dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Mandrakelinux Advisories: XFree86, apache2, libxpm4, cups

Sep 16, 2004, 16:44 (0 Talkback[s])

Mandrakelinux Security Update Advisory


Package name: XFree86
Advisory ID: MDKSA-2004:099
Date: September 15th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1


Problem Description:

Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86:

Stack overflows (CAN-2004-0687):

Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c).

Stack overflow reading pixel values in ParseAndPutPixels (create.c) as well as ParsePixels (parse.c).

Integer Overflows (CAN-2004-0688):

Integer overflow allocating colorTable in xpmParseColors (parse.c) - probably a crashable but not exploitable offence.

The updated packages have patches from Chris Evans and Matthieu Herrb to address these vulnerabilities.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688


Updated Packages:

Mandrakelinux 10.0:
9d1e991a5dbfc681a5c87fd79b561296 10.0/RPMS/libxfree86-4.3-32.2.100mdk.i586.rpm
5b767743ea9fea956ba9dc083bc10c25 10.0/RPMS/libxfree86-devel-4.3-32.2.100mdk.i586.rpm
c658bbabc5e4e0ec5922c3953a87b3ad 10.0/RPMS/libxfree86-static-devel-4.3-32.2.100mdk.i586.rpm
cd19a71edc31e8db8f3e18f79f05089c 10.0/RPMS/XFree86-100dpi-fonts-4.3-32.2.100mdk.i586.rpm
48e02a5d891f5eced5ce66e59cf1eb92 10.0/RPMS/XFree86-4.3-32.2.100mdk.i586.rpm
7e8d4c0d5d2c06c349d979f878d06904 10.0/RPMS/XFree86-75dpi-fonts-4.3-32.2.100mdk.i586.rpm
e5943ade51bbb53aa4988e51d7f55e21 10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.2.100mdk.i586.rpm
73b4c3cca0af8beeed2dc8ea2af9328d 10.0/RPMS/XFree86-doc-4.3-32.2.100mdk.i586.rpm
8abff89792decf4563d20e3298def8f5 10.0/RPMS/XFree86-glide-module-4.3-32.2.100mdk.i586.rpm
3ea82bc33e519546877a39a733c9c417 10.0/RPMS/XFree86-server-4.3-32.2.100mdk.i586.rpm
3a5aa6b83350355d2487da6c289fbd08 10.0/RPMS/XFree86-xfs-4.3-32.2.100mdk.i586.rpm
c39d5eb61d33fe7a95f4d87a4acb25dd 10.0/RPMS/XFree86-Xnest-4.3-32.2.100mdk.i586.rpm
fcf0d59a1c31ae4b719eccc11b13e9dd 10.0/RPMS/XFree86-Xvfb-4.3-32.2.100mdk.i586.rpm
541b2b34e491e0d9c2b115a41544de79 10.0/SRPMS/XFree86-4.3-32.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
541b2b34e491e0d9c2b115a41544de79 amd64/10.0/SRPMS/XFree86-4.3-32.2.100mdk.src.rpm
cd6132b03458466a2562c3a30b168502 amd64/10.0/RPMS/XFree86-4.3-32.2.100mdk.amd64.rpm
a5ba7f7dc4e7a2edb0f6ec096e5a6759 amd64/10.0/RPMS/lib64xfree86-4.3-32.2.100mdk.amd64.rpm
c5a57adf7640982f3808c5db00338b88 amd64/10.0/RPMS/lib64xfree86-devel-4.3-32.2.100mdk.amd64.rpm
e4050b67d3450e6f429cd6dd59b11669 amd64/10.0/RPMS/lib64xfree86-static-devel-4.3-32.2.100mdk.amd64.rpm
08db9659e9b8333a3c5a32b90548c688 amd64/10.0/RPMS/XFree86-100dpi-fonts-4.3-32.2.100mdk.amd64.rpm
ddf14101db0b5acbf124c61a2279b54f amd64/10.0/RPMS/XFree86-75dpi-fonts-4.3-32.2.100mdk.amd64.rpm
22546ddc6d53b46103949a846148c5a2 amd64/10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.2.100mdk.amd64.rpm
1ceb7bab20d5d86eb5bf1dd46e4d5022 amd64/10.0/RPMS/XFree86-doc-4.3-32.2.100mdk.amd64.rpm
e5ecd7a77dd8114f2b01dc1829d82b88 amd64/10.0/RPMS/XFree86-server-4.3-32.2.100mdk.amd64.rpm
dcd5c36b070a69b7bab557bebe4308a9 amd64/10.0/RPMS/XFree86-xfs-4.3-32.2.100mdk.amd64.rpm
02554ec8f462a953290b29376e8da9e2 amd64/10.0/RPMS/XFree86-Xnest-4.3-32.2.100mdk.amd64.rpm
59ea3335b10ee14f9d0ea5f032c431f1 amd64/10.0/RPMS/XFree86-Xvfb-4.3-32.2.100mdk.amd64.rpm

