Linux Today - Advisories: September 8, 2005

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories: September 8, 2005

Advisories: September 8, 2005
Sep 9, 2005, 05 :30 UTC (0 Talkback[s]) (3094 reads)

Debian GNU/Linux

Debian Security Advisory DSA 803-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 8th, 2005 http://www.debian.org/security/faq

Package : apache
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2088
Debian Bug : 322607

A vulnerability has been discovered in the Apache web server. When it is acting as an HTTP proxy, it allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks, which causes Apache to incorrectly handle and forward the body of the request.

For the old stable distribution (woody) this problem has been fixed in version 1.3.26-0woody7.

For the stable distribution (sarge) this problem has been fixed in version 1.3.33-6sarge1.

For the unstable distribution (sid) this problem has been fixed in version 1.3.33-8.

We recommend that you upgrade your Apache package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7.dsc
      Size/MD5 checksum: 668 498fa0b608affe5f54ca6f39c09ee842
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7.diff.gz
      Size/MD5 checksum: 301515 9aca1a8cc1bb9d2cf016dd59f66e318d
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26.orig.tar.gz
      Size/MD5 checksum: 2586182 5cd778bbe6906b5ef39dbb7ef801de61

Architecture independent components:

http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.26-0woody7_all.deb
Size/MD5 checksum: 1022808 3c34206949d744c5131401fb37bd80c4

Alpha architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_alpha.deb
      Size/MD5 checksum: 395714 420933ad19e04518f105c7c10a6bdca3
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_alpha.deb
      Size/MD5 checksum: 926264 af2983a29e494c582e40bd9e3bd6d5f3
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_alpha.deb
      Size/MD5 checksum: 714110 4a531cd2954b066755b68b9be16ace01

ARM architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_arm.deb
      Size/MD5 checksum: 361344 cec90195145f015edfbfc35313c7f6cc
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_arm.deb
      Size/MD5 checksum: 839138 bc71db85fa4eff02aa30caaa757a5f2f
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_arm.deb
      Size/MD5 checksum: 544586 62191863ffd4f96497754f4b915a3c50

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_i386.deb
      Size/MD5 checksum: 350294 fba3a1bc003f12e9ee66bd82151c8a81
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_i386.deb
      Size/MD5 checksum: 812910 2e7fd26fa78f0a6b908299a169bd602b
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_i386.deb
      Size/MD5 checksum: 535754 d5868a7f4e0dea7465bedfabaebeeab4

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_ia64.deb
      Size/MD5 checksum: 437076 390ca31bee590563697f2ec874a9ab8e
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_ia64.deb
      Size/MD5 checksum: 1012722 08eb945393ea1d387db567b9d77b8c0d
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_ia64.deb
      Size/MD5 checksum: 949382 74acda01856de32d4e088e2979af4e21

HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_hppa.deb
      Size/MD5 checksum: 386404 38d85074b963f4c60d2c07e8f8437027
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_hppa.deb
      Size/MD5 checksum: 891868 9d205f549055bd60ca4ff7d829f4fc23
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_hppa.deb
      Size/MD5 checksum: 587298 1fd0eeb14f911f7292a2ed151f1963d3

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_m68k.deb
      Size/MD5 checksum: 348106 fb9185202aafe64373cb39f74a2896ab
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_m68k.deb
      Size/MD5 checksum: 821416 08e1b1b1f63ac8444573e0eab09a6134
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_m68k.deb
      Size/MD5 checksum: 537452 be018f9034cb1585c4351d7a3edfb9e8

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_mips.deb
      Size/MD5 checksum: 376696 568c92beb624c9d5667f49564f441c93
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_mips.deb
      Size/MD5 checksum: 844412 6083195b5a3c769affdbed0c1c4cd4e5
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_mips.deb
      Size/MD5 checksum: 576630 6f40ec8c0c9f7782841a9b26a25598c5

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_mipsel.deb
      Size/MD5 checksum: 376756 78ca3c2a563dbc360e0b097261b5e96c
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_mipsel.deb
      Size/MD5 checksum: 843080 e39f27bc7d1643b8401be0b2e28e2190
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_mipsel.deb
      Size/MD5 checksum: 565760 ff557d4a490f6816e845a211f8b922f4

PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_powerpc.deb
      Size/MD5 checksum: 367218 d7cb4f03e68396ded487f9ced5bb4aaf
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_powerpc.deb
      Size/MD5 checksum: 846502 fb418736bd7c2f6a1ca334975846fddc
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_powerpc.deb
      Size/MD5 checksum: 559280 16166fe59363ec62ad55dbfba0b943ac

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_s390.deb
      Size/MD5 checksum: 363954 e6d6879c6d646d6e1fb0219d814164ba
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_s390.deb
      Size/MD5 checksum: 832858 15e2a71fc2034c1a4ea87ce76d2c265b
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_s390.deb
      Size/MD5 checksum: 559654 9864c8523283558ef2634223c8e30175

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_sparc.deb
      Size/MD5 checksum: 361122 91a73fa039e886fa5d7ec71e5f6c2be4
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_sparc.deb
      Size/MD5 checksum: 847538 18486b37535a3efbf2da6e1980e191af
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_sparc.deb
      Size/MD5 checksum: 545090 5c5a24942e0368597043dad517dc842d

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1.dsc
      Size/MD5 checksum: 1119 1fd30bda6f8ced16f68a75b42062e719
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1.diff.gz
      Size/MD5 checksum: 369073 9b04027dc8af9fc5c19bef5304d6d1a6
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz
      Size/MD5 checksum: 3105683 1a34f13302878a8713a2ac760d9b6da8

Architecture independent components:

    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge1_all.deb
      Size/MD5 checksum: 331258 2690e824569ca7d3b20c22697fff83ac
    http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge1_all.deb
      Size/MD5 checksum: 1189326 53df3e1f7e47375c957673ff49649ee2
    http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge1_all.deb
      Size/MD5 checksum: 212030 1a9af803b7bb9ee718c8d2463157c73d

Alpha architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_alpha.deb
      Size/MD5 checksum: 428030 3ffbf8af975d56bc7db1061251203648
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_alpha.deb
      Size/MD5 checksum: 903960 fdc9c4b3baa5a2d9bac6132b2505e9b9
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_alpha.deb
      Size/MD5 checksum: 9223190 723b5e2c114d4c1ffe17d4c875cef946
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_alpha.deb
      Size/MD5 checksum: 569232 8982fb3879163bf11223cd68e153b630
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_alpha.deb
      Size/MD5 checksum: 542450 9828318e78f6e8c48b393b7e56e902da
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_alpha.deb
      Size/MD5 checksum: 504952 5f37c07c2cd257fe8a977c2bccf84196

AMD64 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_amd64.deb
      Size/MD5 checksum: 398816 fc41d5cc0df349bdfa3068150af6ce56
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_amd64.deb
      Size/MD5 checksum: 872748 1acdcb70258e22a443c1d8eafd9df6d8
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_amd64.deb
      Size/MD5 checksum: 9162752 ac8622c137cbcd3add6ef4456fe4d194
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_amd64.deb
      Size/MD5 checksum: 521410 7bad8992492c57535e63b073bbdd70a2
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_amd64.deb
      Size/MD5 checksum: 511600 440d57d227bacbba250e42b0998d3472
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_amd64.deb
      Size/MD5 checksum: 491566 d743410216b058f4dcda5d6a0edf6bfc

