dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories, August 3, 2005

Aug 04, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux

Debian Security Advisory DSA 772-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 3rd, 2005 http://www.debian.org/security/faq

Package : apt-cacher
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: yes
CVE ID : CAN-2005-1854

Eduard Bloch discovered a bug in apt-cacher, a caching system for Debian package and source files, that could allow remote attackers to execute arbitrary commands on the caching host as user www-data.

The old stable distribution (woody) does not contain this package.

For the stable distribution (sarge) this problem has been fixed in version 0.9.4sarge1.

For the unstable distribution (sid) this problem has been fixed in version 0.9.10.

We recommend that you upgrade your apt-cacher package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:


    http://security.debian.org/pool/updates/main/a/apt-cacher/apt-cacher_0.9.4sarge1.dsc
      Size/MD5 checksum: 609 36c17e1638ff520f7abdff90748286b6
    http://security.debian.org/pool/updates/main/a/apt-cacher/apt-cacher_0.9.4sarge1.tar.gz
      Size/MD5 checksum: 50441 cc318d7cf0ced3f497db7b64a80e9544

Architecture independent components:


    http://security.debian.org/pool/updates/main/a/apt-cacher/apt-cacher_0.9.4sarge1_all.deb
      Size/MD5 checksum: 39092 33c67a2990c5e9c8c52bd20b8ce72816

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2005-690
2005-08-03

Product : Fedora Core 3
Name : ethereal
Version : 0.10.12
Release : 1.FC3.2
Summary : Network traffic analyzer.

Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, and contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package.


Update Information:

To reduce the risk of future vulnerabilities in Ethereal, the ethereal and tethereal programs in this update have been compiled as Position Independant Executables (PIE).


  • Wed Aug 3 2005 Jindrich Novy <jnovy@redhat.com> 0.10.12-1.FC3.2
    • compile ethereal and ethereal-gnome as PIE (#160780)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

a2abfa19fc3feb3113175f4c3fc0b171 SRPMS/ethereal-0.10.12-1.FC3.2.src.rpm
3f055849172d4ee7f54d67bd515b10c7 x86_64/ethereal-0.10.12-1.FC3.2.x86_64.rpm
be5db1603070e139072964f083f9ada8 x86_64/ethereal-gnome-0.10.12-1.FC3.2.x86_64.rpm
1908be5c867732b1aab5f132457404c7 x86_64/debug/ethereal-debuginfo-0.10.12-1.FC3.2.x86_64.rpm
6f65a2d30e5076996c2d667410fed69d i386/ethereal-0.10.12-1.FC3.2.i386.rpm
c85de2079b2f1e2dd44d2ff5c35156d9 i386/ethereal-gnome-0.10.12-1.FC3.2.i386.rpm
1170e7b8b0de84065ff820178674350b i386/debug/ethereal-debuginfo-0.10.12-1.FC3.2.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-689
2005-08-03

Product : Fedora Core 4
Name : ethereal
Version : 0.10.12
Release : 1.FC4.2
Summary : Network traffic analyzer.

Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, and contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package.


Update Information:

To reduce the risk of future vulnerabilities in Ethereal, the ethereal and tethereal programs in this update have been compiled as Position Independant Executables (PIE).


  • Wed Aug 3 2005 Jindrich Novy <jnovy@redhat.com> 0.10.12-1.FC4.2
    • compile ethereal and ethereal-gnome with PIE (#160780)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

dbb553186b67819514632b038fc2464e SRPMS/ethereal-0.10.12-1.FC4.2.src.rpm
15ecd5d31b8696f8d787a18e79e0697b ppc/ethereal-0.10.12-1.FC4.2.ppc.rpm
4235d19e90e1c6b89a7ca42e86a58475 ppc/ethereal-gnome-0.10.12-1.FC4.2.ppc.rpm
64651c343718b7432bf599b3145459a2 ppc/debug/ethereal-debuginfo-0.10.12-1.FC4.2.ppc.rpm
da30e3608ae2bb73bc7ceca4249b8915 x86_64/ethereal-0.10.12-1.FC4.2.x86_64.rpm
5b47f6eeb404fc6de60167b8a7cc716d x86_64/ethereal-gnome-0.10.12-1.FC4.2.x86_64.rpm
222a894054358079915cc265e8c149fc x86_64/debug/ethereal-debuginfo-0.10.12-1.FC4.2.x86_64.rpm
2256fc1545171867af9779663fc0962a i386/ethereal-0.10.12-1.FC4.2.i386.rpm
0f30303c5753cf5773de2597851d83bc i386/ethereal-gnome-0.10.12-1.FC4.2.i386.rpm
448038261bed0e474372113a747d49cf i386/debug/ethereal-debuginfo-0.10.12-1.FC4.2.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Mandriva Linux


Mandriva Linux Security Update Advisory


Package name: mozilla
Advisory ID: MDKSA-2005:128
Date: August 2nd, 2005
Affected versions: 10.1, Corporate 3.0


Problem Description:

A number of vulnerabilities were reported and fixed in Mozilla 1.7.9. The following vulnerabilities have been backported and patched for this update:

In several places the browser UI did not correctly distinguish between true user events, such as mouse clicks or keystrokes, and synthetic events genenerated by web content. The problems ranged from minor annoyances like switching tabs or entering full-screen mode, to a variant on MFSA 2005-34 Synthetic events are now prevented from reaching the browser UI entirely rather than depend on each potentially spoofed function to protect itself from untrusted events (MFSA 2005-45).

Scripts in XBL controls from web content continued to be run even when Javascript was disabled. By itself this causes no harm, but it could be combined with most script-based exploits to attack people running vulnerable versions who thought disabling javascript would protect them. In the Thunderbird and Mozilla Suite mail clients Javascript is disabled by default for protection against denial-of-service attacks and worms; this vulnerability could be used to bypass that protection (MFSA 2005-46).

The InstallTrigger.install() method for launching an install accepts a callback function that will be called with the final success or error status. By forcing a page navigation immediately after calling the install method this callback function can end up running in the context of the new page selected by the attacker. This is true even if the user cancels the unwanted install dialog: cancel is an error status. This callback script can steal data from the new page such as cookies or passwords, or perform actions on the user's behalf such as make a purchase if the user is already logged into the target site. In Firefox the default settings allow only http://addons.mozilla.org to bring up this install dialog. This could only be exploited if users have added questionable sites to the install whitelist, and if a malicious site can convince you to install from their site that's a much more powerful attack vector. In the Mozilla Suite the whitelist feature is turned off by default, any site can prompt the user to install software and exploit this vulnerability. The browser has been fixed to clear any pending callback function when switching to a new site (MFSA 2005-48).