Corporate Server 2.1:
e901f65d94c28271b5be9719bcaa530c corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.10.C21mdk.i586.rpm
e2a80f62dd03b6c797b4f0685dac1eb8 corporate/2.1/RPMS/XFree86-4.2.1-6.10.C21mdk.i586.rpm
571c788226230893eb27e4b319d42825 corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.10.C21mdk.i586.rpm
be85eb20f3837a76d888e92005b060d1 corporate/2.1/RPMS/XFree86-devel-4.2.1-6.10.C21mdk.i586.rpm
2a51ed329cca3879f8ac1328296538de corporate/2.1/RPMS/XFree86-libs-4.2.1-6.10.C21mdk.i586.rpm
ec5088dbe7e9c8be7eca4a55c8bcf018 corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.10.C21mdk.i586.rpm
6ecc6e0db8325b2b7f2e257a5f9baba3 corporate/2.1/RPMS/XFree86-doc-4.2.1-6.10.C21mdk.i586.rpm
0fae2859fa0695ac0fd59af01a7a4975 corporate/2.1/RPMS/XFree86-server-4.2.1-6.10.C21mdk.i586.rpm
044b2a9c5d8bae6ed2013035b2a19f53 corporate/2.1/RPMS/XFree86-glide-module-4.2.1-6.10.C21mdk.i586.rpm
7d54ae278a123aee0e5480498f06b18e corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.10.C21mdk.i586.rpm
2fddac60e1c86c090e67793d657f09b0 corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.10.C21mdk.i586.rpm
4a1096b9dbfdf3e2d98f5de321142bef corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.10.C21mdk.i586.rpm
cc7253cdac6b100cfea47db75b53296e corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.10.C21mdk.i586.rpm
19b7b5aee7498c1435228b907ef07e1f corporate/2.1/SRPMS/XFree86-4.2.1-6.10.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
75126a161c6dedbb937b4c28de45e20c x86_64/corporate/2.1/RPMS/XFree86-static-libs-4.2.1-6.10.C21mdk.x86_64.rpm
95cd8c0e294e5a0655a1722bbb25cd71 x86_64/corporate/2.1/RPMS/XFree86-devel-4.2.1-6.10.C21mdk.x86_64.rpm
553c5ec3dd448f6a32b1198835c65e14 x86_64/corporate/2.1/RPMS/XFree86-doc-4.2.1-6.10.C21mdk.x86_64.rpm
e91ccaa84852b400bc110a7a3bc84b24 x86_64/corporate/2.1/RPMS/XFree86-xfs-4.2.1-6.10.C21mdk.x86_64.rpm
de7cbc373a397f010f64fe9aaea3e7d3 x86_64/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.10.C21mdk.x86_64.rpm
1b1f3599513d2c89574334d5abec5ad6 x86_64/corporate/2.1/RPMS/XFree86-4.2.1-6.10.C21mdk.x86_64.rpm
4f35485ddf62ec642794ba055e20ad2e x86_64/corporate/2.1/RPMS/XFree86-75dpi-fonts-4.2.1-6.10.C21mdk.x86_64.rpm
fa490c6542356985b29479862a37e14f x86_64/corporate/2.1/RPMS/XFree86-cyrillic-fonts-4.2.1-6.10.C21mdk.x86_64.rpm
b60c8ed666900e0d5e44ede1be911e0a x86_64/corporate/2.1/RPMS/XFree86-libs-4.2.1-6.10.C21mdk.x86_64.rpm
ffdce4cde212e7dc3d6d3f9adca260e2 x86_64/corporate/2.1/RPMS/XFree86-server-4.2.1-6.10.C21mdk.x86_64.rpm
7600253361f2117ab96b2566118df7e0 x86_64/corporate/2.1/RPMS/XFree86-Xnest-4.2.1-6.10.C21mdk.x86_64.rpm
bacae02d0b5e390f9de780f9595f387b x86_64/corporate/2.1/RPMS/XFree86-Xvfb-4.2.1-6.10.C21mdk.x86_64.rpm
19b7b5aee7498c1435228b907ef07e1f x86_64/corporate/2.1/SRPMS/XFree86-4.2.1-6.10.C21mdk.src.rpm