ARM architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_arm.deb
      Size/MD5 checksum: 384126 8625ed1b91de09247d944ddc324072a4
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_arm.deb
      Size/MD5 checksum: 841216 b06943003e94af6a1a713764f8829e04
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_arm.deb
      Size/MD5 checksum: 8986348 771b93d92f4bb496ea38968b7e7ab453
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_arm.deb
      Size/MD5 checksum: 495786 e83abce208df8f4d83c372ac7acad26b
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_arm.deb
      Size/MD5 checksum: 489450 8724665288e98071aa40a48214479340
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_arm.deb
      Size/MD5 checksum: 479176 ef5eb11ec3ec10b04e1d652e67a1a881

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_i386.deb
      Size/MD5 checksum: 385394 d1fb460ac66b9c279bb973962c6b37a6
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_i386.deb
      Size/MD5 checksum: 844800 ad852939fd0e97aa35f731e506888eca
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_i386.deb
      Size/MD5 checksum: 9128930 d39bd56c23b083feeb2d30c1582ac091
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_i386.deb
      Size/MD5 checksum: 504894 49cff4c1bc76b51806afe487c0a93fd5
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_i386.deb
      Size/MD5 checksum: 492748 fa4e8d3d4c725d0145c78b3f782566d3
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_i386.deb
      Size/MD5 checksum: 485896 0ad21611cc1f3e24e4b51b0b0a76b1bf

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_ia64.deb
      Size/MD5 checksum: 463278 f57f06ae8694e78bfa01fe01ae294579
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_ia64.deb
      Size/MD5 checksum: 971458 50569cef954ad7d77b7f239fc31f951b
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_ia64.deb
      Size/MD5 checksum: 9355914 a14cfca2717ae3221703ba675ffc72b8
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_ia64.deb
      Size/MD5 checksum: 627244 1c7a43c3824f95ba5bca90478a755070
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_ia64.deb
      Size/MD5 checksum: 585816 2d9b76094d06abe31ded988ca2706fb9
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_ia64.deb
      Size/MD5 checksum: 532720 4a9d91d7472ceb574f2cb33a798ff4fb

HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_hppa.deb
      Size/MD5 checksum: 406526 e0e289829771783148f0aa8fd6b42887
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_hppa.deb
      Size/MD5 checksum: 905350 9919f238e92cae322d4ff4c05ed9ee5d
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_hppa.deb
      Size/MD5 checksum: 9101106 edb4267ac44bf9ecc5a101ca037f36c4
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_hppa.deb
      Size/MD5 checksum: 535940 eae642e169c3d570a8925051b485b9f0
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_hppa.deb
      Size/MD5 checksum: 518712 a12117ebb93f2dc0d9a5c6fdacc469a9
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_hppa.deb
      Size/MD5 checksum: 508670 c3cea44f6e4cbb3807a43d6126ee37b1

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_m68k.deb
      Size/MD5 checksum: 370908 a2c3e424759606dd7458accef0b44f1a
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_m68k.deb
      Size/MD5 checksum: 846822 1fe7f8bd1fc4d9a14781240b6feaa7d7
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_m68k.deb
      Size/MD5 checksum: 8973276 ef9b79490ab44c218453d89514250a7a
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_m68k.deb
      Size/MD5 checksum: 448590 5c66ff250a26bc1c37b0fcdaa2119a08
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_m68k.deb
      Size/MD5 checksum: 477172 d7f6a3d1bdbc2503cb2c4a195290e9af
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_m68k.deb
      Size/MD5 checksum: 489260 a148e7a997d6eb61157d0323fab7bfb1

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_mips.deb
      Size/MD5 checksum: 403176 6b843eba1a3e47e7199b9177470442db
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_mips.deb
      Size/MD5 checksum: 851408 bd4260941f9ff3225239f435a3434f25
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_mips.deb
      Size/MD5 checksum: 9048796 f74919a30dfe9f9528b8203f29f3d13a
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_mips.deb
      Size/MD5 checksum: 485022 a3535fcc942da7cf5b6b65c35a953a51
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_mips.deb
      Size/MD5 checksum: 509744 b3727680a67aa43a28de81cd8177a5a8
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_mips.deb
      Size/MD5 checksum: 443412 2c0450982c0784bff8c949f4b009ec71

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_mipsel.deb
      Size/MD5 checksum: 403554 9267cff98a6f26601eec930ee465a15d
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_mipsel.deb
      Size/MD5 checksum: 849718 296ee1fce7f27226e3a74bddecfee3cf
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_mipsel.deb
      Size/MD5 checksum: 9054322 2f0acb4f4fd17284984df97fcd2d6e3d
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_mipsel.deb
      Size/MD5 checksum: 485244 1f05badc7c8e3355c367e36b5dcf70e9
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_mipsel.deb
      Size/MD5 checksum: 510556 754c9c85a0c40a54b0a5a3826ef3abbd
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_mipsel.deb
      Size/MD5 checksum: 443336 1c10dd7f81c00d9673ad4aa979fb242e

PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_powerpc.deb
      Size/MD5 checksum: 398582 d68c136329d94f8bfa9bfb71bcb07e2c
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_powerpc.deb
      Size/MD5 checksum: 921236 9bcad607aaae2cb909c91da5fed9011e
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_powerpc.deb
      Size/MD5 checksum: 9252826 71e4ba9567ec87c4027b93f7b652b95a
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_powerpc.deb
      Size/MD5 checksum: 515222 4e452c60d904b82a2e053c92383a63c4
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_powerpc.deb
      Size/MD5 checksum: 510242 cb5374bd1c272609f21554e63f696c69
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_powerpc.deb
      Size/MD5 checksum: 490588 77a97a033d92d14ba9ea7f602d558735

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_s390.deb
      Size/MD5 checksum: 403082 e114c88f6c2dd4ba6ee0b04d5a914cd8
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_s390.deb
      Size/MD5 checksum: 868348 b43f4c5706945e0ecddc05a28472655a
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_s390.deb
      Size/MD5 checksum: 9183454 f09e3839b02a0f7923a3b7da33c2c6e3
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_s390.deb
      Size/MD5 checksum: 489950 c90188ab4b4bab70009d32ef7cca0764
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_s390.deb
      Size/MD5 checksum: 514356 bfa36941fa00567abac50a90112f7b44
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_s390.deb
      Size/MD5 checksum: 460380 55ac06c1de1a071a8fb0a0c04c769985

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_sparc.deb
      Size/MD5 checksum: 385444 728bb478200c9d1c584f0360ac4fc487
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_sparc.deb
      Size/MD5 checksum: 848868 fec17b5c0e4e0bb626e563db38e3704b
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_sparc.deb
      Size/MD5 checksum: 9046688 802b70f23eed8abd0767aed4b72901e7
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_sparc.deb
      Size/MD5 checksum: 504046 1984de0906eded5c01dd485a6bcfcfe5
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_sparc.deb
      Size/MD5 checksum: 491800 ec7cd2874c2d64ca64cd471a26212632
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_sparc.deb
      Size/MD5 checksum: 490198 a2c4676f9fd79892234f2f03ec188fb3

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 804-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 8th, 2005 http://www.debian.org/security/faq

Package : kdelibs
Vulnerability : insecure permissions
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-1920

KDE developers have reported a vulnerability in the backup file handling of Kate and Kwrite. The backup files are created with default permissions, even if the original file had more strict permissions set. This could disclose information unintendedly.

For the stable distribution (sarge) this problem has been fixed in version 3.3.2-6.2.

For the unstable distribution (sid) these problems have been fixed in version 3.4.1-1.

