Mandrakelinux Advisories: apache2, rsync

May 12, 2004, 02:24 (0 Talkback[s])

Mandrakelinux Security Update Advisory

Package name: apache2
Advisory ID: MDKSA-2004:043
Date: May 10th, 2004
Affected versions: 10.0, 9.1, 9.2

Problem Description:

A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server.

The updated packages provide a patched mod_ssl to correct these problems.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113

Updated Packages:

Mandrakelinux 10.0:
532c951a2e856a199362407bbd720bea 10.0/RPMS/apache2-2.0.48-6.1.100mdk.i586.rpm
aaf7818ed49d7eea93cd8be9bafc9604 10.0/RPMS/apache2-common-2.0.48-6.1.100mdk.i586.rpm
42e8e3361a2870ae5c764bee2334d3d2 10.0/RPMS/apache2-devel-2.0.48-6.1.100mdk.i586.rpm
93974a49c89c02483887bdbd80108ab2 10.0/RPMS/apache2-manual-2.0.48-6.1.100mdk.i586.rpm
ba37cf3b1997eb9449a7b1639c495afe 10.0/RPMS/apache2-mod_cache-2.0.48-6.1.100mdk.i586.rpm
16a6141a93fb829f491daf60860f5666 10.0/RPMS/apache2-mod_dav-2.0.48-6.1.100mdk.i586.rpm
6a8d97f4e4ac74aad25483b22fad95fc 10.0/RPMS/apache2-mod_deflate-2.0.48-6.1.100mdk.i586.rpm
1827a1ecf6250cb6d31c2613ad810463 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.1.100mdk.i586.rpm
5ef4c065e071275a9b291e483b3986e5 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.1.100mdk.i586.rpm
9c863cb5101db085b9955824bd452092 10.0/RPMS/apache2-mod_ldap-2.0.48-6.1.100mdk.i586.rpm
677d50bcfd6400e2d599a0f6076b68af 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.1.100mdk.i586.rpm
b76151c0bedac4f608617ed2af18abf4 10.0/RPMS/apache2-mod_proxy-2.0.48-6.1.100mdk.i586.rpm
e2adf66af1c6741fb2054197c2dbd6a6 10.0/RPMS/apache2-mod_ssl-2.0.48-6.1.100mdk.i586.rpm
7a27537ef71bc4d5c54625b060dbedf5 10.0/RPMS/apache2-modules-2.0.48-6.1.100mdk.i586.rpm
62e878523dc30fa0eb026b89d53c1194 10.0/RPMS/apache2-source-2.0.48-6.1.100mdk.i586.rpm
2a6c31fcaeb7bd382b2014c0e26e7aa1 10.0/RPMS/libapr0-2.0.48-6.1.100mdk.i586.rpm
10f0202c416df685f75cdf2e9e17371e 10.0/SRPMS/apache2-2.0.48-6.1.100mdk.src.rpm

Mandrakelinux 9.1:
224e5dda94a7a7dab82d79f6c46396a8 9.1/RPMS/apache2-2.0.47-1.7.91mdk.i586.rpm
22968f6ad5b25bff2642ad28021fc4af 9.1/RPMS/apache2-common-2.0.47-1.7.91mdk.i586.rpm
f1f68cdc9b7b7d0c54147dc3bf6640fa 9.1/RPMS/apache2-devel-2.0.47-1.7.91mdk.i586.rpm
0be71b125b03073f6488f36169559c47 9.1/RPMS/apache2-manual-2.0.47-1.7.91mdk.i586.rpm
1ce19c65a7934dfb5fa62ed2115351eb 9.1/RPMS/apache2-mod_dav-2.0.47-1.7.91mdk.i586.rpm
7887a7082207cce69fcc2ced053a4044 9.1/RPMS/apache2-mod_ldap-2.0.47-1.7.91mdk.i586.rpm
4e719e3ec078fe05b6b58916baf311eb 9.1/RPMS/apache2-mod_ssl-2.0.47-1.7.91mdk.i586.rpm
1908bcc959a702a9d7265dc3116a6ead 9.1/RPMS/apache2-modules-2.0.47-1.7.91mdk.i586.rpm
5817db5654c325471219ec4b3c98ccf4 9.1/RPMS/apache2-source-2.0.47-1.7.91mdk.i586.rpm
fcbc8d2e20e477aa0b63bb6a7e67c55b 9.1/RPMS/libapr0-2.0.47-1.7.91mdk.i586.rpm
3a63938eae592a0437fb76f64c7efd60 9.1/SRPMS/apache2-2.0.47-1.7.91mdk.src.rpm