Mandrakelinux 9.2:
4e0e127b08d5c09c28d6cc0b7511237f 9.2/RPMS/libxfree86-4.3-24.5.92mdk.i586.rpm
aa610b35928b997da0dd04f779baa00a 9.2/RPMS/libxfree86-devel-4.3-24.5.92mdk.i586.rpm
c15f9b375f7f2f951eced437c6fc4450 9.2/RPMS/XFree86-100dpi-fonts-4.3-24.5.92mdk.i586.rpm
ce94240859b48fe3ee551066e153016f 9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.5.92mdk.i586.rpm
4a4d6f1030b15c93edf87260725155a7 9.2/RPMS/XFree86-xfs-4.3-24.5.92mdk.i586.rpm
b67a24abf69d45d9fcd5ba65b83bd793 9.2/RPMS/libxfree86-static-devel-4.3-24.5.92mdk.i586.rpm
a5be699ad2b5097253314c2ee25b1557 9.2/RPMS/XFree86-75dpi-fonts-4.3-24.5.92mdk.i586.rpm
ac6ae823cb9981af067ae7d53db93e50 9.2/RPMS/XFree86-glide-module-4.3-24.5.92mdk.i586.rpm
1663c6d77b048451d11c614630f3c920 9.2/RPMS/XFree86-4.3-24.5.92mdk.i586.rpm
9908c0df16c2faf76d2037517eb7af0c 9.2/RPMS/XFree86-doc-4.3-24.5.92mdk.i586.rpm
8e267dbed6a6415a034202c756dc0887 9.2/RPMS/XFree86-server-4.3-24.5.92mdk.i586.rpm
30f0b05257278ff6f5b7ade1d5984fb5 9.2/RPMS/XFree86-Xnest-4.3-24.5.92mdk.i586.rpm
06236e20e91dd247e7d5458dc10773ca 9.2/RPMS/XFree86-Xvfb-4.3-24.5.92mdk.i586.rpm
eed1932ba7d07b3f7a3e93f6fc101e22 9.2/SRPMS/XFree86-4.3-24.5.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
4a1cf11b06553f00492f6080976dbf71 amd64/9.2/RPMS/lib64xfree86-devel-4.3-24.5.92mdk.amd64.rpm
5a5a3704b1cbc3765264ca9c402f87f4 amd64/9.2/RPMS/XFree86-4.3-24.5.92mdk.amd64.rpm
50d13b476df1d933c0f579f8ccd546ea amd64/9.2/RPMS/lib64xfree86-4.3-24.5.92mdk.amd64.rpm
f3f12bd4da52199c41ac585fcfc0f979 amd64/9.2/RPMS/lib64xfree86-static-devel-4.3-24.5.92mdk.amd64.rpm
1eb4a6f947e53c796af52e06c84298d3 amd64/9.2/RPMS/XFree86-100dpi-fonts-4.3-24.5.92mdk.amd64.rpm
dbf3c10a52bf88036be7310f32f28e8c amd64/9.2/RPMS/XFree86-75dpi-fonts-4.3-24.5.92mdk.amd64.rpm
37411c4ffe974ef9b0f09b308b4ffd3d amd64/9.2/RPMS/XFree86-cyrillic-fonts-4.3-24.5.92mdk.amd64.rpm
5024f50ce4d3e0ca45828c5488477e2a amd64/9.2/RPMS/XFree86-doc-4.3-24.5.92mdk.amd64.rpm
434106b2719763a1a7c25d4dec468eb4 amd64/9.2/RPMS/XFree86-server-4.3-24.5.92mdk.amd64.rpm
bb887cf687422a1f1c99e49493b17dc8 amd64/9.2/RPMS/XFree86-xfs-4.3-24.5.92mdk.amd64.rpm
0f6aca5dea8d35457082965970c6da4a amd64/9.2/RPMS/XFree86-Xnest-4.3-24.5.92mdk.amd64.rpm
5fb4470b9052cc0df15333d240c0350d amd64/9.2/RPMS/XFree86-Xvfb-4.3-24.5.92mdk.amd64.rpm
eed1932ba7d07b3f7a3e93f6fc101e22 amd64/9.2/SRPMS/XFree86-4.3-24.5.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team