We recommend that you upgrade your kate package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2.dsc
      Size/MD5 checksum: 1255 483c95e5daf87366aed15fc25d1f5cb0
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2.diff.gz
      Size/MD5 checksum: 404164 7c221eb2cb7f110c4e6c0e124a72ead1
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2.orig.tar.gz
      Size/MD5 checksum: 18250342 04f10ddfa8bf9e359f391012806edc04

Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.3.2-6.2_all.deb
      Size/MD5 checksum: 7094348 a4ba83e80051d39338be12beeb6c6db7
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.3.2-6.2_all.deb
      Size/MD5 checksum: 11533148 dfd0916af8c7a6f9250797d0582b026e
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2_all.deb
      Size/MD5 checksum: 27804 b09d44d53b16bbee369864a97f7a1a65

Alpha architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_alpha.deb
      Size/MD5 checksum: 995486 2c34cfea7388d0fddebb298d28208230
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_alpha.deb
      Size/MD5 checksum: 9282802 8ff374e3fb8301721fae64795d105a25
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_alpha.deb
      Size/MD5 checksum: 1245828 12902a2bc48712b8dc2078d504e93ce1

AMD64 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_amd64.deb
      Size/MD5 checksum: 923202 2f294881d0f02bd5fb8150e970d4e92e
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_amd64.deb
      Size/MD5 checksum: 8513542 c51108afe37b9627a0cf3b6be0bd1b1a
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_amd64.deb
      Size/MD5 checksum: 1240540 c1d112b699ab6446589e3364501ea5e2

ARM architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_arm.deb
      Size/MD5 checksum: 811038 6ab24a7d469012e6055dade8ad5776e3
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_arm.deb
      Size/MD5 checksum: 7594720 8522c2252a063b90a403a8332ff4e77a
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_arm.deb
      Size/MD5 checksum: 1239128 419560c0b5fbf685f96e603167bfbb85

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_i386.deb
      Size/MD5 checksum: 863944 f632bf601e9d365cfa328846b381d975
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_i386.deb
      Size/MD5 checksum: 8205918 5424c3b4cc9157af8c6397947925fedc
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_i386.deb
      Size/MD5 checksum: 1240090 58196248a56aa65666ea4f9b797e59b3

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_ia64.deb
      Size/MD5 checksum: 1148720 a2699e42dbff841c5f76a4723bd2ab68
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_ia64.deb
      Size/MD5 checksum: 10772880 4ed5ce9902a27e30beec5203cfc5383a
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_ia64.deb
      Size/MD5 checksum: 1253362 08f1fdf4719e826bdbfc08ec7db96176

HP Precision architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_hppa.deb
      Size/MD5 checksum: 945552 80bba0f50f46cf3df8d4128babef70b6
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_hppa.deb
      Size/MD5 checksum: 9305578 8a9dfcf80dd6933cf67315218213cbee
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_hppa.deb
      Size/MD5 checksum: 1243438 467722d7eaed3a16e2a54af3591abc9a

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_m68k.deb
      Size/MD5 checksum: 837964 ccb138a26e097177edc77e518b9431ce
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_m68k.deb
      Size/MD5 checksum: 7916544 fa76d9fe08d0f84b46365b980a52402a
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_m68k.deb
      Size/MD5 checksum: 1237598 9bd963ab4e7f04135a3f33f90c944d4a

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_mips.deb
      Size/MD5 checksum: 876822 727b1bd6c50a8acf90740811dbfc316d
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_mips.deb
      Size/MD5 checksum: 7426328 da9a3aa25f8ccc04a1be6b65a1741d5b
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_mips.deb
      Size/MD5 checksum: 1238184 7a5e3a18453b67a5f959a39db973e597

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_mipsel.deb
      Size/MD5 checksum: 873134 343b7aa8020f606fdd158e21f007e652
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_mipsel.deb
      Size/MD5 checksum: 7298044 34c6038b2437b771c778eb7bc8c9ab83
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_mipsel.deb
      Size/MD5 checksum: 1238048 30537a2615302d85bc1fb40713bc3405

PowerPC architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_powerpc.deb
      Size/MD5 checksum: 903792 c09601d486c2763fd09fcfb4fd5f09ad
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_powerpc.deb
      Size/MD5 checksum: 7922190 9b82276bacc75ae5853c639ca78957d6
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_powerpc.deb
      Size/MD5 checksum: 1242190 fb0894185ff11865d871ed9e724682f1

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_s390.deb
      Size/MD5 checksum: 892444 9ef1bc507ee96a815fabfb7b2b417cd8
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_s390.deb
      Size/MD5 checksum: 8636302 82321ab6e9bfc4a1e472e3689eb1fb6f
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_s390.deb
      Size/MD5 checksum: 1239584 7f1460f0299a51fbb10dbeca8ee7af2f

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_sparc.deb
      Size/MD5 checksum: 825002 d8b9497e79340e9e6010f1093e2324c7
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_sparc.deb
      Size/MD5 checksum: 7745946 7da1e6a7ab6a5db078923d0108c6f2ce
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_sparc.deb
      Size/MD5 checksum: 1238828 6a9d2330a6596a12a6d23202ca079089

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 805-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 8th, 2005 http://www.debian.org/security/faq

Package : apache2
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CAN-2005-1268 CAN-2005-2088 CAN-2005-2700 CAN-2005-2728
BugTraq ID : 14660
Debian Bugs : 316173 320048 320063 326435

Several problems have been discovered in Apache2, the next generation, scalable, extendable web server. The Common Vulnerabilities and Exposures project identifies the following problems:

CAN-2005-1268

Marc Stern discovered an off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback. When Apache is configured to use a CRL this can be used to cause a denial of service.

CAN-2005-2088

CAN-2005-2700

A problem has been discovered in mod_ssl, which provides strong cryptography (HTTPS support) for Apache that allows remote attackers to bypass access restrictions.

CAN-2005-2728

The byte-range filter in Apache 2.0 allows remote attackers to cause a denial of service via an HTTP header with a large Range field.

The old stable distribution (woody) does not contain Apache2 packages.

For the stable distribution (sarge) these problems have been fixed in version 2.0.54-5.

For the unstable distribution (sid) these problems have been fixed in version 2.0.54-5.

We recommend that you upgrade your apache2 packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5.dsc
      Size/MD5 checksum: 1141 779558a3a1edad615114d9e951d44352
    http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5.diff.gz
      Size/MD5 checksum: 110044 3f51c615473cb57d4d182e1abbeffcd4
    http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54.orig.tar.gz
      Size/MD5 checksum: 7493636 37d0d0a3e25ad93d37f0483021e70409

Architecture independent components:

    http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.0.54-5_all.deb
      Size/MD5 checksum: 3861324 429e520dda920f145468b39f4b3f2c2c
    http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
      Size/MD5 checksum: 33460 df584a81cd27a1858014ac52cfdd9ab9

Alpha architecture:

AMD64 architecture:

ARM architecture:

Intel IA-32 architecture:

Intel IA-64 architecture:

HP Precision architecture:

Motorola 680x0 architecture:

Big endian MIPS architecture:

Little endian MIPS architecture:

PowerPC architecture:

IBM S/390 architecture:

Sun Sparc architecture:

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Mandriva Linux

Mandriva Linux Security Update Advisory

Package name: apache2
Advisory ID: MDKSA-2005:161
Date: September 8th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

A flaw was discovered in mod_ssl's handling of the "SSLVerifyClient" directive. This flaw occurs if a virtual host is configured using "SSLVerifyClient optional" and a directive "SSLVerifyClient required" is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. (CAN-2005-2700)

A flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service. (CAN-2005-2728)

The updated packages have been patched to address these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2728

Updated Packages:

Mandrakelinux 10.0:
c3ed23adb5520b012f1c10bd631c6018 10.0/RPMS/apache2-2.0.48-6.11.100mdk.i586.rpm
f8761ef4e61ce7744b75c8a8de61cdf1 10.0/RPMS/apache2-common-2.0.48-6.11.100mdk.i586.rpm
de2e7f74e89ebb37a6ef718a12be902f 10.0/RPMS/apache2-devel-2.0.48-6.11.100mdk.i586.rpm
ed0b72d5309626b96c3c38f1015c2860 10.0/RPMS/apache2-manual-2.0.48-6.11.100mdk.i586.rpm
f65a339780a083298403712270bf517a 10.0/RPMS/apache2-mod_cache-2.0.48-6.11.100mdk.i586.rpm
9810ac0cdc1d6215c4704f29eb315d0e 10.0/RPMS/apache2-mod_dav-2.0.48-6.11.100mdk.i586.rpm
1ec5364b1fcacfe2a38a9ec1d25b114b 10.0/RPMS/apache2-mod_deflate-2.0.48-6.11.100mdk.i586.rpm
b82a66e437c462e401fd3722a465bcf4 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.11.100mdk.i586.rpm
e0fddaa3c8655c76dddeaefb3e0570ac 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.11.100mdk.i586.rpm
59363c9c0d6525b269a40f975f4a6259 10.0/RPMS/apache2-mod_ldap-2.0.48-6.11.100mdk.i586.rpm
5b43545c79965b11d7957e6adba2313e 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.11.100mdk.i586.rpm
dfcdfb0d8650d7c930172a3a5db3f441 10.0/RPMS/apache2-mod_proxy-2.0.48-6.11.100mdk.i586.rpm
0ce6233be2b2e36b0b386497bf208bc7 10.0/RPMS/apache2-mod_ssl-2.0.48-6.11.100mdk.i586.rpm
70dacf1f98682b910d0eaffd8b8e0eb9 10.0/RPMS/apache2-modules-2.0.48-6.11.100mdk.i586.rpm
7c409711aa895c8ea8cd3e7518e57bcb 10.0/RPMS/apache2-source-2.0.48-6.11.100mdk.i586.rpm
9bad55274b504895e56c53311c6b549f 10.0/RPMS/libapr0-2.0.48-6.11.100mdk.i586.rpm
8d29bf56013554140ee53950fcca9410 10.0/SRPMS/apache2-2.0.48-6.11.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
5959aa420b784a3c948a654f321cd2b9 amd64/10.0/RPMS/apache2-2.0.48-6.11.100mdk.amd64.rpm
111ac8f83281fb77a5dbc6736acacdb0 amd64/10.0/RPMS/apache2-common-2.0.48-6.11.100mdk.amd64.rpm
24ace7ff54ed9ca30ad63d2db911e488 amd64/10.0/RPMS/apache2-devel-2.0.48-6.11.100mdk.amd64.rpm
4d0c62200bcddbb537babe29ab8ee86a amd64/10.0/RPMS/apache2-manual-2.0.48-6.11.100mdk.amd64.rpm
86bc78ee571b5e447d0db8178e0a4862 amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.11.100mdk.amd64.rpm
c7d69bd5d51eb9f234c818199fddbdea amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.11.100mdk.amd64.rpm
4785b9e8da509317f018c582ea2fe9f4 amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.11.100mdk.amd64.rpm
ce00c70b1079da0a0a5432abc1d708a0 amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.11.100mdk.amd64.rpm
51e31767d8722fdd7e15fd7fc2c1bdde amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.11.100mdk.amd64.rpm
562604623e02b8e4ad814dedb2c775eb amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.11.100mdk.amd64.rpm
5f8bf2dab896c449e41702e400175d06 amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.11.100mdk.amd64.rpm
ea55786b6fc44014f08711fd6b94118e amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.11.100mdk.amd64.rpm
0c4ee48682525c6c019ceaf7f3ffc21e amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.11.100mdk.amd64.rpm
171cd403c98c5ffbc7085e458b52bbad amd64/10.0/RPMS/apache2-modules-2.0.48-6.11.100mdk.amd64.rpm
f07995ed367ce585efa450d282a39f2a amd64/10.0/RPMS/apache2-source-2.0.48-6.11.100mdk.amd64.rpm
7516f39fd25dfbe9df156d050cd5cf37 amd64/10.0/RPMS/lib64apr0-2.0.48-6.11.100mdk.amd64.rpm
8d29bf56013554140ee53950fcca9410 amd64/10.0/SRPMS/apache2-2.0.48-6.11.100mdk.src.rpm

Mandrakelinux 10.1:
9298f100a016ebf91e7ed2bb68ffa782 10.1/RPMS/apache2-2.0.50-7.4.101mdk.i586.rpm
c3c7c01a71aca7d898071fe38b9e0029 10.1/RPMS/apache2-common-2.0.50-7.4.101mdk.i586.rpm
06c7b2f7a0e294d7115472ec2795c6eb 10.1/RPMS/apache2-devel-2.0.50-7.4.101mdk.i586.rpm
3241deb8bfdce1d810552e1da4172eca 10.1/RPMS/apache2-manual-2.0.50-7.4.101mdk.i586.rpm
547d637c9af30e21159b7e5ca55f2e9e 10.1/RPMS/apache2-mod_cache-2.0.50-7.4.101mdk.i586.rpm
0d3b51a87cc28953a2f8e62a10060c78 10.1/RPMS/apache2-mod_dav-2.0.50-7.4.101mdk.i586.rpm
4a3e71db64f56229805ced06a2796143 10.1/RPMS/apache2-mod_deflate-2.0.50-7.4.101mdk.i586.rpm
7a14a53f7eb3c356c5f1aa377938e69d 10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.4.101mdk.i586.rpm
aa39ba4d397d0095a0854ee77ae72e1f 10.1/RPMS/apache2-mod_file_cache-2.0.50-7.4.101mdk.i586.rpm
a314cc48a755408e80bb9626e7a28731 10.1/RPMS/apache2-mod_ldap-2.0.50-7.4.101mdk.i586.rpm
b97420430cfd9190917dfb7a41e5f8d0 10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.4.101mdk.i586.rpm
5922f944a8fcf74ff0c9b45cffbb09f6 10.1/RPMS/apache2-mod_proxy-2.0.50-7.4.101mdk.i586.rpm
51111f25851c1bb2f4965070caf5ef0b 10.1/RPMS/apache2-mod_ssl-2.0.50-4.3.101mdk.i586.rpm
18d3410a2f360d821b60b46b3ec018a3 10.1/RPMS/apache2-modules-2.0.50-7.4.101mdk.i586.rpm
a5beb9688175b863ed6f6892bf23bed4 10.1/RPMS/apache2-source-2.0.50-7.4.101mdk.i586.rpm
bf038c8af8453bb09a25bd86d7a5d63f 10.1/RPMS/apache2-worker-2.0.50-7.4.101mdk.i586.rpm
02670d7f806c01e9733af31a5a829127 10.1/SRPMS/apache2-2.0.50-7.4.101mdk.src.rpm
bde0511732391a216ab69617740b1285 10.1/SRPMS/apache2-mod_ssl-2.0.50-4.3.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
cf3ffc2f4c6f77bef3fe9fdfbfa6ab18 x86_64/10.1/RPMS/apache2-2.0.50-7.4.101mdk.x86_64.rpm
0b859489be6190cc8864dd43ea25f6c9 x86_64/10.1/RPMS/apache2-common-2.0.50-7.4.101mdk.x86_64.rpm
f79e4889060bdaef1a0ba1f2e5e2d109 x86_64/10.1/RPMS/apache2-devel-2.0.50-7.4.101mdk.x86_64.rpm
9210487fb9bb2198ea9f7a344686ddfa x86_64/10.1/RPMS/apache2-manual-2.0.50-7.4.101mdk.x86_64.rpm
2a003b0b92cf73dbd97357cdc83f7a80 x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.4.101mdk.x86_64.rpm
e9158f8904f42917b109d8c29a1eaef5 x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.4.101mdk.x86_64.rpm
7bc7ada5cb2e49eafacd58658a804e23 x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.4.101mdk.x86_64.rpm
3c2eb02ec0b6996b40ec2ed63ba0461b x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.4.101mdk.x86_64.rpm
c5ef16ceace6b39b02980a2c1b2926db x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.4.101mdk.x86_64.rpm
c8c0bd27d380053ae9639355a1879e12 x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.4.101mdk.x86_64.rpm
a0d9bb42c623783e2b69ace91ef8fe89 x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.4.101mdk.x86_64.rpm
4e01447b5b84020d1fef62334d134054 x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.4.101mdk.x86_64.rpm
b9452df883f869eb41ee8f1cbecbfe99 x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.3.101mdk.x86_64.rpm
f27ab73ba4c86da7d28185d01defa216 x86_64/10.1/RPMS/apache2-modules-2.0.50-7.4.101mdk.x86_64.rpm
f5b12191de96443e50de6d066e27bfa9 x86_64/10.1/RPMS/apache2-source-2.0.50-7.4.101mdk.x86_64.rpm
b9cec7a4e167a1f270452d4701447cb3 x86_64/10.1/RPMS/apache2-worker-2.0.50-7.4.101mdk.x86_64.rpm
02670d7f806c01e9733af31a5a829127 x86_64/10.1/SRPMS/apache2-2.0.50-7.4.101mdk.src.rpm
bde0511732391a216ab69617740b1285 x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.3.101mdk.src.rpm