When InstallVersion.compareTo() is passed an object rather than a string it assumed the object was another InstallVersion without verifying it. When passed a different kind of object the browser would generally crash with an access violation. shutdown has demonstrated that different javascript objects can be passed on some OS versions to get control over the instruction pointer. We assume this could be developed further to run arbitrary machine code if the attacker can get exploit code loaded at a predictable address (MFSA 2005-50).

The original frame-injection spoofing bug was fixed in the Mozilla Suite 1.7 and Firefox 0.9 releases. This protection was accidentally bypassed by one of the fixes in the Firefox 1.0.3 and Mozilla Suite 1.7.7 releases (MFSA 2005-51).

A child frame can call top.focus() even if the framing page comes from a different origin and has overridden the focus() routine. The call is made in the context of the child frame. The attacker would look for a target site with a framed page that makes this call but doesn't verify that its parent comes from the same site. The attacker could steal cookies and passwords from the framed page, or take actions on behalf of a signed-in user. This attack would work only against sites that use frames in this manner (MFSA 2005-52).

Alerts and prompts created by scripts in web pages are presented with the generic title [JavaScript Application] which sometimes makes it difficult to know which site created them. A malicious page could attempt to cause a prompt to appear in front of a trusted site in an attempt to extract information such as passwords from the user. In the fixed version these prompts will contain the hostname from the page which created it (MFSA 2005-54).

Parts of the browser UI relied too much on DOM node names without taking different namespaces into account and verifying that nodes really were of the expected type. An XHTML document could be used to create fake <IMG> elements, for example, with content-defined properties that the browser would access as if they were the trusted built-in properties of the expected HTML elements. The severity of the vulnerability would depend on what the attacker could convince the victim to do, but could result in executing user-supplied script with elevated "chrome" privileges. This could be used to install malicious software on the victim's machine (MFSA 2005-55).

Improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object. This could be used to execute code with enhanced privileges (MFSA 2005-56).

The updated packages have been patched to address these issue. This update also brings the mozilla shipped in Mandriva Linux 10.1 to version 1.7.8 to ease maintenance. As a result, new galeon and epiphany packages are also available for 10.1, and community contribs packages that are built against mozilla have been rebuilt and are also available via contribs.


References:

http://www.mozilla.org/security/announce/mfsa2005-45.html
http://www.mozilla.org/security/announce/mfsa2005-46.html
http://www.mozilla.org/security/announce/mfsa2005-48.html
http://www.mozilla.org/security/announce/mfsa2005-50.html
http://www.mozilla.org/security/announce/mfsa2005-51.html
http://www.mozilla.org/security/announce/mfsa2005-52.html
http://www.mozilla.org/security/announce/mfsa2005-54.html
http://www.mozilla.org/security/announce/mfsa2005-55.html
http://www.mozilla.org/security/announce/mfsa2005-56.html
http://secunia.com/advisories/15489/
http://secunia.com/advisories/15549/
http://secunia.com/advisories/15601/


Updated Packages:

Mandrakelinux 10.1:
b1ed603e1d571bf55b35dcf3934715f0 10.1/RPMS/epiphany-1.2.8-4.3.101mdk.i586.rpm
1b7a293fd2ad206ccbc8774c439c0a4f 10.1/RPMS/epiphany-devel-1.2.8-4.3.101mdk.i586.rpm
b749ecba69520e77411144fb1019acd3 10.1/RPMS/galeon-1.3.17-3.3.101mdk.i586.rpm
0f50b3f9e0c34be38517114f488da47e 10.1/RPMS/libnspr4-1.7.8-0.2.101mdk.i586.rpm
c7e2ffd0049ee31f24462406990521be 10.1/RPMS/libnspr4-devel-1.7.8-0.2.101mdk.i586.rpm
5afe6299791f9b02ebe9ca50ad5af4f2 10.1/RPMS/libnss3-1.7.8-0.2.101mdk.i586.rpm
08dacfc4d6041f0ad91effb7620bfbb4 10.1/RPMS/libnss3-devel-1.7.8-0.2.101mdk.i586.rpm
b13923d572288eaf34db5ce21f84ca8a 10.1/RPMS/mozilla-1.7.8-0.2.101mdk.i586.rpm
f9434ca544adf8c81b5269206323e49d 10.1/RPMS/mozilla-devel-1.7.8-0.2.101mdk.i586.rpm
bb6fa6a7a6320a494f7406c97d56e18b 10.1/RPMS/mozilla-dom-inspector-1.7.8-0.2.101mdk.i586.rpm
a3f4980a03dba6247483413402605e1f 10.1/RPMS/mozilla-enigmail-1.7.8-0.2.101mdk.i586.rpm
94d9b3e19fe4386918dba744691d5e23 10.1/RPMS/mozilla-enigmime-1.7.8-0.2.101mdk.i586.rpm
904c348ecbee1bf452de597df8f59062 10.1/RPMS/mozilla-irc-1.7.8-0.2.101mdk.i586.rpm
ff0ca565c69e6773fd83d8b7cc625245 10.1/RPMS/mozilla-js-debugger-1.7.8-0.2.101mdk.i586.rpm
2a6f2bb208251f8d47697eb25e856d02 10.1/RPMS/mozilla-mail-1.7.8-0.2.101mdk.i586.rpm
cdd099b62c2b2144ac9c9f129f1256f1 10.1/RPMS/mozilla-spellchecker-1.7.8-0.2.101mdk.i586.rpm
b7f5fe1866b17d72281aacefce238eab 10.1/SRPMS/epiphany-1.2.8-4.3.101mdk.src.rpm
8464ea621f75482c3a08fedb00729767 10.1/SRPMS/galeon-1.3.17-3.3.101mdk.src.rpm
9c8dea4d7f4b532329afb3cc945c654b 10.1/SRPMS/mozilla-1.7.8-0.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
66b5ba7351c0dde849b78fb41720f7b3 x86_64/10.1/RPMS/epiphany-1.2.8-4.3.101mdk.x86_64.rpm
8d6f0504e88642e71104aa38dfdb801d x86_64/10.1/RPMS/epiphany-devel-1.2.8-4.3.101mdk.x86_64.rpm
9ed6595f414b7595c3e8c6b5c70fc8cd x86_64/10.1/RPMS/galeon-1.3.17-3.3.101mdk.x86_64.rpm
e781ff913b57bb5f1becce7934d03691 x86_64/10.1/RPMS/lib64nspr4-1.7.8-0.2.101mdk.x86_64.rpm
26c709082cb2a8dfc62603a5ee4226bc x86_64/10.1/RPMS/lib64nspr4-devel-1.7.8-0.2.101mdk.x86_64.rpm
0f50b3f9e0c34be38517114f488da47e x86_64/10.1/RPMS/libnspr4-1.7.8-0.2.101mdk.i586.rpm
2d53455b98bd04cc956bf76e7ca03fdf x86_64/10.1/RPMS/lib64nss3-1.7.8-0.2.101mdk.x86_64.rpm
fe938a6a0af7244498b117705185351c x86_64/10.1/RPMS/lib64nss3-devel-1.7.8-0.2.101mdk.x86_64.rpm
5afe6299791f9b02ebe9ca50ad5af4f2 x86_64/10.1/RPMS/libnss3-1.7.8-0.2.101mdk.i586.rpm
6c4326edda0d2a238b10cceccafa315a x86_64/10.1/RPMS/mozilla-1.7.8-0.2.101mdk.x86_64.rpm
2e04f350de4c50d8ce0c08a8802358d3 x86_64/10.1/RPMS/mozilla-devel-1.7.8-0.2.101mdk.x86_64.rpm
625797aba9d415f5a1e82f976491faf4 x86_64/10.1/RPMS/mozilla-dom-inspector-1.7.8-0.2.101mdk.x86_64.rpm
a6b9add7c5e4a9047f53cae48d7cc8ad x86_64/10.1/RPMS/mozilla-enigmail-1.7.8-0.2.101mdk.x86_64.rpm
d8ec50e909d4870d8123ce945c4cf70e x86_64/10.1/RPMS/mozilla-enigmime-1.7.8-0.2.101mdk.x86_64.rpm
ea35499ad0e70efa833a3acf1ea4a2c1 x86_64/10.1/RPMS/mozilla-irc-1.7.8-0.2.101mdk.x86_64.rpm
493381959561ef841fc6335cb8bdace8 x86_64/10.1/RPMS/mozilla-js-debugger-1.7.8-0.2.101mdk.x86_64.rpm
d39ad6dbe8fb3684ae2fbc511dd227b4 x86_64/10.1/RPMS/mozilla-mail-1.7.8-0.2.101mdk.x86_64.rpm
89ed0af6fbd5f8353bf0c359499280a3 x86_64/10.1/RPMS/mozilla-spellchecker-1.7.8-0.2.101mdk.x86_64.rpm
b7f5fe1866b17d72281aacefce238eab x86_64/10.1/SRPMS/epiphany-1.2.8-4.3.101mdk.src.rpm
8464ea621f75482c3a08fedb00729767 x86_64/10.1/SRPMS/galeon-1.3.17-3.3.101mdk.src.rpm
9c8dea4d7f4b532329afb3cc945c654b x86_64/10.1/SRPMS/mozilla-1.7.8-0.2.101mdk.src.rpm