Mandrakelinux Security Update Advisory


Package name: apache2
Advisory ID: MDKSA-2004:096
Date: September 15th, 2004
Affected versions: 10.0, 9.2


Problem Description:

Two Denial of Service conditions were discovered in the input filter of mod_ssl, the module that enables apache to handle HTTPS requests.

Another vulnerability was discovered by the ASF security team using the Codenomicon HTTP Test Tool. This vulnerability, in the apr-util library, can possibly lead to arbitray code execution if certain non-default conditions are met (enabling the AP_ENABLE_EXCEPTION_HOOK define).

As well, the SITIC have discovered a buffer overflow when Apache expands environment variables in configuration files such as .htaccess and httpd.conf, which can lead to possible privilege escalation. This can only be done, however, if an attacker is able to place malicious configuration files on the server.

Finally, a crash condition was discovered in the mod_dav module by Julian Reschke, where sending a LOCK refresh request to an indirectly locked resource could crash the server.

The updated packages have been patched to protect against these vulnerabilities.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786
http://www.uniras.gov.uk/vuls/2004/403518/index.htm


Updated Packages:

Mandrakelinux 10.0:
577abf316e5d985744e3a55c00ba1ed3 10.0/RPMS/apache2-2.0.48-6.6.100mdk.i586.rpm
0f57531ce5bfd8034f1d485d55a8dc36 10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.i586.rpm
8931749f97b852f34500348a4d1f3ae0 10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.i586.rpm
abd6661337d00c261462d9dc4a7e7a27 10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.i586.rpm
d4ece1caa7d12cdcad37fc179a3a507a 10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.i586.rpm
b33b960cc734861a8b12f157c2754d37 10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.i586.rpm
c49321208ca8c4e3f867acf481b56aea 10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.i586.rpm
f03a0281374080c36351c6994ca83fef 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.i586.rpm
e6d2e946c1a4006d7da12e0d4970efdf 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.i586.rpm
4b121a7f3ac76c4d6d47b3b2dd303afc 10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.i586.rpm
fabdc95624a9d4863ce6a0773ba41769 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.i586.rpm
386f4203719e4dbed7ec22c2b2416a6f 10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.i586.rpm
39fb6ee3fb9a25fe9fef386b10908300 10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.i586.rpm
8769f679dd2ff3fbc61a8d53bf7e1e95 10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.i586.rpm
22cdca5e2d82338cd0cf9fb2494f93e5 10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.i586.rpm
6110769acb534f25eb2eca0240dc59c0 10.0/RPMS/libapr0-2.0.48-6.6.100mdk.i586.rpm
a95799fa3e80c91b9c213e6938894004 10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
6147e89235b66d584b49aa29b1bdd48f amd64/10.0/RPMS/apache2-2.0.48-6.6.100mdk.amd64.rpm
43227a23672e9e794ab9c2fdbfdc29af amd64/10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.amd64.rpm
0f4a26910cb8d3cef4f0c6990e2dd89a amd64/10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.amd64.rpm
939b4a808c3d4d4aeec7353873fe70d2 amd64/10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.amd64.rpm
636cb8f74e0fd9955924de1b8c9bcd33 amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.amd64.rpm
84440eadc0ca8e45caf80cc1c5a110ec amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.amd64.rpm
bb8fc55c43ed023f41b2c9134b22112b amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.amd64.rpm
059c1ded4088a77ca1379b37bf488d8a amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.amd64.rpm
21e5578866e52cafb66a8810b80bb8ee amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.amd64.rpm
b772fc49e45ba69cf54befd0c43b0478 amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.amd64.rpm
8ab329afc0a8114022c2989f0da114e5 amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.amd64.rpm
3dd9a74509e65083895a38a40b5737e8 amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.amd64.rpm
dd8c9c7a029a409f1a9c0498e9bdb0d4 amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.amd64.rpm
9823808a0fd99a4285a742bc843f2a7f amd64/10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.amd64.rpm
6a801d9aa2cd2b4b2702541a29b21adc amd64/10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.amd64.rpm
c5b670cc38bfe405e581a4d82bfbc49d amd64/10.0/RPMS/lib64apr0-2.0.48-6.6.100mdk.amd64.rpm
a95799fa3e80c91b9c213e6938894004 amd64/10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm

Mandrakelinux 9.2:
a5022c41292c79824da685f40a84088f 9.2/RPMS/apache2-2.0.47-6.9.92mdk.i586.rpm
f7bb47cfbaaed2b59cb75c1fd19334ba 9.2/RPMS/apache2-common-2.0.47-6.9.92mdk.i586.rpm
1f71d90ac568f5e8f6ab1dfaa98cf4c3 9.2/RPMS/apache2-devel-2.0.47-6.9.92mdk.i586.rpm
5494d0648be5a27178b810980cb7f3e8 9.2/RPMS/apache2-manual-2.0.47-6.9.92mdk.i586.rpm
42f46e37fe2242947dceda9e0455bdfc 9.2/RPMS/apache2-mod_cache-2.0.47-6.9.92mdk.i586.rpm
70b913fa54ddcfa696c1bd4251a79945 9.2/RPMS/apache2-mod_dav-2.0.47-6.9.92mdk.i586.rpm
5000116dac10fd53b04153b7380528a9 9.2/RPMS/apache2-mod_deflate-2.0.47-6.9.92mdk.i586.rpm
102a388f55bc59ad824e94913893bb97 9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.9.92mdk.i586.rpm
4e80f75066f180226812ab89256ed651 9.2/RPMS/apache2-mod_file_cache-2.0.47-6.9.92mdk.i586.rpm
67c4d53ee756149485ee98fb4a0a3f98 9.2/RPMS/apache2-mod_ldap-2.0.47-6.9.92mdk.i586.rpm
5d33dc3247dee2d598534564245534e7 9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.9.92mdk.i586.rpm
82d6c628240e4529555f5234f61ae465 9.2/RPMS/apache2-mod_proxy-2.0.47-6.9.92mdk.i586.rpm
162af1842efde8e25cee655c9a6074d8 9.2/RPMS/apache2-mod_ssl-2.0.47-6.9.92mdk.i586.rpm
57cfc8ec7a4f0748df2512a8cab871c1 9.2/RPMS/apache2-modules-2.0.47-6.9.92mdk.i586.rpm
d2b611bd99ed5f0de8a211058ea5c9b3 9.2/RPMS/apache2-source-2.0.47-6.9.92mdk.i586.rpm
732529e90ba322a1af3e8cc52ed3b35d 9.2/RPMS/libapr0-2.0.47-6.9.92mdk.i586.rpm
0a407de570da4a4fa87f0ff01209e6cb 9.2/SRPMS/apache2-2.0.47-6.9.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
d38ea5529d580f08fd41e5d60e0e27f3 amd64/9.2/RPMS/apache2-2.0.47-6.9.92mdk.amd64.rpm
71b971bfa2ee3c9892c474b52d25d013 amd64/9.2/RPMS/apache2-common-2.0.47-6.9.92mdk.amd64.rpm
271807bfedd2e488fe8612c1eeac884c amd64/9.2/RPMS/apache2-devel-2.0.47-6.9.92mdk.amd64.rpm
956499b5a87b862eba2a6cad34acbe73 amd64/9.2/RPMS/apache2-manual-2.0.47-6.9.92mdk.amd64.rpm
385ba3c32e876db596afddc5e6115904 amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.9.92mdk.amd64.rpm
7ae05ee04cb1a28e028fd6bae59ba2e8 amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.9.92mdk.amd64.rpm
7c2a5dce49f994d8535344e284342a84 amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.9.92mdk.amd64.rpm
43540961c80877d932bbb71a21be2e96 amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.9.92mdk.amd64.rpm