Mandrakelinux 10.2:
181b063de484c836a09b4722f5062506 10.2/RPMS/apache2-2.0.53-9.2.102mdk.i586.rpm
1fec497d53d79ee8cc18a91d60986f87 10.2/RPMS/apache2-common-2.0.53-9.2.102mdk.i586.rpm
bcec08901215dc2e8848b877f04c23a0 10.2/RPMS/apache2-devel-2.0.53-9.2.102mdk.i586.rpm
f74f6cf726ab9108e617b9762388dd30 10.2/RPMS/apache2-manual-2.0.53-9.2.102mdk.i586.rpm
73772bfd561fc0ae7afb8eb374cc77d4 10.2/RPMS/apache2-mod_cache-2.0.53-9.2.102mdk.i586.rpm
39d5a0f538314926bc186071ca647425 10.2/RPMS/apache2-mod_dav-2.0.53-9.2.102mdk.i586.rpm
28226ee4f14f57a41dbbd91d83e9fdab 10.2/RPMS/apache2-mod_deflate-2.0.53-9.2.102mdk.i586.rpm
c252d21e6bcd0145152252f3f425aac4 10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.2.102mdk.i586.rpm
01bcf1dad802d65b8b4286f757561a0a 10.2/RPMS/apache2-mod_file_cache-2.0.53-9.2.102mdk.i586.rpm
c96c60e2f826aa9b6f1d639964541fd9 10.2/RPMS/apache2-mod_ldap-2.0.53-9.2.102mdk.i586.rpm
987c814d31bb5a7ef93d66902dfadbb4 10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.2.102mdk.i586.rpm
716e0be8b6f25d115b5ee01b5420db12 10.2/RPMS/apache2-mod_proxy-2.0.53-9.2.102mdk.i586.rpm
dd81510cb09113cdf2f9bc4acb4d4b1a 10.2/RPMS/apache2-mod_ssl-2.0.53-8.2.102mdk.i586.rpm
b9d81d6c8b1dcd45ae703b4507bdd3ac 10.2/RPMS/apache2-modules-2.0.53-9.2.102mdk.i586.rpm
51cb7958b2889d397d8d60d7f9a90a1b 10.2/RPMS/apache2-peruser-2.0.53-9.2.102mdk.i586.rpm
836bd59908b4db2796320ea09f5412a3 10.2/RPMS/apache2-source-2.0.53-9.2.102mdk.i586.rpm
d7d0f19642a1385224efc128d8081349 10.2/RPMS/apache2-worker-2.0.53-9.2.102mdk.i586.rpm
8a16e42b311c162399f3ae97d0744bbc 10.2/SRPMS/apache2-2.0.53-9.2.102mdk.src.rpm
9a0a2bd52a58f0ef58c5b0801487087a 10.2/SRPMS/apache2-mod_ssl-2.0.53-8.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
2da8a90a9b91e7428f87682ea11c18f0 x86_64/10.2/RPMS/apache2-2.0.53-9.2.102mdk.x86_64.rpm
e6242e8e02054a42492a981c11ac0c75 x86_64/10.2/RPMS/apache2-common-2.0.53-9.2.102mdk.x86_64.rpm
f6588bf6413735ead6f1f711fc8fa5ef x86_64/10.2/RPMS/apache2-devel-2.0.53-9.2.102mdk.x86_64.rpm
6cdd4bde0e62373d0348b998b485a7c9 x86_64/10.2/RPMS/apache2-manual-2.0.53-9.2.102mdk.x86_64.rpm
bb1a0816904d1676b7607412fd1e8f96 x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.2.102mdk.x86_64.rpm
bc363f2c9b88261a3c5b02c15d0602a5 x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.2.102mdk.x86_64.rpm
4c7b1e938461c2919637fab4a56c1385 x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.2.102mdk.x86_64.rpm
8c4c5dace9c2c938a42cb6b9e6b5632f x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.2.102mdk.x86_64.rpm
5a80b6838b2c801b2542aaacf2530767 x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.2.102mdk.x86_64.rpm
b7d2919c2c7aae6af042ee49f5cf02e6 x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.2.102mdk.x86_64.rpm
607abd1359be2164b57e4b9c69f8cc4f x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.2.102mdk.x86_64.rpm
a676736f1b21bd03cacca254b2ede632 x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.2.102mdk.x86_64.rpm
2c771caff3e1d1d51a9b92b97fffd3c4 x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.2.102mdk.x86_64.rpm
5fd1df0e98c9e8216063b5445f0f7793 x86_64/10.2/RPMS/apache2-modules-2.0.53-9.2.102mdk.x86_64.rpm
45fbea3de4bcf57d751cc277d1ab4894 x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.2.102mdk.x86_64.rpm
344afa889c8eb9600f6a5c3064a12637 x86_64/10.2/RPMS/apache2-source-2.0.53-9.2.102mdk.x86_64.rpm
12f27ff5da9f84cfc21880bc241fad43 x86_64/10.2/RPMS/apache2-worker-2.0.53-9.2.102mdk.x86_64.rpm
8a16e42b311c162399f3ae97d0744bbc x86_64/10.2/SRPMS/apache2-2.0.53-9.2.102mdk.src.rpm
9a0a2bd52a58f0ef58c5b0801487087a x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.2.102mdk.src.rpm

Multi Network Firewall 2.0:
ccade36dd4e32cfdea5aef5aabd9445d mnf/2.0/RPMS/apache2-2.0.48-6.11.M20mdk.i586.rpm
c783539dc24d982c08475aaa3ce9a87b mnf/2.0/RPMS/apache2-common-2.0.48-6.11.M20mdk.i586.rpm
062c695c4da5ba755e011b2aefe0f713 mnf/2.0/RPMS/apache2-mod_cache-2.0.48-6.11.M20mdk.i586.rpm
3bd4e212dde1b64cdc56c28ed04874b6 mnf/2.0/RPMS/apache2-mod_proxy-2.0.48-6.11.M20mdk.i586.rpm
8cd23bc9fa7986d2863cf8340b0ef260 mnf/2.0/RPMS/apache2-mod_ssl-2.0.48-6.11.M20mdk.i586.rpm
337ae7000dd56f6c0484ce0b23ae2fa6 mnf/2.0/RPMS/apache2-modules-2.0.48-6.11.M20mdk.i586.rpm
2925793c7118e7a223b30e0b070fbfa4 mnf/2.0/RPMS/libapr0-2.0.48-6.11.M20mdk.i586.rpm
b49bc4fa15deb0acd5d7365ce85c077b mnf/2.0/SRPMS/apache2-2.0.48-6.11.M20mdk.src.rpm

