Advisories, August 3, 2005

Debian GNU/Linux

Debian Security Advisory DSA 772-1 [email protected]
http://www.debian.org/security/
Martin Schulze
August 3rd, 2005 http://www.debian.org/security/faq

---

Package : apt-cacher
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: yes
CVE ID : CAN-2005-1854

Eduard Bloch discovered a bug in apt-cacher, a caching system
for Debian package and source files, that could allow remote
attackers to execute arbitrary commands on the caching host as user
www-data.

The old stable distribution (woody) does not contain this
package.

For the stable distribution (sarge) this problem has been fixed
in version 0.9.4sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 0.9.10.

We recommend that you upgrade your apt-cacher package.

Upgrade Instructions

---

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

---

Source archives:

    http://security.debian.org/pool/updates/main/a/apt-cacher/apt-cacher_0.9.4sarge1.dsc

      Size/MD5 checksum: 609
36c17e1638ff520f7abdff90748286b6
    http://security.debian.org/pool/updates/main/a/apt-cacher/apt-cacher_0.9.4sarge1.tar.gz

      Size/MD5 checksum: 50441
cc318d7cf0ced3f497db7b64a80e9544

Architecture independent components:

    http://security.debian.org/pool/updates/main/a/apt-cacher/apt-cacher_0.9.4sarge1_all.deb

      Size/MD5 checksum: 39092
33c67a2990c5e9c8c52bd20b8ce72816

These files will probably be moved into the stable distribution
on its next update.

---

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Fedora Core

---

Fedora Update Notification
FEDORA-2005-690
2005-08-03

---

Product : Fedora Core 3
Name : ethereal
Version : 0.10.12
Release : 1.FC3.2
Summary : Network traffic analyzer.

Description :
Ethereal is a network traffic analyzer for Unix-ish operating
systems.

This package lays base for libpcap, a packet capture and
filtering library, contains command-line utilities, and contains
plugins and documentation for ethereal. A graphical user interface
is packaged separately to GTK+ package.

---

Update Information:

To reduce the risk of future vulnerabilities in Ethereal, the
ethereal and tethereal programs in this update have been compiled
as Position Independant Executables (PIE).

---

• Wed Aug 3 2005 Jindrich Novy <[email protected]>
  0.10.12-1.FC3.2
  • compile ethereal and ethereal-gnome as PIE (#160780)

---

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

a2abfa19fc3feb3113175f4c3fc0b171
SRPMS/ethereal-0.10.12-1.FC3.2.src.rpm
3f055849172d4ee7f54d67bd515b10c7
x86_64/ethereal-0.10.12-1.FC3.2.x86_64.rpm
be5db1603070e139072964f083f9ada8
x86_64/ethereal-gnome-0.10.12-1.FC3.2.x86_64.rpm
1908be5c867732b1aab5f132457404c7
x86_64/debug/ethereal-debuginfo-0.10.12-1.FC3.2.x86_64.rpm
6f65a2d30e5076996c2d667410fed69d
i386/ethereal-0.10.12-1.FC3.2.i386.rpm
c85de2079b2f1e2dd44d2ff5c35156d9
i386/ethereal-gnome-0.10.12-1.FC3.2.i386.rpm
1170e7b8b0de84065ff820178674350b
i386/debug/ethereal-debuginfo-0.10.12-1.FC3.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

---

---

Fedora Update Notification
FEDORA-2005-689
2005-08-03

---

Product : Fedora Core 4
Name : ethereal
Version : 0.10.12
Release : 1.FC4.2
Summary : Network traffic analyzer.

Description :
Ethereal is a network traffic analyzer for Unix-ish operating
systems.

This package lays base for libpcap, a packet capture and
filtering library, contains command-line utilities, and contains
plugins and documentation for ethereal. A graphical user interface
is packaged separately to GTK+ package.

---

Update Information:

To reduce the risk of future vulnerabilities in Ethereal, the
ethereal and tethereal programs in this update have been compiled
as Position Independant Executables (PIE).