Corporate 3.0:
8481048cca68509bad7bec7298dbb984 corporate/3.0/RPMS/libnspr4-1.7.8-0.2.C30mdk.i586.rpm
7bf9e70298786c06a13dd8cd07a85421 corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.2.C30mdk.i586.rpm
1c07227eafcb128b05f885120aacaa94 corporate/3.0/RPMS/libnss3-1.7.8-0.2.C30mdk.i586.rpm
c691c7d158de44ebc0123cbf30bb3ba1 corporate/3.0/RPMS/libnss3-devel-1.7.8-0.2.C30mdk.i586.rpm
44df63b1c3460ad588e8b3f8834880b5 corporate/3.0/RPMS/mozilla-1.7.8-0.2.C30mdk.i586.rpm
f1f9d9153ecbb4085680920b09cc7148 corporate/3.0/RPMS/mozilla-devel-1.7.8-0.2.C30mdk.i586.rpm
710865bf9ed1fe59fe3f8bda48bc9330 corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.2.C30mdk.i586.rpm
8b1830ef05ef943a6472aaf643feef5e corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.2.C30mdk.i586.rpm
b48ed83052a17e52b6fceaf326be1c78 corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.2.C30mdk.i586.rpm
d87d974c52fb46bacc24920d8ca4f621 corporate/3.0/RPMS/mozilla-irc-1.7.8-0.2.C30mdk.i586.rpm
115ce3ac351361140a8169b0b34db304 corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.2.C30mdk.i586.rpm
43f2921fafc8c9d822d381380ea1b919 corporate/3.0/RPMS/mozilla-mail-1.7.8-0.2.C30mdk.i586.rpm
9fa6f4ee933d024cf38caa5e0575d263 corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.2.C30mdk.i586.rpm
2a768ee57f740885cf246a9e466c1b71 corporate/3.0/SRPMS/mozilla-1.7.8-0.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
9e3cdf2eeafbe11ff0c8509916661276 x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.2.C30mdk.x86_64.rpm
6330410729f516564d598494f81a4a44 x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.2.C30mdk.x86_64.rpm
d35b405b54428febe6d9545ef5104fce x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.2.C30mdk.x86_64.rpm
2b3e8b026301699e213492f34fe79428 x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.2.C30mdk.x86_64.rpm
f28fc77e7d2af12c6579b0511fcad969 x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.2.C30mdk.x86_64.rpm
218b54e477e066bcdc4500e8bdf90c13 x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.2.C30mdk.x86_64.rpm
00c9c9d1bfca743e6be4edd1fab0fb5d x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.2.C30mdk.x86_64.rpm
23ccbc4b1d1572a0bda25c8497a83a5d x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.2.C30mdk.x86_64.rpm
3ae747ee09d81dcceb435032db500c41 x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.2.C30mdk.x86_64.rpm
178e7551a893522351cdb633b3a251ff x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.2.C30mdk.x86_64.rpm
1431f59d6dfaabfcf9c74f0e52f30527 x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.2.C30mdk.x86_64.rpm
996537a7b1b60bbe53557a1da658470a x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.2.C30mdk.x86_64.rpm
d95814a734933529dd23656837e080f9 x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.2.C30mdk.x86_64.rpm
2a768ee57f740885cf246a9e466c1b71 x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.2.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: apache2
Advisory ID: MDKSA-2005:129
Date: August 3rd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0


Problem Description:

Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback which can only be exploited if the Apache server is configured to use a malicious certificate revocation list (CAN-2005-1268).

Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a "Content-Length" header which would cause Apache to incorrectly handle and forward the body of the request in a way that the receiving server processed it as a separate HTTP request. This could be used to allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks (CAN-2005-2088).