Corporate 3.0:
22e18eaab021cfccf717d5eaec082ab1 corporate/3.0/RPMS/apache2-2.0.48-6.11.C30mdk.i586.rpm
24c63b872a0a532910acd4e700f69a06 corporate/3.0/RPMS/apache2-common-2.0.48-6.11.C30mdk.i586.rpm
764978136b58e99af9c26d57ef6f3b31 corporate/3.0/RPMS/apache2-manual-2.0.48-6.11.C30mdk.i586.rpm
4295a667e7658163c7b3f90556adce47 corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.11.C30mdk.i586.rpm
001d15856d121400c0dcfb3b5a1e9f3c corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.11.C30mdk.i586.rpm
7d9c3ea628e86fbe2385c07f2b04a69d corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.11.C30mdk.i586.rpm
eb7869e4b3f2e73b0636e6b06fce364a corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.11.C30mdk.i586.rpm
457a47ed2f7279f303cc2e9d86030cda corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.11.C30mdk.i586.rpm
4f929704feed4dcb3c9c443f3bed01dd corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.11.C30mdk.i586.rpm
f7738c77a130fbbae2ee44b3af16e4a0 corporate/3.0/RPMS/apache2-modules-2.0.48-6.11.C30mdk.i586.rpm
d131b9a5dcd101b61779ee0ce619d105 corporate/3.0/RPMS/libapr0-2.0.48-6.11.C30mdk.i586.rpm
d9878cfe7baf397d8380155859a44f94 corporate/3.0/SRPMS/apache2-2.0.48-6.11.C30mdk.src.rpm

Corporate 3.0/X86_64:
0a84ad543a6cf712509e12a0c013ab2a x86_64/corporate/3.0/RPMS/apache2-2.0.48-6.11.C30mdk.x86_64.rpm
55b54f2b22a8f83e32fc73ec70f65f77 x86_64/corporate/3.0/RPMS/apache2-common-2.0.48-6.11.C30mdk.x86_64.rpm
02c191cae831d661661b579ca8e1c256 x86_64/corporate/3.0/RPMS/apache2-manual-2.0.48-6.11.C30mdk.x86_64.rpm
33fe9167e0a6d32d89161f8bed0bc814 x86_64/corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.11.C30mdk.x86_64.rpm
074cde9d633f8be9da84e0083650b18c x86_64/corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.11.C30mdk.x86_64.rpm
4f6720edec1098c086840ce9bf299c07 x86_64/corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.11.C30mdk.x86_64.rpm
d080f16e0dd5ce782e3bf9e0090b4b90 x86_64/corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.11.C30mdk.x86_64.rpm
9b4be46d6b38c4e5532b34b8505a7bd8 x86_64/corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.11.C30mdk.x86_64.rpm
aa57fbec9ce8209025aacf4dcd810fab x86_64/corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.11.C30mdk.x86_64.rpm
dd1c0390079c7417f9cb39b999644413 x86_64/corporate/3.0/RPMS/apache2-modules-2.0.48-6.11.C30mdk.x86_64.rpm
f1f046407392a27a740a5a63270b0ed3 x86_64/corporate/3.0/RPMS/lib64apr0-2.0.48-6.11.C30mdk.x86_64.rpm
d9878cfe7baf397d8380155859a44f94 x86_64/corporate/3.0/SRPMS/apache2-2.0.48-6.11.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Moderate: exim security update
Advisory ID: RHSA-2005:358-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-358.html
Issue date: 2005-09-08
Updated on: 2005-09-08
Product: Red Hat Enterprise Linux
Cross references: RHSA-2005:761
CVE Names: CAN-2005-2491

1. Summary:

Updated exim packages that fix a security issue in PCRE and a free space computation on large file system bug are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet.

An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within Exim. A local user could create a maliciously crafted regular expression in such as way that they could gain the privileges of the 'exim' user. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2491 to this issue. These erratum packages change Exim to use the system PCRE library instead of the internal one.

These packages also fix a minor flaw where the Exim Monitor was incorrectly computing free space on very large file systems.

Users should upgrade to these erratum packages and also ensure they have updated the system PCRE library, for which erratum packages are available seperately in RHSA-2005:761

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

166332 - CAN-2005-2491 PCRE heap overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/exim-4.43-1.RHEL4.5.src.rpm
7f53e76a039f4439116fdfda7164277e exim-4.43-1.RHEL4.5.src.rpm

i386:
3cedaa691ee80491012233bc7f6b5751 exim-4.43-1.RHEL4.5.i386.rpm
71cc7b677be34a85562b6dd92b75c136 exim-doc-4.43-1.RHEL4.5.i386.rpm
5ff347baab3ffa60d50560336a199a54 exim-mon-4.43-1.RHEL4.5.i386.rpm
6fd82576cc6f922e5296b53c6ff97c69 exim-sa-4.43-1.RHEL4.5.i386.rpm

ia64:
a4ac3e9dee59905dae00e5b7e330f9fd exim-4.43-1.RHEL4.5.ia64.rpm
ba202ea35047272f83f1f57e7e8e1f3d exim-doc-4.43-1.RHEL4.5.ia64.rpm
e0e9dd5323d335e227506712f7a6a820 exim-mon-4.43-1.RHEL4.5.ia64.rpm
95468315402e3e0d3140c9a21914b7af exim-sa-4.43-1.RHEL4.5.ia64.rpm

ppc:
ffd0e37c4407b5dedac0da6f49a14d09 exim-4.43-1.RHEL4.5.ppc.rpm
c0450ef0f06f9bd4b9183de41e3d7458 exim-doc-4.43-1.RHEL4.5.ppc.rpm
26e777eb5e558014c891b857b6d734f6 exim-mon-4.43-1.RHEL4.5.ppc.rpm
55bdf1ec67259d95ab493aacb64dec3d exim-sa-4.43-1.RHEL4.5.ppc.rpm

s390:
d291ff6c800d57ebf40da49d5b9088f4 exim-4.43-1.RHEL4.5.s390.rpm
7c5b13cd6b4544c7d9b815408cc8f4b2 exim-doc-4.43-1.RHEL4.5.s390.rpm
56718f4f626486eec8ec514a58682c9b exim-mon-4.43-1.RHEL4.5.s390.rpm
8f8e56895552a976808f5040b4fcb823 exim-sa-4.43-1.RHEL4.5.s390.rpm

s390x:
f5bd90cb6c486a76ded7766f2b81742a exim-4.43-1.RHEL4.5.s390x.rpm
dff099ef25b4af3c41b569ed9014938a exim-doc-4.43-1.RHEL4.5.s390x.rpm
1bfb1c3c1e9d60405d716ca55e2caa48 exim-mon-4.43-1.RHEL4.5.s390x.rpm
6f4af3e411cf415b5d25803cda2652a3 exim-sa-4.43-1.RHEL4.5.s390x.rpm

x86_64:
fae383601e1b7349492efef5e5b011cd exim-4.43-1.RHEL4.5.x86_64.rpm
fdcc6e36253529483bc6b8a36e5a17ea exim-doc-4.43-1.RHEL4.5.x86_64.rpm
5dc87e2087877d0c84a5a0e0ba93377a exim-mon-4.43-1.RHEL4.5.x86_64.rpm
f0da0c2ec5c405ed0fdb380059fc67a1 exim-sa-4.43-1.RHEL4.5.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/exim-4.43-1.RHEL4.5.src.rpm
7f53e76a039f4439116fdfda7164277e exim-4.43-1.RHEL4.5.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/exim-4.43-1.RHEL4.5.src.rpm
7f53e76a039f4439116fdfda7164277e exim-4.43-1.RHEL4.5.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/exim-4.43-1.RHEL4.5.src.rpm
7f53e76a039f4439116fdfda7164277e exim-4.43-1.RHEL4.5.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Moderate: pcre security update
Advisory ID: RHSA-2005:761-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-761.html
Issue date: 2005-09-08
Updated on: 2005-09-08
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2491

1. Summary:

Updated pcre packages are now available to correct a security issue.