---

• Wed Aug 3 2005 Jindrich Novy <[email protected]>
  0.10.12-1.FC4.2
  • compile ethereal and ethereal-gnome with PIE (#160780)

---

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

dbb553186b67819514632b038fc2464e
SRPMS/ethereal-0.10.12-1.FC4.2.src.rpm
15ecd5d31b8696f8d787a18e79e0697b
ppc/ethereal-0.10.12-1.FC4.2.ppc.rpm
4235d19e90e1c6b89a7ca42e86a58475
ppc/ethereal-gnome-0.10.12-1.FC4.2.ppc.rpm
64651c343718b7432bf599b3145459a2
ppc/debug/ethereal-debuginfo-0.10.12-1.FC4.2.ppc.rpm
da30e3608ae2bb73bc7ceca4249b8915
x86_64/ethereal-0.10.12-1.FC4.2.x86_64.rpm
5b47f6eeb404fc6de60167b8a7cc716d
x86_64/ethereal-gnome-0.10.12-1.FC4.2.x86_64.rpm
222a894054358079915cc265e8c149fc
x86_64/debug/ethereal-debuginfo-0.10.12-1.FC4.2.x86_64.rpm
2256fc1545171867af9779663fc0962a
i386/ethereal-0.10.12-1.FC4.2.i386.rpm
0f30303c5753cf5773de2597851d83bc
i386/ethereal-gnome-0.10.12-1.FC4.2.i386.rpm
448038261bed0e474372113a747d49cf
i386/debug/ethereal-debuginfo-0.10.12-1.FC4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

---

Mandriva Linux

---

Mandriva Linux Security Update Advisory

---

Package name: mozilla
Advisory ID: MDKSA-2005:128
Date: August 2nd, 2005
Affected versions: 10.1, Corporate 3.0

---

Problem Description:

A number of vulnerabilities were reported and fixed in Mozilla
1.7.9. The following vulnerabilities have been backported and
patched for this update:

In several places the browser UI did not correctly distinguish
between true user events, such as mouse clicks or keystrokes, and
synthetic events genenerated by web content. The problems ranged
from minor annoyances like switching tabs or entering full-screen
mode, to a variant on MFSA 2005-34 Synthetic events are now
prevented from reaching the browser UI entirely rather than depend
on each potentially spoofed function to protect itself from
untrusted events (MFSA 2005-45).

Scripts in XBL controls from web content continued to be run
even when Javascript was disabled. By itself this causes no harm,
but it could be combined with most script-based exploits to attack
people running vulnerable versions who thought disabling javascript
would protect them. In the Thunderbird and Mozilla Suite mail
clients Javascript is disabled by default for protection against
denial-of-service attacks and worms; this vulnerability could be
used to bypass that protection (MFSA 2005-46).

The InstallTrigger.install() method for launching an install
accepts a callback function that will be called with the final
success or error status. By forcing a page navigation immediately
after calling the install method this callback function can end up
running in the context of the new page selected by the attacker.
This is true even if the user cancels the unwanted install dialog:
cancel is an error status. This callback script can steal data from
the new page such as cookies or passwords, or perform actions on
the user’s behalf such as make a purchase if the user is already
logged into the target site. In Firefox the default settings allow
only http://addons.mozilla.org to bring
up this install dialog. This could only be exploited if users have
added questionable sites to the install whitelist, and if a
malicious site can convince you to install from their site that’s a
much more powerful attack vector. In the Mozilla Suite the
whitelist feature is turned off by default, any site can prompt the
user to install software and exploit this vulnerability. The
browser has been fixed to clear any pending callback function when
switching to a new site (MFSA 2005-48).

When InstallVersion.compareTo() is passed an object rather than
a string it assumed the object was another InstallVersion without
verifying it. When passed a different kind of object the browser
would generally crash with an access violation. shutdown has
demonstrated that different javascript objects can be passed on
some OS versions to get control over the instruction pointer. We
assume this could be developed further to run arbitrary machine
code if the attacker can get exploit code loaded at a predictable
address (MFSA 2005-50).