The updated packages have been patched to prevent these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088


Updated Packages:

Mandrakelinux 10.0:
db011ebbe2f6af2c15d5cc00a7ec57db 10.0/RPMS/apache2-2.0.48-6.9.100mdk.i586.rpm
56be5a7ebf1a857fc850f12b8a966804 10.0/RPMS/apache2-common-2.0.48-6.9.100mdk.i586.rpm
2a2a7659e74ca24b671e253e0b0a6739 10.0/RPMS/apache2-devel-2.0.48-6.9.100mdk.i586.rpm
c275c2858a0cd53d869bbebefcf9aadc 10.0/RPMS/apache2-manual-2.0.48-6.9.100mdk.i586.rpm
f1556470e4d676ae449890f748bb14d1 10.0/RPMS/apache2-mod_cache-2.0.48-6.9.100mdk.i586.rpm
bd167f7e3d977275342cef51e91c2120 10.0/RPMS/apache2-mod_dav-2.0.48-6.9.100mdk.i586.rpm
ce097a184f899faca51cccbc92c7a5cd 10.0/RPMS/apache2-mod_deflate-2.0.48-6.9.100mdk.i586.rpm
2e5f211efdfa2e5d2d284742f936e074 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.100mdk.i586.rpm
31303fa7f3cc1fd1c62263180c78a2e2 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.9.100mdk.i586.rpm
b3038c4dee15fca38447895df92d21ec 10.0/RPMS/apache2-mod_ldap-2.0.48-6.9.100mdk.i586.rpm
d2660486ae85e3d4b6891c1f90684191 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.9.100mdk.i586.rpm
5922750acc8dae9b452ed022eeb4506d 10.0/RPMS/apache2-mod_proxy-2.0.48-6.9.100mdk.i586.rpm
1d8df60bf49e3347f0f902b17e8b4537 10.0/RPMS/apache2-mod_ssl-2.0.48-6.9.100mdk.i586.rpm
1641514604f52069ccc72210e160202f 10.0/RPMS/apache2-modules-2.0.48-6.9.100mdk.i586.rpm
6fa60c33625eb3b6ab78e3aef64b3402 10.0/RPMS/apache2-source-2.0.48-6.9.100mdk.i586.rpm
e876c2150532f8516941fedad3d5f880 10.0/RPMS/libapr0-2.0.48-6.9.100mdk.i586.rpm
fde6b2d1a9fea0cb99d965b1cc431de6 10.0/SRPMS/apache2-2.0.48-6.9.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
bc016b31f98ec4e7bbf34f4d987bf294 amd64/10.0/RPMS/apache2-2.0.48-6.9.100mdk.amd64.rpm
793330fe7dde37952ec192cec49839a5 amd64/10.0/RPMS/apache2-common-2.0.48-6.9.100mdk.amd64.rpm
85cb508e4d82f86ce27f227e84348266 amd64/10.0/RPMS/apache2-devel-2.0.48-6.9.100mdk.amd64.rpm
a182c95d9e95707da1de2556107f3669 amd64/10.0/RPMS/apache2-manual-2.0.48-6.9.100mdk.amd64.rpm
1e6bdb5e7bcbcfa148146e7318600519 amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.9.100mdk.amd64.rpm
bfe3085c937a747721b53c19502bafa2 amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.9.100mdk.amd64.rpm
68e8b111eefe41bbeec6d34ffe00c826 amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.9.100mdk.amd64.rpm
2e1115aec2cea497b5871f0c632b7486 amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.100mdk.amd64.rpm
4734d75962c456ceceaecc591aaa2ba7 amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.9.100mdk.amd64.rpm
4d71b5036171d773f71618290496de05 amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.9.100mdk.amd64.rpm
5e8263605352c365a5b533cea2af6482 amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.9.100mdk.amd64.rpm
a1d4b30b9007d8ce6d3f14827f71105c amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.9.100mdk.amd64.rpm
c2a0cbf927cad0737273fc5c7376ae1f amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.9.100mdk.amd64.rpm
b25727c42f74d12f51016f2dbbc2877a amd64/10.0/RPMS/apache2-modules-2.0.48-6.9.100mdk.amd64.rpm
8488740c4bbf88228c94c85c69a179ff amd64/10.0/RPMS/apache2-source-2.0.48-6.9.100mdk.amd64.rpm
b6c8158c5f99c5700b351579749f5ed1 amd64/10.0/RPMS/lib64apr0-2.0.48-6.9.100mdk.amd64.rpm
fde6b2d1a9fea0cb99d965b1cc431de6 amd64/10.0/SRPMS/apache2-2.0.48-6.9.100mdk.src.rpm