This update has been rated as having moderate security impact by the Red Hat Security Response Team

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

PCRE is a Perl-compatible regular expression library.

An integer overflow flaw was found in PCRE, triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2491 to this issue.

The security impact of this issue varies depending on the way that applications make use of PCRE. For example, the Apache web server uses the system PCRE library in order to parse regular expressions, but this flaw would only allow a user who already has the ability to write .htaccess files to gain 'apache' privileges. For applications supplied with Red Hat Enterprise Linux, a maximum security impact of moderate has been assigned.

Users should update to these erratum packages that contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

After updating you will need to restart all services that use the system PCRE library. This can be done manually or by rebooting your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

166330 - CAN-2005-2491 PCRE heap overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/pcre-3.4-2.2.src.rpm
2fe96f7440e58dd2bf4a55ee451f3d39 pcre-3.4-2.2.src.rpm

i386:
12129fa5f54f8f5916ede338b189aa0a pcre-3.4-2.2.i386.rpm
d07c334a30b6d2294b3976f49e593e03 pcre-devel-3.4-2.2.i386.rpm

ia64:
ea95b853cc42dd45b659010847effd65 pcre-3.4-2.2.ia64.rpm
1fd6f118be4f11bf61246d81a071a9bb pcre-devel-3.4-2.2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/pcre-3.4-2.2.src.rpm
2fe96f7440e58dd2bf4a55ee451f3d39 pcre-3.4-2.2.src.rpm

ia64:
ea95b853cc42dd45b659010847effd65 pcre-3.4-2.2.ia64.rpm
1fd6f118be4f11bf61246d81a071a9bb pcre-devel-3.4-2.2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/pcre-3.4-2.2.src.rpm
2fe96f7440e58dd2bf4a55ee451f3d39 pcre-3.4-2.2.src.rpm

i386:
12129fa5f54f8f5916ede338b189aa0a pcre-3.4-2.2.i386.rpm
d07c334a30b6d2294b3976f49e593e03 pcre-devel-3.4-2.2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/pcre-3.4-2.2.src.rpm
2fe96f7440e58dd2bf4a55ee451f3d39 pcre-3.4-2.2.src.rpm

i386:
12129fa5f54f8f5916ede338b189aa0a pcre-3.4-2.2.i386.rpm
d07c334a30b6d2294b3976f49e593e03 pcre-devel-3.4-2.2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/pcre-3.9-10.2.src.rpm
587ab1e44061fafb3a4a29d4533d6c0a pcre-3.9-10.2.src.rpm

i386:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
769958cd03a22d82e79008f292b3fdb3 pcre-devel-3.9-10.2.i386.rpm

ia64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
0c974951ac22c79bd637af7248529a0f pcre-3.9-10.2.ia64.rpm
7a42e3ae5f7881a5217542c8d440e17b pcre-devel-3.9-10.2.ia64.rpm

ppc:
7eaf9c1a30bbbf85e96e1d5046dfd12a pcre-3.9-10.2.ppc.rpm
d154acf6a5e613905022b273395784e1 pcre-3.9-10.2.ppc64.rpm
542c1342632c67fc040f42ba8cd0a9d6 pcre-devel-3.9-10.2.ppc.rpm

s390:
6708bc5e0b5965151c2e5c6b92c3c184 pcre-3.9-10.2.s390.rpm
f3f58299cd1652392a2ba82d5cf9e1c9 pcre-devel-3.9-10.2.s390.rpm

s390x:
6708bc5e0b5965151c2e5c6b92c3c184 pcre-3.9-10.2.s390.rpm
84626e37f2d5a1015f9c81d4cb908cd9 pcre-3.9-10.2.s390x.rpm
9a31dd113f2aa99d979881881cb1fc82 pcre-devel-3.9-10.2.s390x.rpm

x86_64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
635232acaa561ea9a5c649ef98ea209b pcre-3.9-10.2.x86_64.rpm
eda6e9d9752e1224cb31f645d34fd938 pcre-devel-3.9-10.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/pcre-3.9-10.2.src.rpm
587ab1e44061fafb3a4a29d4533d6c0a pcre-3.9-10.2.src.rpm

i386:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
769958cd03a22d82e79008f292b3fdb3 pcre-devel-3.9-10.2.i386.rpm

x86_64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
635232acaa561ea9a5c649ef98ea209b pcre-3.9-10.2.x86_64.rpm
eda6e9d9752e1224cb31f645d34fd938 pcre-devel-3.9-10.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/pcre-3.9-10.2.src.rpm
587ab1e44061fafb3a4a29d4533d6c0a pcre-3.9-10.2.src.rpm

i386:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
769958cd03a22d82e79008f292b3fdb3 pcre-devel-3.9-10.2.i386.rpm

ia64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
0c974951ac22c79bd637af7248529a0f pcre-3.9-10.2.ia64.rpm
7a42e3ae5f7881a5217542c8d440e17b pcre-devel-3.9-10.2.ia64.rpm

x86_64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
635232acaa561ea9a5c649ef98ea209b pcre-3.9-10.2.x86_64.rpm
eda6e9d9752e1224cb31f645d34fd938 pcre-devel-3.9-10.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/pcre-3.9-10.2.src.rpm
587ab1e44061fafb3a4a29d4533d6c0a pcre-3.9-10.2.src.rpm

i386:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
769958cd03a22d82e79008f292b3fdb3 pcre-devel-3.9-10.2.i386.rpm

ia64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
0c974951ac22c79bd637af7248529a0f pcre-3.9-10.2.ia64.rpm
7a42e3ae5f7881a5217542c8d440e17b pcre-devel-3.9-10.2.ia64.rpm

x86_64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
635232acaa561ea9a5c649ef98ea209b pcre-3.9-10.2.x86_64.rpm
eda6e9d9752e1224cb31f645d34fd938 pcre-devel-3.9-10.2.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm
e3f1d831c654c609a1152cc40fcbd61b pcre-4.5-3.2.RHEL4.src.rpm

i386:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
48c6ab5365b9b18b7de7715870ab33a0 pcre-devel-4.5-3.2.RHEL4.i386.rpm

ia64:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
a30a41d023dd1ef8352ce192aeb06789 pcre-4.5-3.2.RHEL4.ia64.rpm
eb0d0b13edae2486a16062f28538f5b2 pcre-devel-4.5-3.2.RHEL4.ia64.rpm

ppc:
896951b63b6db04f6a18c7959ed3f3fe pcre-4.5-3.2.RHEL4.ppc.rpm
64279f3c3032512a532ecd7305ea9c42 pcre-4.5-3.2.RHEL4.ppc64.rpm
a860dc1420d25e2b8456162456fcedca pcre-devel-4.5-3.2.RHEL4.ppc.rpm