1a0333f97501803238053c8bf0d1a536 amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.9.92mdk.amd64.rpm
df9db8eda897070aa85b9c39552ec353 amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.9.92mdk.amd64.rpm
bda589312c97917e3febd6315d403533 amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.9.92mdk.amd64.rpm
93c3f05ab21020651aa2f3ec8dee77eb amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.9.92mdk.amd64.rpm
0184016e442847ca432a78ee488c14da amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.9.92mdk.amd64.rpm
2e73a720242ea4010cc783afd8eb30d8 amd64/9.2/RPMS/apache2-modules-2.0.47-6.9.92mdk.amd64.rpm
e33488dc979fc75ff33e82b4749ac87e amd64/9.2/RPMS/apache2-source-2.0.47-6.9.92mdk.amd64.rpm
cc7bc30bd8cc09da849d981701a96f6c amd64/9.2/RPMS/lib64apr0-2.0.47-6.9.92mdk.amd64.rpm
0a407de570da4a4fa87f0ff01209e6cb amd64/9.2/SRPMS/apache2-2.0.47-6.9.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team


Mandrakelinux Security Update Advisory


Package name: libxpm4
Advisory ID: MDKSA-2004:098
Date: September 15th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1


Problem Description:

Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86 (from which the libxpm code is derived):

Stack overflows (CAN-2004-0687):

Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c).

Stack overflow reading pixel values in ParseAndPutPixels (create.c) as well as ParsePixels (parse.c).

Integer Overflows (CAN-2004-0688):

Integer overflow allocating colorTable in xpmParseColors (parse.c) - probably a crashable but not exploitable offence.

The updated packages have patches from Chris Evans and Matthieu Herrb to address these vulnerabilities.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688


Updated Packages:

Mandrakelinux 10.0:
b04f06bcbb1d68a0bb5a27a3409ab695 10.0/RPMS/libxpm4-3.4k-27.1.100mdk.i586.rpm
674d40df87b997be5be5b63088cc25f1 10.0/RPMS/libxpm4-devel-3.4k-27.1.100mdk.i586.rpm
6f384448d85afd56100e68608d307536 10.0/SRPMS/xpm-3.4k-27.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
6f384448d85afd56100e68608d307536 amd64/10.0/SRPMS/xpm-3.4k-27.1.100mdk.src.rpm
6fed4973b8a0f06a78176b35069d39d3 amd64/10.0/RPMS/lib64xpm4-3.4k-27.1.100mdk.amd64.rpm
72b965c6dbf0d3cdc437405c18c8d658 amd64/10.0/RPMS/lib64xpm4-devel-3.4k-27.1.100mdk.amd64.rpm