Mandrakelinux 10.1:
dfc22a83dc0fa3954130396056b3fcb4 10.1/RPMS/apache2-2.0.50-7.3.101mdk.i586.rpm
5a957baf5d3b3a4e23c9f753209a7cb8 10.1/RPMS/apache2-common-2.0.50-7.3.101mdk.i586.rpm
bbb22f539624def5a6834b3a2f41f151 10.1/RPMS/apache2-devel-2.0.50-7.3.101mdk.i586.rpm
1f8f5bd9629ef5b1007239d264e0163b 10.1/RPMS/apache2-manual-2.0.50-7.3.101mdk.i586.rpm
3e3d9a633fc64249a6c2ffc4a34312bd 10.1/RPMS/apache2-mod_cache-2.0.50-7.3.101mdk.i586.rpm
7b4c85871bd02ca5a16285adb4b6b0e1 10.1/RPMS/apache2-mod_dav-2.0.50-7.3.101mdk.i586.rpm
e9099625fdd18a375a2a5dfb50466a34 10.1/RPMS/apache2-mod_deflate-2.0.50-7.3.101mdk.i586.rpm
a01faaa30912a50b8b05578bd09906db 10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.3.101mdk.i586.rpm
e0afe6bcc497bc7675ca19e302edee54 10.1/RPMS/apache2-mod_file_cache-2.0.50-7.3.101mdk.i586.rpm
d7625aae3dd70d31a4e018c47d8c752a 10.1/RPMS/apache2-mod_ldap-2.0.50-7.3.101mdk.i586.rpm
2875579dbbb6fb2275888eb82edd2405 10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.3.101mdk.i586.rpm
1038eaae39e9bf271c5e291cf2f1e9c2 10.1/RPMS/apache2-mod_proxy-2.0.50-7.3.101mdk.i586.rpm
1180740c23a017aa18657b84ecbf3185 10.1/RPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.i586.rpm
af7be1db9940b8a9cf6227365bfe4953 10.1/RPMS/apache2-modules-2.0.50-7.3.101mdk.i586.rpm
de97b3d4332e1971d0a53f4556a56106 10.1/RPMS/apache2-source-2.0.50-7.3.101mdk.i586.rpm
7478ba1527f37f5d0d45b09c6c956892 10.1/RPMS/apache2-worker-2.0.50-7.3.101mdk.i586.rpm
7dfb5acdff36dbba754f553d52ad7fd0 10.1/SRPMS/apache2-2.0.50-7.3.101mdk.src.rpm
59099063cd9ce08dd4919047a3fabbea 10.1/SRPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
9b123ac403579bddd160c2e004e4474a x86_64/10.1/RPMS/apache2-2.0.50-7.3.101mdk.x86_64.rpm
d177b0a39048150fdcbe1c76ca06b76c x86_64/10.1/RPMS/apache2-common-2.0.50-7.3.101mdk.x86_64.rpm
f0543159b56b949cefda9d371953710b x86_64/10.1/RPMS/apache2-devel-2.0.50-7.3.101mdk.x86_64.rpm
e5cd3e4d5783c9d9c8bc6e3507cbcf55 x86_64/10.1/RPMS/apache2-manual-2.0.50-7.3.101mdk.x86_64.rpm
28cb57e08c8507632f33fb4f93bff147 x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.3.101mdk.x86_64.rpm
10a1467eb3467f24d47c418fa474e354 x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.3.101mdk.x86_64.rpm
2231db9e54fd0751c9535f65d92b8204 x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.3.101mdk.x86_64.rpm
dd8055fed5ab3a973b7564bbda69b85b x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.3.101mdk.x86_64.rpm
99420a62c756726d1f2943dc114e2252 x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.3.101mdk.x86_64.rpm
7f6b63a9aae218b5facac164cfc373df x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.3.101mdk.x86_64.rpm
f2c31e3c06f1a724452a312638e289e9 x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.3.101mdk.x86_64.rpm
65ca005aa9da5ca0217bab1ab160e3f0 x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.3.101mdk.x86_64.rpm
5e628b11db17519443b99ffbf9ee15d1 x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.x86_64.rpm
87e0dcda381114284edcde89abad618b x86_64/10.1/RPMS/apache2-modules-2.0.50-7.3.101mdk.x86_64.rpm
c9129e8f3250b988a54f12422ae8b19e x86_64/10.1/RPMS/apache2-source-2.0.50-7.3.101mdk.x86_64.rpm
767b15ae30336bfd2234c1321f6f66d2 x86_64/10.1/RPMS/apache2-worker-2.0.50-7.3.101mdk.x86_64.rpm
7dfb5acdff36dbba754f553d52ad7fd0 x86_64/10.1/SRPMS/apache2-2.0.50-7.3.101mdk.src.rpm
59099063cd9ce08dd4919047a3fabbea x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.src.rpm

Mandrakelinux 10.2:
1ca2ae50d22638a31c8af6c734a10708 10.2/RPMS/apache2-2.0.53-9.1.102mdk.i586.rpm
cb37acc10b2cb54fd1c130eb9bc1c91b 10.2/RPMS/apache2-common-2.0.53-9.1.102mdk.i586.rpm
81f76caa697c70bd1664f6b8d2240b48 10.2/RPMS/apache2-devel-2.0.53-9.1.102mdk.i586.rpm
187ef5bee839462b228c27b0e3030bc1 10.2/RPMS/apache2-manual-2.0.53-9.1.102mdk.i586.rpm
341212271ce65e34e45c6387cc8db140 10.2/RPMS/apache2-mod_cache-2.0.53-9.1.102mdk.i586.rpm
80481386b09d14db6bc003fe63478d7b 10.2/RPMS/apache2-mod_dav-2.0.53-9.1.102mdk.i586.rpm
35f7d8092a015ede56dc839e959b1b48 10.2/RPMS/apache2-mod_deflate-2.0.53-9.1.102mdk.i586.rpm
5def4e1615db9c737bf2e0ddb3006e86 10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.1.102mdk.i586.rpm
f583040aef7deaa580ab9ba62073d2bf 10.2/RPMS/apache2-mod_file_cache-2.0.53-9.1.102mdk.i586.rpm
6f1e9594d1505ab09306a4c62f954465 10.2/RPMS/apache2-mod_ldap-2.0.53-9.1.102mdk.i586.rpm
05b9a88df5ea49d99d39afca7406424f 10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.1.102mdk.i586.rpm
93aefd71936b00b41b12ef94b2ce2846 10.2/RPMS/apache2-mod_proxy-2.0.53-9.1.102mdk.i586.rpm
ed2df774035eb0dbe59068072aeeec79 10.2/RPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.i586.rpm
7ee623fb31b7f376b39975dfee0f31c0 10.2/RPMS/apache2-modules-2.0.53-9.1.102mdk.i586.rpm
59051fb0fe21645879fe0281e91db3e8 10.2/RPMS/apache2-peruser-2.0.53-9.1.102mdk.i586.rpm
ad69e3d21133523c91636385000d3bda 10.2/RPMS/apache2-source-2.0.53-9.1.102mdk.i586.rpm
a54b95b2c62f2fd8027576b26cf37c18 10.2/RPMS/apache2-worker-2.0.53-9.1.102mdk.i586.rpm
2b0c98cc0b33008809b0598548449765 10.2/SRPMS/apache2-2.0.53-9.1.102mdk.src.rpm
d661143590371366ed74be65d5e425ad 10.2/SRPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
e9af8fb208bd208b7ffa481643b8469b x86_64/10.2/RPMS/apache2-2.0.53-9.1.102mdk.x86_64.rpm
2cd3a72352db34a00186618d3f81b426 x86_64/10.2/RPMS/apache2-common-2.0.53-9.1.102mdk.x86_64.rpm
44bfc9125cf981b85c58b4d7550444a7 x86_64/10.2/RPMS/apache2-devel-2.0.53-9.1.102mdk.x86_64.rpm
3a5dcbd5883c8fd8b82fc29511ab49a4 x86_64/10.2/RPMS/apache2-manual-2.0.53-9.1.102mdk.x86_64.rpm
966050237bfa99fb5b12c219c2c92828 x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.1.102mdk.x86_64.rpm
c5b4cd5f4b13fa715f864b16fe93aa57 x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.1.102mdk.x86_64.rpm
951c80d965d5d726c24c25dc1a8a16df x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.1.102mdk.x86_64.rpm
70e59f70873401e6f6860037b7e4aed3 x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.1.102mdk.x86_64.rpm
2c908e5104d4b82e0f022f4ac626b4f2 x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.1.102mdk.x86_64.rpm
21433e67d76597d40f861ccb4cbfe87a x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.1.102mdk.x86_64.rpm
0d0eb089f16df8bdae792a07afe14bcf x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.1.102mdk.x86_64.rpm
cdf79606f5a389626a617bb3c686da33 x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.1.102mdk.x86_64.rpm
b4773216a19e79e54784f9e9ff096ddf x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.x86_64.rpm
7182963429a49b17c5bea219b04a2206 x86_64/10.2/RPMS/apache2-modules-2.0.53-9.1.102mdk.x86_64.rpm
26c382f742185b98696043ef49477527 x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.1.102mdk.x86_64.rpm
0a075ac9d255c6973696fbd8235b59a8 x86_64/10.2/RPMS/apache2-source-2.0.53-9.1.102mdk.x86_64.rpm
095fef6176f224c42145827b344946f2 x86_64/10.2/RPMS/apache2-worker-2.0.53-9.1.102mdk.x86_64.rpm
2b0c98cc0b33008809b0598548449765 x86_64/10.2/SRPMS/apache2-2.0.53-9.1.102mdk.src.rpm
d661143590371366ed74be65d5e425ad x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.src.rpm