s390:
c1042264456245cfac1d3c4d74adee8c pcre-4.5-3.2.RHEL4.s390.rpm
e6751b4459b644bd5d5a8716e6fdccca pcre-devel-4.5-3.2.RHEL4.s390.rpm

s390x:
c1042264456245cfac1d3c4d74adee8c pcre-4.5-3.2.RHEL4.s390.rpm
22ed73d94c926516b399015c9d558b8e pcre-4.5-3.2.RHEL4.s390x.rpm
dec668e2b159953d3203edea4422da7f pcre-devel-4.5-3.2.RHEL4.s390x.rpm

x86_64:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
36eca0a2d4ef427e414997c60f569929 pcre-4.5-3.2.RHEL4.x86_64.rpm
7b63529fa847ae87ede25d1ef9880743 pcre-devel-4.5-3.2.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm
e3f1d831c654c609a1152cc40fcbd61b pcre-4.5-3.2.RHEL4.src.rpm

i386:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
48c6ab5365b9b18b7de7715870ab33a0 pcre-devel-4.5-3.2.RHEL4.i386.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm
e3f1d831c654c609a1152cc40fcbd61b pcre-4.5-3.2.RHEL4.src.rpm

i386:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
48c6ab5365b9b18b7de7715870ab33a0 pcre-devel-4.5-3.2.RHEL4.i386.rpm

ia64:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
a30a41d023dd1ef8352ce192aeb06789 pcre-4.5-3.2.RHEL4.ia64.rpm
eb0d0b13edae2486a16062f28538f5b2 pcre-devel-4.5-3.2.RHEL4.ia64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm
e3f1d831c654c609a1152cc40fcbd61b pcre-4.5-3.2.RHEL4.src.rpm

i386:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
48c6ab5365b9b18b7de7715870ab33a0 pcre-devel-4.5-3.2.RHEL4.i386.rpm

ia64:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
a30a41d023dd1ef8352ce192aeb06789 pcre-4.5-3.2.RHEL4.ia64.rpm
eb0d0b13edae2486a16062f28538f5b2 pcre-devel-4.5-3.2.RHEL4.ia64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Slackware Linux

[slackware-security] kcheckpass in kdebase (SSA:2005-251-01)

New kdebase packages are available for Slackware 10.0, 10.1, and -current to fix a security issue with the kcheckpass program. Earlier versions of Slackware are not affected. A flaw in the way the program creates lockfiles could allow a local attacker to gain root privileges.

For more details about the issue, see:

http://www.kde.org/info/security/advisory-20050905-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494

Here are the details from the Slackware 10.1 ChangeLog:
+--------------------------+
patches/packages/kdebase-3.3.2-i486-2.tgz: Patched a security bug in kcheckpass that could allow a local user to gain root privileges. For more information, see:
http://www.kde.org/info/security/advisory-20050905-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494
(* Security fix *)
+--------------------------+

Where to find the new package:

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/kdebase-3.2.3-i486-3.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/kdebase-3.3.2-i486-2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdebase-3.4.2-i486-2.tgz

MD5 signatures:

Slackware 10.0 package:
89cbad3536bbfba273b2ae77a097ce89 kdebase-3.2.3-i486-3.tgz

Slackware 10.1 package:
6d2d8c96dc1f5b209b5eb35425ae7952 kdebase-3.3.2-i486-2.tgz

Slackware -current package:
8b7066a01eb25a8b846d2ac9a5de85e2 kdebase-3.4.2-i486-2.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg kdebase-3.3.2-i486-2.tgz

+-----+

[slackware-security] mod_ssl (SSA:2005-251-02)

New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. If "SSLVerifyClient optional" was configured in the global section of the config file, it could improperly override "SSLVerifyClient require" in a per-location section.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700

Here are the details from the Slackware 10.1 ChangeLog:
+--------------------------+
patches/packages/mod_ssl-2.8.24_1.3.33-i486-1.tgz: Upgraded to mod_ssl-2.8.24-1.3.33. From the CHANGES file:
Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require" was not enforced in per-location context if "SSLVerifyClient optional" was configured in the global virtual host configuration.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
(* Security fix *)
+--------------------------+

Where to find the new packages:

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.24_1.3.33-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mod_ssl-2.8.24_1.3.33-i386-1.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mod_ssl-2.8.24_1.3.33-i486-1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mod_ssl-2.8.24_1.3.33-i486-1.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mod_ssl-2.8.24_1.3.33-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mod_ssl-2.8.24_1.3.33-i486-1.tgz

MD5 signatures:

Slackware 8.1 package:
469f8428c07cd2e737e5937ec15d5493 mod_ssl-2.8.24_1.3.33-i386-1.tgz

Slackware 9.0 package:
3aec2d3362e320655801d3c96b6e0a65 mod_ssl-2.8.24_1.3.33-i386-1.tgz

Slackware 9.1 package:
d6e3e52c94a07720804f11a8b6ae637f mod_ssl-2.8.24_1.3.33-i486-1.tgz

Slackware 10.0 package:
cc304adec35e4fe0aa998dfb4033c480 mod_ssl-2.8.24_1.3.33-i486-1.tgz

Slackware 10.1 package:
4c2da461e7fec6fac6a392b18ca67717 mod_ssl-2.8.24_1.3.33-i486-1.tgz

Slackware -current package:
588e2f479a46fcb149b964d4fc747a78 mod_ssl-2.8.24_1.3.33-i486-1.tgz

Installation instructions:

First, stop apache:

# apachectl stop

The upgrade will should save the important config files for mod_ssl, nevertheless it's a good idea to backup any keys/certificates you wish to save for mod_ssl (in /etc/apache/ssl.*), then upgrade mod_ssl:

# upgradepkg mod_ssl-2.8.24_1.3.33-i486-1.tgz

If necessary, restore any mod_ssl config files.

Finally, restart apache:

# apachectl startssl

+-----+

[slackware-security] php5 in Slackware 10.1 (SSA:2005-251-04)

A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the eval() function. The eval() function is believed to be insecure as implemented, and would be difficult to secure.

Note that this new package now requires that the PCRE package be installed, so be sure to get the new package from the patches/packages/ directory if you don't already have it.

More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498

Here are the details from the Slackware 10.1 ChangeLog:
+--------------------------+
testing/packages/php-5.0.5/php-5.0.5-i486-1.tgz: Upgraded to php-5.0.5, which fixes security issues with XML-RPC and PCRE. This new package now links with the system's shared PCRE library, so be sure you have the new PCRE package from patches/packages/ installed.
Ordinarily packages in /testing are not considered supported, but several people have written to say that they are using php5 from /testing in a production environment and would like to see an updated package, so here it is. The package in /testing was replaced in /testing rather than putting it under /patches to avoid any problems with automatic upgrade tools replacing php-4 packages with this one.
For more information on the security issues fixed, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
(* Security fix *)
+--------------------------+

Finally, restart apache:
# apachectl start (or: apachectl startssl)

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

No talkbacks posted.

Home | Search Talkbacks | Customize View

Top of Page

Enter your comments below:

All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP

Terms of Service | Licensing & Permissions | Privacy Policy
About the Developer.com Network | Advertise

Terms of Service | Licensing & Permissions | Privacy Policy
About the IT Business Edge Network | Advertise

Acceptable Use Policy

Terms of Service | Licensing & Permissions | Privacy Policy
About the Developer.com Network | Advertise

Acceptable Use Policy

Terms of Service | Licensing & Permissions | Privacy Policy
About the IT Business Edge Network | Advertise