Corporate Server 2.1:
09d95b236c8bbe18e64a521c91edecea corporate/2.1/RPMS/libxpm4-3.4k-21.1.C21mdk.i586.rpm
f95679273cc924ceb8343f5abb637bbf corporate/2.1/RPMS/libxpm4-devel-3.4k-21.1.C21mdk.i586.rpm
93b631321701b3309cf47ca62f92b2b2 corporate/2.1/SRPMS/xpm-3.4k-21.1.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
a98d3ac4aca9d273aec7d0df7affd389 x86_64/corporate/2.1/RPMS/libxpm4-3.4k-21.1.C21mdk.x86_64.rpm
d6aa250f8bb892ccc48e914085e8472f x86_64/corporate/2.1/RPMS/libxpm4-devel-3.4k-21.1.C21mdk.x86_64.rpm
93b631321701b3309cf47ca62f92b2b2 x86_64/corporate/2.1/SRPMS/xpm-3.4k-21.1.C21mdk.src.rpm

Mandrakelinux 9.2:
8d9a613ad0d381e0da4ea8b455dc81ef 9.2/RPMS/libxpm4-3.4k-27.1.92mdk.i586.rpm
f279c6c59dec9a85bc6d209931b2d9b1 9.2/RPMS/libxpm4-devel-3.4k-27.1.92mdk.i586.rpm
ae0fa1a38affc7cdbef9505db0bb8e79 9.2/SRPMS/xpm-3.4k-27.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
5f074ee2a98ebefedd94ce12c481469d amd64/9.2/RPMS/lib64xpm4-3.4k-27.1.92mdk.amd64.rpm
dab19b1fdec00205b18a3d0db64ae7ea amd64/9.2/RPMS/lib64xpm4-devel-3.4k-27.1.92mdk.amd64.rpm
ae0fa1a38affc7cdbef9505db0bb8e79 amd64/9.2/SRPMS/xpm-3.4k-27.1.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team


Mandrakelinux Security Update Advisory


Package name: cups
Advisory ID: MDKSA-2004:097
Date: September 15th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1


Problem Description:

Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print server where an empty UDP datagram sent to port 631 (the default port that cupsd listens to) would disable browsing. This would prevent cupsd from seeing any remote printers or any future remote printer changes.

The updated packages are patched to protect against this vulnerability.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558
http://www.cups.org/str.php?L863


Updated Packages:

Mandrakelinux 10.0:
6f786e3ec36e246d7370f492e53e8071 10.0/RPMS/cups-1.1.20-5.1.100mdk.i586.rpm
3b648685e2d6daca32c19f0c911c2a2d 10.0/RPMS/cups-common-1.1.20-5.1.100mdk.i586.rpm
c38951a854429442227c08493ce95b10 10.0/RPMS/cups-serial-1.1.20-5.1.100mdk.i586.rpm
68d867e3151cc40be946f7e6585718b3 10.0/RPMS/libcups2-1.1.20-5.1.100mdk.i586.rpm
73a61738b404f9ffe2f5d33d999c58d8 10.0/RPMS/libcups2-devel-1.1.20-5.1.100mdk.i586.rpm
dbf32babe26d1b9bf922839fd4f64409 10.0/SRPMS/cups-1.1.20-5.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
9dd4e92fa6761ce6414583f3673dab6b amd64/10.0/RPMS/cups-1.1.20-5.1.100mdk.amd64.rpm
e49fdc4df0ab800ad48c24a87117a63f amd64/10.0/RPMS/cups-common-1.1.20-5.1.100mdk.amd64.rpm
ccc5ae05b07c3a56eb30cfe3a95e2aea amd64/10.0/RPMS/cups-serial-1.1.20-5.1.100mdk.amd64.rpm
a816a4ad33164d23d0a5425b900d9ce0 amd64/10.0/RPMS/lib64cups2-1.1.20-5.1.100mdk.amd64.rpm
feeed14726902046368619d8e5f680c4 amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.1.100mdk.amd64.rpm
dbf32babe26d1b9bf922839fd4f64409 amd64/10.0/SRPMS/cups-1.1.20-5.1.100mdk.src.rpm