The original frame-injection spoofing bug was fixed in the
Mozilla Suite 1.7 and Firefox 0.9 releases. This protection was
accidentally bypassed by one of the fixes in the Firefox 1.0.3 and
Mozilla Suite 1.7.7 releases (MFSA 2005-51).

A child frame can call top.focus() even if the framing page
comes from a different origin and has overridden the focus()
routine. The call is made in the context of the child frame. The
attacker would look for a target site with a framed page that makes
this call but doesn’t verify that its parent comes from the same
site. The attacker could steal cookies and passwords from the
framed page, or take actions on behalf of a signed-in user. This
attack would work only against sites that use frames in this manner
(MFSA 2005-52).

Alerts and prompts created by scripts in web pages are presented
with the generic title [JavaScript Application] which sometimes
makes it difficult to know which site created them. A malicious
page could attempt to cause a prompt to appear in front of a
trusted site in an attempt to extract information such as passwords
from the user. In the fixed version these prompts will contain the
hostname from the page which created it (MFSA 2005-54).

Parts of the browser UI relied too much on DOM node names
without taking different namespaces into account and verifying that
nodes really were of the expected type. An XHTML document could be
used to create fake <IMG> elements, for example, with
content-defined properties that the browser would access as if they
were the trusted built-in properties of the expected HTML elements.
The severity of the vulnerability would depend on what the attacker
could convince the victim to do, but could result in executing
user-supplied script with elevated “chrome” privileges. This could
be used to install malicious software on the victim’s machine (MFSA
2005-55).

Improper cloning of base objects allowed web content scripts to
walk up the prototype chain to get to a privileged object. This
could be used to execute code with enhanced privileges (MFSA
2005-56).

The updated packages have been patched to address these issue.
This update also brings the mozilla shipped in Mandriva Linux 10.1
to version 1.7.8 to ease maintenance. As a result, new galeon and
epiphany packages are also available for 10.1, and community
contribs packages that are built against mozilla have been rebuilt
and are also available via contribs.

---

References:

http://www.mozilla.org/security/announce/mfsa2005-45.html

http://www.mozilla.org/security/announce/mfsa2005-46.html

http://www.mozilla.org/security/announce/mfsa2005-48.html

http://www.mozilla.org/security/announce/mfsa2005-50.html

http://www.mozilla.org/security/announce/mfsa2005-51.html

http://www.mozilla.org/security/announce/mfsa2005-52.html

http://www.mozilla.org/security/announce/mfsa2005-54.html

http://www.mozilla.org/security/announce/mfsa2005-55.html

http://www.mozilla.org/security/announce/mfsa2005-56.html

http://secunia.com/advisories/15489/

http://secunia.com/advisories/15549/

http://secunia.com/advisories/15601/

---

Updated Packages:

Mandrakelinux 10.1:
b1ed603e1d571bf55b35dcf3934715f0
10.1/RPMS/epiphany-1.2.8-4.3.101mdk.i586.rpm
1b7a293fd2ad206ccbc8774c439c0a4f
10.1/RPMS/epiphany-devel-1.2.8-4.3.101mdk.i586.rpm
b749ecba69520e77411144fb1019acd3
10.1/RPMS/galeon-1.3.17-3.3.101mdk.i586.rpm
0f50b3f9e0c34be38517114f488da47e
10.1/RPMS/libnspr4-1.7.8-0.2.101mdk.i586.rpm
c7e2ffd0049ee31f24462406990521be
10.1/RPMS/libnspr4-devel-1.7.8-0.2.101mdk.i586.rpm
5afe6299791f9b02ebe9ca50ad5af4f2
10.1/RPMS/libnss3-1.7.8-0.2.101mdk.i586.rpm
08dacfc4d6041f0ad91effb7620bfbb4
10.1/RPMS/libnss3-devel-1.7.8-0.2.101mdk.i586.rpm
b13923d572288eaf34db5ce21f84ca8a
10.1/RPMS/mozilla-1.7.8-0.2.101mdk.i586.rpm
f9434ca544adf8c81b5269206323e49d
10.1/RPMS/mozilla-devel-1.7.8-0.2.101mdk.i586.rpm
bb6fa6a7a6320a494f7406c97d56e18b
10.1/RPMS/mozilla-dom-inspector-1.7.8-0.2.101mdk.i586.rpm
a3f4980a03dba6247483413402605e1f
10.1/RPMS/mozilla-enigmail-1.7.8-0.2.101mdk.i586.rpm
94d9b3e19fe4386918dba744691d5e23
10.1/RPMS/mozilla-enigmime-1.7.8-0.2.101mdk.i586.rpm
904c348ecbee1bf452de597df8f59062
10.1/RPMS/mozilla-irc-1.7.8-0.2.101mdk.i586.rpm
ff0ca565c69e6773fd83d8b7cc625245
10.1/RPMS/mozilla-js-debugger-1.7.8-0.2.101mdk.i586.rpm
2a6f2bb208251f8d47697eb25e856d02
10.1/RPMS/mozilla-mail-1.7.8-0.2.101mdk.i586.rpm
cdd099b62c2b2144ac9c9f129f1256f1
10.1/RPMS/mozilla-spellchecker-1.7.8-0.2.101mdk.i586.rpm
b7f5fe1866b17d72281aacefce238eab
10.1/SRPMS/epiphany-1.2.8-4.3.101mdk.src.rpm
8464ea621f75482c3a08fedb00729767
10.1/SRPMS/galeon-1.3.17-3.3.101mdk.src.rpm
9c8dea4d7f4b532329afb3cc945c654b
10.1/SRPMS/mozilla-1.7.8-0.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
66b5ba7351c0dde849b78fb41720f7b3
x86_64/10.1/RPMS/epiphany-1.2.8-4.3.101mdk.x86_64.rpm
8d6f0504e88642e71104aa38dfdb801d
x86_64/10.1/RPMS/epiphany-devel-1.2.8-4.3.101mdk.x86_64.rpm
9ed6595f414b7595c3e8c6b5c70fc8cd
x86_64/10.1/RPMS/galeon-1.3.17-3.3.101mdk.x86_64.rpm
e781ff913b57bb5f1becce7934d03691
x86_64/10.1/RPMS/lib64nspr4-1.7.8-0.2.101mdk.x86_64.rpm
26c709082cb2a8dfc62603a5ee4226bc
x86_64/10.1/RPMS/lib64nspr4-devel-1.7.8-0.2.101mdk.x86_64.rpm
0f50b3f9e0c34be38517114f488da47e
x86_64/10.1/RPMS/libnspr4-1.7.8-0.2.101mdk.i586.rpm
2d53455b98bd04cc956bf76e7ca03fdf
x86_64/10.1/RPMS/lib64nss3-1.7.8-0.2.101mdk.x86_64.rpm
fe938a6a0af7244498b117705185351c
x86_64/10.1/RPMS/lib64nss3-devel-1.7.8-0.2.101mdk.x86_64.rpm
5afe6299791f9b02ebe9ca50ad5af4f2
x86_64/10.1/RPMS/libnss3-1.7.8-0.2.101mdk.i586.rpm
6c4326edda0d2a238b10cceccafa315a
x86_64/10.1/RPMS/mozilla-1.7.8-0.2.101mdk.x86_64.rpm
2e04f350de4c50d8ce0c08a8802358d3
x86_64/10.1/RPMS/mozilla-devel-1.7.8-0.2.101mdk.x86_64.rpm
625797aba9d415f5a1e82f976491faf4
x86_64/10.1/RPMS/mozilla-dom-inspector-1.7.8-0.2.101mdk.x86_64.rpm

