9.2/SRPMS/apache2-2.0.47-6.4.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
7348baec2a9ee27adb7d3f0b9338a88d amd64/9.2/RPMS/apache2-2.0.47-6.4.92mdk.amd64.rpm
9397b3136c547cd44108572b95a77070 amd64/9.2/RPMS/apache2-common-2.0.47-6.4.92mdk.amd64.rpm
96fb3738db8400f305ec9dcb7d1ac6fa amd64/9.2/RPMS/apache2-devel-2.0.47-6.4.92mdk.amd64.rpm
41e476759a14a345664c23ff41352032 amd64/9.2/RPMS/apache2-manual-2.0.47-6.4.92mdk.amd64.rpm
6e7981bb03b337e006332b3954505353 amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.4.92mdk.amd64.rpm
9ac5aa7d5d4789c405606ffb94c73c27 amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.4.92mdk.amd64.rpm
69f831614c30c05396219c1f005e2a8f amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.4.92mdk.amd64.rpm
732d8e9b68178cff1ff84d461782471c amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.4.92mdk.amd64.rpm
de7d183e50e3f8d1f21b3096e3b673a6 amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.4.92mdk.amd64.rpm
a6e91e4734ced8e5374efaa1f2ca3a4c amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.4.92mdk.amd64.rpm
23efa2aebf4f31a22e039f30f30c13ae amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.4.92mdk.amd64.rpm
ec40d800c099decec00a5aae69b3b703 amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.4.92mdk.amd64.rpm
2fbf446a8c3d9bda09598415cb3c641d amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.4.92mdk.amd64.rpm
c6ab1265bf1ea5c2d34ac42293f5e12c amd64/9.2/RPMS/apache2-modules-2.0.47-6.4.92mdk.amd64.rpm
b1d8ff422f5fd0dd161208018717f0e0 amd64/9.2/RPMS/apache2-source-2.0.47-6.4.92mdk.amd64.rpm
9995904303e6275524baf47b16adbe39 amd64/9.2/RPMS/lib64apr0-2.0.47-6.4.92mdk.amd64.rpm
7d51dac774f2d887b4856990dc9fd5b1 amd64/9.2/SRPMS/apache2-2.0.47-6.4.92mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesecure.net/en/advisories/

Mandrakesoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>

Mandrakelinux Security Update Advisory

Package name: rsync
Advisory ID: MDKSA-2004:042
Date: May 10th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2

Problem Description:

Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path.

The updated packages provide a patched rsync to correct this problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426
http://rsync.samba.org/index.html

Updated Packages:

Mandrakelinux 10.0:
37d41b25e920dae54d4374eeb2c6ed35 10.0/RPMS/rsync-2.6.0-1.1.100mdk.i586.rpm
0a6caf4adbe90718f65508019c7c1cb0 10.0/SRPMS/rsync-2.6.0-1.1.100mdk.src.rpm

Corporate Server 2.1:
1ba8905c204e353773cfbabe28be3d52 corporate/2.1/RPMS/rsync-2.5.5-5.2.C21mdk.i586.rpm
800c75016100e86e11a4f14959d76540 corporate/2.1/SRPMS/rsync-2.5.5-5.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
7c0e49f5b8bf074fbe083034e529b5cf x86_64/corporate/2.1/RPMS/rsync-2.5.5-5.2.C21mdk.x86_64.rpm
800c75016100e86e11a4f14959d76540 x86_64/corporate/2.1/SRPMS/rsync-2.5.5-5.2.C21mdk.src.rpm

Mandrakelinux 9.1:
80b525c84d466a032cbe48fcc79452ea 9.1/RPMS/rsync-2.5.7-0.2.91mdk.i586.rpm
c8198fd64489c4fcd0e20b2b9ed6f10b 9.1/SRPMS/rsync-2.5.7-0.2.91mdk.src.rpm

Mandrakelinux 9.1/PPC:
54489631fc2d5e6fcb5b71e288dfb978 ppc/9.1/RPMS/rsync-2.5.7-0.2.91mdk.ppc.rpm
c8198fd64489c4fcd0e20b2b9ed6f10b ppc/9.1/SRPMS/rsync-2.5.7-0.2.91mdk.src.rpm

Mandrakelinux 9.2:
d2f05448f48f04b441d7c997cfbe69ac 9.2/RPMS/rsync-2.5.7-0.2.92mdk.i586.rpm
29b26aac40d01e55b325ae8094695fe8 9.2/SRPMS/rsync-2.5.7-0.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
b18d86bc4f40e4337451d832306341da amd64/9.2/RPMS/rsync-2.5.7-0.2.92mdk.amd64.rpm
29b26aac40d01e55b325ae8094695fe8 amd64/9.2/SRPMS/rsync-2.5.7-0.2.92mdk.src.rpm

Multi Network Firewall 8.2:
aaaa900e64e6f60734eecf65aafca07a mnf8.2/RPMS/rsync-2.5.4-2.2.M82mdk.i586.rpm
d3b5df904cbf31ad95794821fc296b75 mnf8.2/SRPMS/rsync-2.5.4-2.2.M82mdk.src.rpm