Multi Network Firewall 2.0:
1a18dfe450b2f222bd303d699f9d6ad2 mnf/2.0/RPMS/apache2-2.0.48-6.9.M20mdk.i586.rpm
501464d0d433addc3bb4f40184c3c087 mnf/2.0/RPMS/apache2-common-2.0.48-6.9.M20mdk.i586.rpm
88d2c5d67cc53bce6681e6c155c97a04 mnf/2.0/RPMS/apache2-mod_cache-2.0.48-6.9.M20mdk.i586.rpm
59c231b8ca8fa4ac0e231e1cb0ab581d mnf/2.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.M20mdk.i586.rpm
30df96dcea309c22fa35501455692dc5 mnf/2.0/RPMS/apache2-mod_proxy-2.0.48-6.9.M20mdk.i586.rpm
82ca0e9319ef4ce1c0e4035affbc3f77 mnf/2.0/RPMS/apache2-mod_ssl-2.0.48-6.9.M20mdk.i586.rpm
69a57868e0bb930aa1f80a2a52ce66ed mnf/2.0/RPMS/apache2-modules-2.0.48-6.9.M20mdk.i586.rpm
d68d321fa52e1fda5740130d1bc73821 mnf/2.0/RPMS/libapr0-2.0.48-6.9.M20mdk.i586.rpm
e23874e9cec97aa3f720d00fe9694619 mnf/2.0/SRPMS/apache2-2.0.48-6.9.M20mdk.src.rpm

Corporate 3.0:
1c89b3ad77c737313acb5f1d5f48129b corporate/3.0/RPMS/apache2-2.0.48-6.9.C30mdk.i586.rpm
35e9f3b14c4de61538770009015a9554 corporate/3.0/RPMS/apache2-common-2.0.48-6.9.C30mdk.i586.rpm
55c0c1c976e29e79b44df58de2fea4ab corporate/3.0/RPMS/apache2-manual-2.0.48-6.9.C30mdk.i586.rpm
e65aa8841fc1a7bc3146c7370ca55e5b corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.9.C30mdk.i586.rpm
b6b5d352206a7643688e64d6a72219da corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.9.C30mdk.i586.rpm
2b281f5ab46acca21ead65966e46fbc4 corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.C30mdk.i586.rpm
715c79fd4f46883621a099c4124a8f68 corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.9.C30mdk.i586.rpm
64eca9c3242e64a98bbd7d0f20eb9ce0 corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.9.C30mdk.i586.rpm
589a154565d218cfaecb31992df1516e corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.9.C30mdk.i586.rpm
5ee73292109ad86649cd7345de4a895d corporate/3.0/RPMS/apache2-modules-2.0.48-6.9.C30mdk.i586.rpm
19dca123d4f2680b42972c438d57c6c5 corporate/3.0/RPMS/libapr0-2.0.48-6.9.C30mdk.i586.rpm
49e85703438cbe2e91a6c9cdf114b68c corporate/3.0/SRPMS/apache2-2.0.48-6.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
ecb414e090a0f9fa94286960b5802a18 x86_64/corporate/3.0/RPMS/apache2-2.0.48-6.9.C30mdk.x86_64.rpm
af212e22e9fd393fc20a571ce7b5ef0a x86_64/corporate/3.0/RPMS/apache2-common-2.0.48-6.9.C30mdk.x86_64.rpm
dc68ff259e52b77291649ab877a4e8ca x86_64/corporate/3.0/RPMS/apache2-manual-2.0.48-6.9.C30mdk.x86_64.rpm
adc6238e04c25e2cacd27970c0c2127b x86_64/corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.9.C30mdk.x86_64.rpm
9487b688732a0da0ccef34527dac2b99 x86_64/corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.9.C30mdk.x86_64.rpm
59f097e6e3f07b4ab9d98d8399da2a11 x86_64/corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.C30mdk.x86_64.rpm
e2be8dce1adfb811af8a84595c5ab383 x86_64/corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.9.C30mdk.x86_64.rpm
bfba74b829509c6031e5ba0bae21ebd7 x86_64/corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.9.C30mdk.x86_64.rpm
5bf5d2e8968de23e9d80d187210ee1ba x86_64/corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.9.C30mdk.x86_64.rpm
c33572e8d8a3468531ee59f6e37e0f4f x86_64/corporate/3.0/RPMS/apache2-modules-2.0.48-6.9.C30mdk.x86_64.rpm
c9e65871380ca2fd72be75f532081bad x86_64/corporate/3.0/RPMS/lib64apr0-2.0.48-6.9.C30mdk.x86_64.rpm
49e85703438cbe2e91a6c9cdf114b68c x86_64/corporate/3.0/SRPMS/apache2-2.0.48-6.9.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: apache
Advisory ID: MDKSA-2005:130
Date: August 3rd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1


Problem Description:

Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a "Content-Length" header which would cause Apache to incorrectly handle and forward the body of the request in a way that the receiving server processed it as a separate HTTP request. This could be used to allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks (CAN-2005-2088).