a6b9add7c5e4a9047f53cae48d7cc8ad
x86_64/10.1/RPMS/mozilla-enigmail-1.7.8-0.2.101mdk.x86_64.rpm
d8ec50e909d4870d8123ce945c4cf70e
x86_64/10.1/RPMS/mozilla-enigmime-1.7.8-0.2.101mdk.x86_64.rpm
ea35499ad0e70efa833a3acf1ea4a2c1
x86_64/10.1/RPMS/mozilla-irc-1.7.8-0.2.101mdk.x86_64.rpm
493381959561ef841fc6335cb8bdace8
x86_64/10.1/RPMS/mozilla-js-debugger-1.7.8-0.2.101mdk.x86_64.rpm

d39ad6dbe8fb3684ae2fbc511dd227b4
x86_64/10.1/RPMS/mozilla-mail-1.7.8-0.2.101mdk.x86_64.rpm
89ed0af6fbd5f8353bf0c359499280a3
x86_64/10.1/RPMS/mozilla-spellchecker-1.7.8-0.2.101mdk.x86_64.rpm

b7f5fe1866b17d72281aacefce238eab
x86_64/10.1/SRPMS/epiphany-1.2.8-4.3.101mdk.src.rpm
8464ea621f75482c3a08fedb00729767
x86_64/10.1/SRPMS/galeon-1.3.17-3.3.101mdk.src.rpm
9c8dea4d7f4b532329afb3cc945c654b
x86_64/10.1/SRPMS/mozilla-1.7.8-0.2.101mdk.src.rpm

Corporate 3.0:
8481048cca68509bad7bec7298dbb984
corporate/3.0/RPMS/libnspr4-1.7.8-0.2.C30mdk.i586.rpm
7bf9e70298786c06a13dd8cd07a85421
corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.2.C30mdk.i586.rpm
1c07227eafcb128b05f885120aacaa94
corporate/3.0/RPMS/libnss3-1.7.8-0.2.C30mdk.i586.rpm
c691c7d158de44ebc0123cbf30bb3ba1
corporate/3.0/RPMS/libnss3-devel-1.7.8-0.2.C30mdk.i586.rpm
44df63b1c3460ad588e8b3f8834880b5
corporate/3.0/RPMS/mozilla-1.7.8-0.2.C30mdk.i586.rpm
f1f9d9153ecbb4085680920b09cc7148
corporate/3.0/RPMS/mozilla-devel-1.7.8-0.2.C30mdk.i586.rpm
710865bf9ed1fe59fe3f8bda48bc9330
corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.2.C30mdk.i586.rpm

8b1830ef05ef943a6472aaf643feef5e
corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.2.C30mdk.i586.rpm
b48ed83052a17e52b6fceaf326be1c78
corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.2.C30mdk.i586.rpm
d87d974c52fb46bacc24920d8ca4f621
corporate/3.0/RPMS/mozilla-irc-1.7.8-0.2.C30mdk.i586.rpm
115ce3ac351361140a8169b0b34db304
corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.2.C30mdk.i586.rpm

43f2921fafc8c9d822d381380ea1b919
corporate/3.0/RPMS/mozilla-mail-1.7.8-0.2.C30mdk.i586.rpm
9fa6f4ee933d024cf38caa5e0575d263
corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.2.C30mdk.i586.rpm

2a768ee57f740885cf246a9e466c1b71
corporate/3.0/SRPMS/mozilla-1.7.8-0.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
9e3cdf2eeafbe11ff0c8509916661276
x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.2.C30mdk.x86_64.rpm

6330410729f516564d598494f81a4a44
x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.2.C30mdk.x86_64.rpm

d35b405b54428febe6d9545ef5104fce
x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.2.C30mdk.x86_64.rpm
2b3e8b026301699e213492f34fe79428
x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.2.C30mdk.x86_64.rpm

f28fc77e7d2af12c6579b0511fcad969
x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.2.C30mdk.x86_64.rpm
218b54e477e066bcdc4500e8bdf90c13
x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.2.C30mdk.x86_64.rpm