Corporate Server 2.1:
142f95c8680e081dfbfb53e586de0758 corporate/2.1/RPMS/cups-1.1.18-2.3.C21mdk.i586.rpm
13510fb948f686e81cb0e43ed199a5c9 corporate/2.1/RPMS/cups-common-1.1.18-2.3.C21mdk.i586.rpm
fe7759d16276087aea078a4666d27264 corporate/2.1/RPMS/cups-serial-1.1.18-2.3.C21mdk.i586.rpm
d5a3ad2d14a730b633153bc486f8d043 corporate/2.1/RPMS/libcups1-1.1.18-2.3.C21mdk.i586.rpm
b1ac7b51317da42444ea35e5e3e1def3 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.3.C21mdk.i586.rpm
0cfaa49e8d722afad7886998121a8ef2 corporate/2.1/SRPMS/cups-1.1.18-2.3.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
53d838ecedc3d39880e43476cdba933d x86_64/corporate/2.1/RPMS/cups-1.1.18-2.3.C21mdk.x86_64.rpm
71df87e1abeb7cbf1dff2d206476f149 x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.3.C21mdk.x86_64.rpm
93d9708fbbc34f7ea44b40f193a35bf1 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.3.C21mdk.x86_64.rpm
4a2d2ace8e2ddf9e29061fff3b0b2e72 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.3.C21mdk.x86_64.rpm
7edc440141df40c2dbfb814c7221e511 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.3.C21mdk.x86_64.rpm
0cfaa49e8d722afad7886998121a8ef2 x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.3.C21mdk.src.rpm

Mandrakelinux 9.2:
b46e23e49906b9837f8ff8a2f1551a1a 9.2/RPMS/cups-1.1.19-10.1.92mdk.i586.rpm
41882610ebe7ef19c62d0466a3b856bd 9.2/RPMS/cups-common-1.1.19-10.1.92mdk.i586.rpm
80285eaf595e788bf83cb06c3be6399b 9.2/RPMS/cups-serial-1.1.19-10.1.92mdk.i586.rpm
eeb50273236cab134566e4ba9aa19de7 9.2/RPMS/libcups2-1.1.19-10.1.92mdk.i586.rpm
9eebdc74a019cbf01a36e91cb0f2da38 9.2/RPMS/libcups2-devel-1.1.19-10.1.92mdk.i586.rpm
b2badd330ea284850e42f9107bb178cf 9.2/SRPMS/cups-1.1.19-10.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
bd01da75ac66983321eca2394853eb56 amd64/9.2/RPMS/cups-1.1.19-10.1.92mdk.amd64.rpm
865443156fd350d0b06c1696f923d413 amd64/9.2/RPMS/cups-common-1.1.19-10.1.92mdk.amd64.rpm
78ed4c034ee5fa27b85dd89d909a1a3c amd64/9.2/RPMS/cups-serial-1.1.19-10.1.92mdk.amd64.rpm
7e868f59baa290fbef9f933ac76156ce amd64/9.2/RPMS/lib64cups2-1.1.19-10.1.92mdk.amd64.rpm
db3266a647e39805f0b9f36fa87dcac1 amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.1.92mdk.amd64.rpm
b2badd330ea284850e42f9107bb178cf amd64/9.2/SRPMS/cups-1.1.19-10.1.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team