The updated packages have been patched to prevent these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088


Updated Packages:

Mandrakelinux 10.0:
7b647c45b60004470689faf9a461be6c 10.0/RPMS/apache-1.3.29-1.4.100mdk.i586.rpm
8b185dee42649dd3a56d5cffdd47f31c 10.0/RPMS/apache-devel-1.3.29-1.4.100mdk.i586.rpm
991592ab1cb3accd8456f748d8dd1d32 10.0/RPMS/apache-modules-1.3.29-1.4.100mdk.i586.rpm
a8bc7aee751c8a84584fbcc45d24e5d1 10.0/RPMS/apache-source-1.3.29-1.4.100mdk.i586.rpm
7dde17d7931fcbb2c24fdae964c7d2e1 10.0/SRPMS/apache-1.3.29-1.4.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
38a8d4da07d15367f3b6a47507edd4ef amd64/10.0/RPMS/apache-1.3.29-1.4.100mdk.amd64.rpm
fdb2f8fe48ac0f99dd7b06a77d6df5eb amd64/10.0/RPMS/apache-devel-1.3.29-1.4.100mdk.amd64.rpm
ac6018c0c08d7c2e77ae7df8744f5cf0 amd64/10.0/RPMS/apache-modules-1.3.29-1.4.100mdk.amd64.rpm
0cc565a8b52aa6aaea33041a1a33b535 amd64/10.0/RPMS/apache-source-1.3.29-1.4.100mdk.amd64.rpm
7dde17d7931fcbb2c24fdae964c7d2e1 amd64/10.0/SRPMS/apache-1.3.29-1.4.100mdk.src.rpm

Mandrakelinux 10.1:
37fd0fb92592efe5a3fe5d5fa89b0c8c 10.1/RPMS/apache-1.3.31-7.2.101mdk.i586.rpm
3fcc7e95d9def7cb64aeb6d702563498 10.1/RPMS/apache-devel-1.3.31-7.2.101mdk.i586.rpm
47a376032b85aeabc5370bebbac51e38 10.1/RPMS/apache-modules-1.3.31-7.2.101mdk.i586.rpm
cd6757a1cc0270243fbc63c10508da0b 10.1/RPMS/apache-source-1.3.31-7.2.101mdk.i586.rpm
99461fdd6a1955961867fa888cc68d8f 10.1/SRPMS/apache-1.3.31-7.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
ac16e81572c092fe5d6448df9442ca8e x86_64/10.1/RPMS/apache-1.3.31-7.2.101mdk.x86_64.rpm
28de6be2c20737d3819a787e310b2707 x86_64/10.1/RPMS/apache-devel-1.3.31-7.2.101mdk.x86_64.rpm
c02b7724a815cfd4cd8e49a1fb016620 x86_64/10.1/RPMS/apache-modules-1.3.31-7.2.101mdk.x86_64.rpm
8dca2b8497dd582eb732a23933e43a0f x86_64/10.1/RPMS/apache-source-1.3.31-7.2.101mdk.x86_64.rpm
99461fdd6a1955961867fa888cc68d8f x86_64/10.1/SRPMS/apache-1.3.31-7.2.101mdk.src.rpm

Mandrakelinux 10.2:
72a644da1a2b6ca9b108f169f0dcb683 10.2/RPMS/apache-1.3.33-6.1.102mdk.i586.rpm
9b715d3b8013f3c475ccd2225a70989a 10.2/RPMS/apache-devel-1.3.33-6.1.102mdk.i586.rpm
9eaa3fa994130d1de447cab50db7d66f 10.2/RPMS/apache-modules-1.3.33-6.1.102mdk.i586.rpm
3a2908d244f78eb80f529f843ce5c1ac 10.2/RPMS/apache-source-1.3.33-6.1.102mdk.i586.rpm
4711227c7c38a014663194c198913907 10.2/SRPMS/apache-1.3.33-6.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
d8d495e7b7fc8aa9c1fb15614ae04e34 x86_64/10.2/RPMS/apache-1.3.33-6.1.102mdk.x86_64.rpm
830b2e4bf1b3f9a390c8e7a7846b1353 x86_64/10.2/RPMS/apache-devel-1.3.33-6.1.102mdk.x86_64.rpm
a8b1adc69eaf5dc2b83bf49e84935a81 x86_64/10.2/RPMS/apache-modules-1.3.33-6.1.102mdk.x86_64.rpm
38bd01fe2513c2c10499689d6fe4f1b1 x86_64/10.2/RPMS/apache-source-1.3.33-6.1.102mdk.x86_64.rpm
4711227c7c38a014663194c198913907 x86_64/10.2/SRPMS/apache-1.3.33-6.1.102mdk.src.rpm

Corporate Server 2.1:
9ce162ffa4d94c527ab84e668ae17a78 corporate/2.1/RPMS/apache-1.3.26-7.4.C21mdk.i586.rpm
4bddd4119a520be80ddd577c0f45acca corporate/2.1/RPMS/apache-common-1.3.26-7.4.C21mdk.i586.rpm
132604f1487d76a5f5d7ace3ee10c040 corporate/2.1/RPMS/apache-devel-1.3.26-7.4.C21mdk.i586.rpm
920f9e8aa639db5e55224db2a75e908d corporate/2.1/RPMS/apache-manual-1.3.26-7.4.C21mdk.i586.rpm
fe919175f6898834f3372f20d76f55df corporate/2.1/RPMS/apache-modules-1.3.26-7.4.C21mdk.i586.rpm
64cf8b3d566d5010da1273f1ceeb9416 corporate/2.1/RPMS/apache-source-1.3.26-7.4.C21mdk.i586.rpm
9a7d8ecb5a9530d17347c5490fe5df87 corporate/2.1/SRPMS/apache-1.3.26-7.4.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
0dffe139277b76e135e535b4bd4fa79a x86_64/corporate/2.1/RPMS/apache-1.3.26-7.4.C21mdk.x86_64.rpm
8226b7fd08c890401944c5aa490600d2 x86_64/corporate/2.1/RPMS/apache-common-1.3.26-7.4.C21mdk.x86_64.rpm
69e8a4f73342352b52bf828b2304af18 x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-7.4.C21mdk.x86_64.rpm
112bde1b90f4741699c5618894c61f99 x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-7.4.C21mdk.x86_64.rpm
d732d8e462489a368d3c1b237b29570a x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-7.4.C21mdk.x86_64.rpm
b40b4e4b81a090015754136d8eeb2e58 x86_64/corporate/2.1/RPMS/apache-source-1.3.26-7.4.C21mdk.x86_64.rpm
9a7d8ecb5a9530d17347c5490fe5df87 x86_64/corporate/2.1/SRPMS/apache-1.3.26-7.4.C21mdk.src.rpm

Corporate 3.0:
9b2d7101aa263e860ea3839260620fe6 corporate/3.0/RPMS/apache-1.3.29-1.4.C30mdk.i586.rpm
be9d739b634cf93d229ad7b65bbf6c28 corporate/3.0/RPMS/apache-modules-1.3.29-1.4.C30mdk.i586.rpm
7c9f246c832fec1cf3487e516ff334f4 corporate/3.0/SRPMS/apache-1.3.29-1.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
58bb5e99baa148f0bedf1d8982b3301f x86_64/corporate/3.0/RPMS/apache-1.3.29-1.4.C30mdk.x86_64.rpm
b7de432d1647f4ffe0661e9a921251dd x86_64/corporate/3.0/RPMS/apache-modules-1.3.29-1.4.C30mdk.x86_64.rpm
7c9f246c832fec1cf3487e516ff334f4 x86_64/corporate/3.0/SRPMS/apache-1.3.29-1.4.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux


Red Hat Security Advisory

Synopsis: Low: dump security update
Advisory ID: RHSA-2005:583-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-583.html
Issue date: 2005-08-03
Updated on: 2005-08-03
Product: Red Hat Enterprise Linux
CVE Names: CAN-2002-1914


1. Summary:

Updated dump packages that address two security issues are now available for Red Hat Enterprise Linux 2.1.