00c9c9d1bfca743e6be4edd1fab0fb5d
x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.2.C30mdk.x86_64.rpm

23ccbc4b1d1572a0bda25c8497a83a5d
x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.2.C30mdk.x86_64.rpm

3ae747ee09d81dcceb435032db500c41
x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.2.C30mdk.x86_64.rpm

178e7551a893522351cdb633b3a251ff
x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.2.C30mdk.x86_64.rpm

1431f59d6dfaabfcf9c74f0e52f30527
x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.2.C30mdk.x86_64.rpm

996537a7b1b60bbe53557a1da658470a
x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.2.C30mdk.x86_64.rpm

d95814a734933529dd23656837e080f9
x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.2.C30mdk.x86_64.rpm

2a768ee57f740885cf246a9e466c1b71
x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.2.C30mdk.src.rpm

---

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

---

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

---

Mandriva Linux Security Update Advisory

---

Package name: apache2
Advisory ID: MDKSA-2005:129
Date: August 3rd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Multi Network
Firewall 2.0

---

Problem Description:

Marc Stern reported an off-by-one overflow in the mod_ssl CRL
verification callback which can only be exploited if the Apache
server is configured to use a malicious certificate revocation list
(CAN-2005-1268).

Watchfire reported a flaw that occured when using the Apache
server as a HTTP proxy. A remote attacker could send an HTTP
request with both a “Transfer-Encoding: chunked” header and a
“Content-Length” header which would cause Apache to incorrectly
handle and forward the body of the request in a way that the
receiving server processed it as a separate HTTP request. This
could be used to allow the bypass of web application firewall
protection or lead to cross-site scripting (XSS) attacks
(CAN-2005-2088).

The updated packages have been patched to prevent these
issues.

---

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088

---

Updated Packages:

Mandrakelinux 10.0:
db011ebbe2f6af2c15d5cc00a7ec57db
10.0/RPMS/apache2-2.0.48-6.9.100mdk.i586.rpm
56be5a7ebf1a857fc850f12b8a966804
10.0/RPMS/apache2-common-2.0.48-6.9.100mdk.i586.rpm
2a2a7659e74ca24b671e253e0b0a6739
10.0/RPMS/apache2-devel-2.0.48-6.9.100mdk.i586.rpm
c275c2858a0cd53d869bbebefcf9aadc
10.0/RPMS/apache2-manual-2.0.48-6.9.100mdk.i586.rpm
f1556470e4d676ae449890f748bb14d1
10.0/RPMS/apache2-mod_cache-2.0.48-6.9.100mdk.i586.rpm
bd167f7e3d977275342cef51e91c2120
10.0/RPMS/apache2-mod_dav-2.0.48-6.9.100mdk.i586.rpm
ce097a184f899faca51cccbc92c7a5cd
10.0/RPMS/apache2-mod_deflate-2.0.48-6.9.100mdk.i586.rpm
2e5f211efdfa2e5d2d284742f936e074
10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.100mdk.i586.rpm
31303fa7f3cc1fd1c62263180c78a2e2
10.0/RPMS/apache2-mod_file_cache-2.0.48-6.9.100mdk.i586.rpm
b3038c4dee15fca38447895df92d21ec
10.0/RPMS/apache2-mod_ldap-2.0.48-6.9.100mdk.i586.rpm
d2660486ae85e3d4b6891c1f90684191
10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.9.100mdk.i586.rpm
5922750acc8dae9b452ed022eeb4506d
10.0/RPMS/apache2-mod_proxy-2.0.48-6.9.100mdk.i586.rpm
1d8df60bf49e3347f0f902b17e8b4537
10.0/RPMS/apache2-mod_ssl-2.0.48-6.9.100mdk.i586.rpm
1641514604f52069ccc72210e160202f
10.0/RPMS/apache2-modules-2.0.48-6.9.100mdk.i586.rpm
6fa60c33625eb3b6ab78e3aef64b3402
10.0/RPMS/apache2-source-2.0.48-6.9.100mdk.i586.rpm
e876c2150532f8516941fedad3d5f880
10.0/RPMS/libapr0-2.0.48-6.9.100mdk.i586.rpm
fde6b2d1a9fea0cb99d965b1cc431de6
10.0/SRPMS/apache2-2.0.48-6.9.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
bc016b31f98ec4e7bbf34f4d987bf294
amd64/10.0/RPMS/apache2-2.0.48-6.9.100mdk.amd64.rpm
793330fe7dde37952ec192cec49839a5
amd64/10.0/RPMS/apache2-common-2.0.48-6.9.100mdk.amd64.rpm
85cb508e4d82f86ce27f227e84348266
amd64/10.0/RPMS/apache2-devel-2.0.48-6.9.100mdk.amd64.rpm
a182c95d9e95707da1de2556107f3669
amd64/10.0/RPMS/apache2-manual-2.0.48-6.9.100mdk.amd64.rpm
1e6bdb5e7bcbcfa148146e7318600519
amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.9.100mdk.amd64.rpm
bfe3085c937a747721b53c19502bafa2
amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.9.100mdk.amd64.rpm
68e8b111eefe41bbeec6d34ffe00c826
amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.9.100mdk.amd64.rpm
2e1115aec2cea497b5871f0c632b7486
amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.100mdk.amd64.rpm