Mandrakelinux 9.1/PPC:
b55c0dfd5a5d90ebc2e536c90d20ccf1 ppc/9.1/RPMS/apache2-2.0.47-1.7.91mdk.ppc.rpm
49400d29d0f7589bbd26f0ae3c4c689d ppc/9.1/RPMS/apache2-common-2.0.47-1.7.91mdk.ppc.rpm
b07803b544d4e001976229d21fbc531e ppc/9.1/RPMS/apache2-devel-2.0.47-1.7.91mdk.ppc.rpm
1fb08c4e5db906dc378b2f1c4899ea33 ppc/9.1/RPMS/apache2-manual-2.0.47-1.7.91mdk.ppc.rpm
fda663af745d7ad64279e9572dae211e ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.7.91mdk.ppc.rpm
d4de598464a6428923de3043ffa0c2a6 ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.7.91mdk.ppc.rpm
2105ce6164a02e459bb3eeeb07f3c8dd ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.7.91mdk.ppc.rpm
65b7f816e1931d238675d24b8395c610 ppc/9.1/RPMS/apache2-modules-2.0.47-1.7.91mdk.ppc.rpm
b1857e8f6b90546a8f0e1640e5af378d ppc/9.1/RPMS/apache2-source-2.0.47-1.7.91mdk.ppc.rpm
68860abfbb9e7ebd1454feebf2b261dd ppc/9.1/RPMS/libapr0-2.0.47-1.7.91mdk.ppc.rpm
3a63938eae592a0437fb76f64c7efd60 ppc/9.1/SRPMS/apache2-2.0.47-1.7.91mdk.src.rpm

Mandrakelinux 9.2:
789a99411d67d1ce4ea4476739fe8f05 9.2/RPMS/apache2-2.0.47-6.4.92mdk.i586.rpm
4a69dbc249db52654ce08c458bb12590 9.2/RPMS/apache2-common-2.0.47-6.4.92mdk.i586.rpm
e637e85cf0e7d26a3db224ca275873d4 9.2/RPMS/apache2-devel-2.0.47-6.4.92mdk.i586.rpm
aeba5b682e253a78068a7ee65de2f66c 9.2/RPMS/apache2-manual-2.0.47-6.4.92mdk.i586.rpm
81d435af697858141a8fabc90b33ae26 9.2/RPMS/apache2-mod_cache-2.0.47-6.4.92mdk.i586.rpm
b893135ff384838c0a349ea2eac4d3de 9.2/RPMS/apache2-mod_dav-2.0.47-6.4.92mdk.i586.rpm
9a20ef3b0904bf445b3ece28b7080164 9.2/RPMS/apache2-mod_deflate-2.0.47-6.4.92mdk.i586.rpm
ddec306b01653022bc65631bf05e5fde 9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.4.92mdk.i586.rpm
ffd1676b2b7b86846634979f4b168859 9.2/RPMS/apache2-mod_file_cache-2.0.47-6.4.92mdk.i586.rpm
bac512f8f990400ad0dbef903b38448b 9.2/RPMS/apache2-mod_ldap-2.0.47-6.4.92mdk.i586.rpm
7eda96296894a887d4d7618a24dc5aec 9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.4.92mdk.i586.rpm
6a79afc9bd5f1850be2bd82d244d8ccb 9.2/RPMS/apache2-mod_proxy-2.0.47-6.4.92mdk.i586.rpm
61972ba631c361f0e3f0863a26001d20 9.2/RPMS/apache2-mod_ssl-2.0.47-6.4.92mdk.i586.rpm
d97100f8181716eeb5d2ab4d20bb8bc1 9.2/RPMS/apache2-modules-2.0.47-6.4.92mdk.i586.rpm
08905fea2a078dbb36f953c17f334dce 9.2/RPMS/apache2-source-2.0.47-6.4.92mdk.i586.rpm
93c6a24dd9f4af88157e193df63a47c6 9.2/RPMS/libapr0-2.0.47-6.4.92mdk.i586.rpm
7d51dac774f2d887b4856990dc9fd5b1 9.2/SRPMS/apache2-2.0.47-6.4.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
7348baec2a9ee27adb7d3f0b9338a88d amd64/9.2/RPMS/apache2-2.0.47-6.4.92mdk.amd64.rpm
9397b3136c547cd44108572b95a77070 amd64/9.2/RPMS/apache2-common-2.0.47-6.4.92mdk.amd64.rpm
96fb3738db8400f305ec9dcb7d1ac6fa amd64/9.2/RPMS/apache2-devel-2.0.47-6.4.92mdk.amd64.rpm
41e476759a14a345664c23ff41352032 amd64/9.2/RPMS/apache2-manual-2.0.47-6.4.92mdk.amd64.rpm
6e7981bb03b337e006332b3954505353 amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.4.92mdk.amd64.rpm
9ac5aa7d5d4789c405606ffb94c73c27 amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.4.92mdk.amd64.rpm
69f831614c30c05396219c1f005e2a8f amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.4.92mdk.amd64.rpm
732d8e9b68178cff1ff84d461782471c amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.4.92mdk.amd64.rpm
de7d183e50e3f8d1f21b3096e3b673a6 amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.4.92mdk.amd64.rpm
a6e91e4734ced8e5374efaa1f2ca3a4c amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.4.92mdk.amd64.rpm
23efa2aebf4f31a22e039f30f30c13ae amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.4.92mdk.amd64.rpm
ec40d800c099decec00a5aae69b3b703 amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.4.92mdk.amd64.rpm
2fbf446a8c3d9bda09598415cb3c641d amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.4.92mdk.amd64.rpm
c6ab1265bf1ea5c2d34ac42293f5e12c amd64/9.2/RPMS/apache2-modules-2.0.47-6.4.92mdk.amd64.rpm
b1d8ff422f5fd0dd161208018717f0e0 amd64/9.2/RPMS/apache2-source-2.0.47-6.4.92mdk.amd64.rpm
9995904303e6275524baf47b16adbe39 amd64/9.2/RPMS/lib64apr0-2.0.47-6.4.92mdk.amd64.rpm
7d51dac774f2d887b4856990dc9fd5b1 amd64/9.2/SRPMS/apache2-2.0.47-6.4.92mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesecure.net/en/advisories/

Mandrakesoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>

Mandrakelinux Security Update Advisory

Package name: rsync
Advisory ID: MDKSA-2004:042
Date: May 10th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2

Problem Description:

Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path.

The updated packages provide a patched rsync to correct this problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426
http://rsync.samba.org/index.html

Updated Packages:

Mandrakelinux 10.0:
37d41b25e920dae54d4374eeb2c6ed35 10.0/RPMS/rsync-2.6.0-1.1.100mdk.i586.rpm
0a6caf4adbe90718f65508019c7c1cb0 10.0/SRPMS/rsync-2.6.0-1.1.100mdk.src.rpm

Corporate Server 2.1:
1ba8905c204e353773cfbabe28be3d52 corporate/2.1/RPMS/rsync-2.5.5-5.2.C21mdk.i586.rpm
800c75016100e86e11a4f14959d76540 corporate/2.1/SRPMS/rsync-2.5.5-5.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
7c0e49f5b8bf074fbe083034e529b5cf x86_64/corporate/2.1/RPMS/rsync-2.5.5-5.2.C21mdk.x86_64.rpm
800c75016100e86e11a4f14959d76540 x86_64/corporate/2.1/SRPMS/rsync-2.5.5-5.2.C21mdk.src.rpm

Mandrakelinux 9.1:
80b525c84d466a032cbe48fcc79452ea 9.1/RPMS/rsync-2.5.7-0.2.91mdk.i586.rpm
c8198fd64489c4fcd0e20b2b9ed6f10b 9.1/SRPMS/rsync-2.5.7-0.2.91mdk.src.rpm

Mandrakelinux 9.1/PPC:
54489631fc2d5e6fcb5b71e288dfb978 ppc/9.1/RPMS/rsync-2.5.7-0.2.91mdk.ppc.rpm
c8198fd64489c4fcd0e20b2b9ed6f10b ppc/9.1/SRPMS/rsync-2.5.7-0.2.91mdk.src.rpm

Mandrakelinux 9.2:
d2f05448f48f04b441d7c997cfbe69ac 9.2/RPMS/rsync-2.5.7-0.2.92mdk.i586.rpm
29b26aac40d01e55b325ae8094695fe8 9.2/SRPMS/rsync-2.5.7-0.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
b18d86bc4f40e4337451d832306341da amd64/9.2/RPMS/rsync-2.5.7-0.2.92mdk.amd64.rpm
29b26aac40d01e55b325ae8094695fe8 amd64/9.2/SRPMS/rsync-2.5.7-0.2.92mdk.src.rpm

Multi Network Firewall 8.2:
aaaa900e64e6f60734eecf65aafca07a mnf8.2/RPMS/rsync-2.5.4-2.2.M82mdk.i586.rpm
d3b5df904cbf31ad95794821fc296b75 mnf8.2/SRPMS/rsync-2.5.4-2.2.M82mdk.src.rpm