This update has been rated as having low security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

Dump examines files in a file system, determines which ones need to be backed up, and copies those files to a specified disk, tape, or other storage medium.

A flaw was found with dump file locking. A malicious local user could manipulate the file lock in such a way as to prevent dump from running. The Common Vulnerabilities and Exposures project (cve.mitre.org/) assigned the name CAN-2002-1914 to this issue.

Users of dump should upgrade to these erratum packages, which contain a patch to resolve this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

162903 - CAN-2002-1914 dump denial of service

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/dump-0.4b25-1.72.2.src.rpm a2105338ff2279973bcec74ea8dd96dd dump-0.4b25-1.72.2.src.rpm

i386:
b14ad2aef495fd52b2bfa8501147a86c dump-0.4b25-1.72.2.i386.rpm
1d658c6130d9b317456b56b6e21acd42 rmt-0.4b25-1.72.2.i386.rpm

ia64:
ace0b517d6b4d26fdfc40744368053cd dump-0.4b25-1.72.2.ia64.rpm
f6ed788f99e81abdde859cbb4dabe1fb rmt-0.4b25-1.72.2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/dump-0.4b25-1.72.2.src.rpm a2105338ff2279973bcec74ea8dd96dd dump-0.4b25-1.72.2.src.rpm

ia64:
ace0b517d6b4d26fdfc40744368053cd dump-0.4b25-1.72.2.ia64.rpm
f6ed788f99e81abdde859cbb4dabe1fb rmt-0.4b25-1.72.2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/dump-0.4b25-1.72.2.src.rpm a2105338ff2279973bcec74ea8dd96dd

i386:
b14ad2aef495fd52b2bfa8501147a86c dump-0.4b25-1.72.2.i386.rpm
1d658c6130d9b317456b56b6e21acd42 rmt-0.4b25-1.72.2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/dump-0.4b25-1.72.2.src.rpm a2105338ff2279973bcec74ea8dd96dd dump-0.4b25-1.72.2.src.rpm

i386:
b14ad2aef495fd52b2bfa8501147a86c dump-0.4b25-1.72.2.i386.rpm
1d658c6130d9b317456b56b6e21acd42 rmt-0.4b25-1.72.2.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://marc.theaimsgroup.com/?l=bugtraq&m=102701096228027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1914

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.


Red Hat Security Advisory

Synopsis: Moderate: SquirrelMail security update
Advisory ID: RHSA-2005:595-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-595.html
Issue date: 2005-08-03
Updated on: 2005-08-03
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2095 CAN-2005-1769


1. Summary:

An updated squirrelmail package that fixes two security issues is now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - noarch
Red Hat Desktop version 3 - noarch
Red Hat Enterprise Linux ES version 3 - noarch
Red Hat Enterprise Linux WS version 3 - noarch
Red Hat Enterprise Linux AS version 4 - noarch
Red Hat Enterprise Linux Desktop version 4 - noarch
Red Hat Enterprise Linux ES version 4 - noarch
Red Hat Enterprise Linux WS version 4 - noarch

3. Problem description:

SquirrelMail is a standards-based webmail package written in PHP4.

A bug was found in the way SquirrelMail handled the $_POST variable. A user's SquirrelMail preferences could be read or modified if the user is tricked into visiting a malicious URL. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2095 to this issue.

Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. (CAN-2005-1769)

All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:


    http://www.redhat.com/docs/manuals/enterprise/

Additionally, users will have to bring up the "Network Proxy" dialog and reset their keys for the settings to take place.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

160241 - CAN-2005-1769 Multiple XSS issues in squirrelmail
162275 - CAN-2005-2095 squirrelmail cross site posting issue

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squirrelmail-1.4.3a-10.EL3.src.rpm ba88d8cade37412c5abda4e5c4660b18 squirrelmail-1.4.3a-10.EL3.src.rpm

noarch:
78615d9edfaa42e09f81267778e121ed squirrelmail-1.4.3a-10.EL3.noarch.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squirrelmail-1.4.3a-10.EL3.src.rpm ba88d8cade37412c5abda4e5c4660b18 squirrelmail-1.4.3a-10.EL3.src.rpm

noarch:
78615d9edfaa42e09f81267778e121ed squirrelmail-1.4.3a-10.EL3.noarch.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squirrelmail-1.4.3a-10.EL3.src.rpm ba88d8cade37412c5abda4e5c4660b18 squirrelmail-1.4.3a-10.EL3.src.rpm

noarch:
78615d9edfaa42e09f81267778e121ed squirrelmail-1.4.3a-10.EL3.noarch.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squirrelmail-1.4.3a-10.EL3.src.rpm ba88d8cade37412c5abda4e5c4660b18 squirrelmail-1.4.3a-10.EL3.src.rpm

noarch:
78615d9edfaa42e09f81267778e121ed squirrelmail-1.4.3a-10.EL3.noarch.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/squirrelmail-1.4.3a-11.EL4.src.rpm 4abd471bd12dce975d68297c2a82837f squirrelmail-1.4.3a-11.EL4.src.rpm

noarch:
b19badf585b022e32acd1a546b624e1b squirrelmail-1.4.3a-11.EL4.noarch.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/squirrelmail-1.4.3a-11.EL4.src.rpm 4abd471bd12dce975d68297c2a82837f squirrelmail-1.4.3a-11.EL4.src.rpm

noarch:
b19badf585b022e32acd1a546b624e1b squirrelmail-1.4.3a-11.EL4.noarch.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/squirrelmail-1.4.3a-11.EL4.src.rpm 4abd471bd12dce975d68297c2a82837f squirrelmail-1.4.3a-11.EL4.src.rpm

noarch:
b19badf585b022e32acd1a546b624e1b squirrelmail-1.4.3a-11.EL4.noarch.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/squirrelmail-1.4.3a-11.EL4.src.rpm 4abd471bd12dce975d68297c2a82837f squirrelmail-1.4.3a-11.EL4.src.rpm

noarch:
b19badf585b022e32acd1a546b624e1b squirrelmail-1.4.3a-11.EL4.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1769

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.