4734d75962c456ceceaecc591aaa2ba7
amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.9.100mdk.amd64.rpm

4d71b5036171d773f71618290496de05
amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.9.100mdk.amd64.rpm
5e8263605352c365a5b533cea2af6482
amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.9.100mdk.amd64.rpm

a1d4b30b9007d8ce6d3f14827f71105c
amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.9.100mdk.amd64.rpm
c2a0cbf927cad0737273fc5c7376ae1f
amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.9.100mdk.amd64.rpm
b25727c42f74d12f51016f2dbbc2877a
amd64/10.0/RPMS/apache2-modules-2.0.48-6.9.100mdk.amd64.rpm
8488740c4bbf88228c94c85c69a179ff
amd64/10.0/RPMS/apache2-source-2.0.48-6.9.100mdk.amd64.rpm
b6c8158c5f99c5700b351579749f5ed1
amd64/10.0/RPMS/lib64apr0-2.0.48-6.9.100mdk.amd64.rpm
fde6b2d1a9fea0cb99d965b1cc431de6
amd64/10.0/SRPMS/apache2-2.0.48-6.9.100mdk.src.rpm

Mandrakelinux 10.1:
dfc22a83dc0fa3954130396056b3fcb4
10.1/RPMS/apache2-2.0.50-7.3.101mdk.i586.rpm
5a957baf5d3b3a4e23c9f753209a7cb8
10.1/RPMS/apache2-common-2.0.50-7.3.101mdk.i586.rpm
bbb22f539624def5a6834b3a2f41f151
10.1/RPMS/apache2-devel-2.0.50-7.3.101mdk.i586.rpm
1f8f5bd9629ef5b1007239d264e0163b
10.1/RPMS/apache2-manual-2.0.50-7.3.101mdk.i586.rpm
3e3d9a633fc64249a6c2ffc4a34312bd
10.1/RPMS/apache2-mod_cache-2.0.50-7.3.101mdk.i586.rpm
7b4c85871bd02ca5a16285adb4b6b0e1
10.1/RPMS/apache2-mod_dav-2.0.50-7.3.101mdk.i586.rpm
e9099625fdd18a375a2a5dfb50466a34
10.1/RPMS/apache2-mod_deflate-2.0.50-7.3.101mdk.i586.rpm
a01faaa30912a50b8b05578bd09906db
10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.3.101mdk.i586.rpm
e0afe6bcc497bc7675ca19e302edee54
10.1/RPMS/apache2-mod_file_cache-2.0.50-7.3.101mdk.i586.rpm
d7625aae3dd70d31a4e018c47d8c752a
10.1/RPMS/apache2-mod_ldap-2.0.50-7.3.101mdk.i586.rpm
2875579dbbb6fb2275888eb82edd2405
10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.3.101mdk.i586.rpm
1038eaae39e9bf271c5e291cf2f1e9c2
10.1/RPMS/apache2-mod_proxy-2.0.50-7.3.101mdk.i586.rpm
1180740c23a017aa18657b84ecbf3185
10.1/RPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.i586.rpm
af7be1db9940b8a9cf6227365bfe4953
10.1/RPMS/apache2-modules-2.0.50-7.3.101mdk.i586.rpm
de97b3d4332e1971d0a53f4556a56106
10.1/RPMS/apache2-source-2.0.50-7.3.101mdk.i586.rpm
7478ba1527f37f5d0d45b09c6c956892
10.1/RPMS/apache2-worker-2.0.50-7.3.101mdk.i586.rpm
7dfb5acdff36dbba754f553d52ad7fd0
10.1/SRPMS/apache2-2.0.50-7.3.101mdk.src.rpm
59099063cd9ce08dd4919047a3fabbea
10.1/SRPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
9b123ac403579bddd160c2e004e4474a
x86_64/10.1/RPMS/apache2-2.0.50-7.3.101mdk.x86_64.rpm
d177b0a39048150fdcbe1c76ca06b76c
x86_64/10.1/RPMS/apache2-common-2.0.50-7.3.101mdk.x86_64.rpm
f0543159b56b949cefda9d371953710b
x86_64/10.1/RPMS/apache2-devel-2.0.50-7.3.101mdk.x86_64.rpm
e5cd3e4d5783c9d9c8bc6e3507cbcf55
x86_64/10.1/RPMS/apache2-manual-2.0.50-7.3.101mdk.x86_64.rpm
28cb57e08c8507632f33fb4f93bff147
x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.3.101mdk.x86_64.rpm
10a1467eb3467f24d47c418fa474e354
x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.3.101mdk.x86_64.rpm
2231db9e54fd0751c9535f65d92b8204
x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.3.101mdk.x86_64.rpm

dd8055fed5ab3a973b7564bbda69b85b
x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.3.101mdk.x86_64.rpm

99420a62c756726d1f2943dc114e2252
x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.3.101mdk.x86_64.rpm

7f6b63a9aae218b5facac164cfc373df
x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.3.101mdk.x86_64.rpm
f2c31e3c06f1a724452a312638e289e9
x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.3.101mdk.x86_64.rpm

65ca005aa9da5ca0217bab1ab160e3f0
x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.3.101mdk.x86_64.rpm
5e628b11db17519443b99ffbf9ee15d1
x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.x86_64.rpm
87e0dcda381114284edcde89abad618b
x86_64/10.1/RPMS/apache2-modules-2.0.50-7.3.101mdk.x86_64.rpm
c9129e8f3250b988a54f12422ae8b19e
x86_64/10.1/RPMS/apache2-source-2.0.50-7.3.101mdk.x86_64.rpm
767b15ae30336bfd2234c1321f6f66d2
x86_64/10.1/RPMS/apache2-worker-2.0.50-7.3.101mdk.x86_64.rpm
7dfb5acdff36dbba754f553d52ad7fd0
x86_64/10.1/SRPMS/apache2-2.0.50-7.3.101mdk.src.rpm
59099063cd9ce08dd4919047a3fabbea
x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.src.rpm

Mandrakelinux 10.2:
1ca2ae50d22638a31c8af6c734a10708
10.2/RPMS/apache2-2.0.53-9.1.102mdk.i586.rpm
cb37acc10b2cb54fd1c130eb9bc1c91b
10.2/RPMS/apache2-common-2.0.53-9.1.102mdk.i586.rpm
81f76caa697c70bd1664f6b8d2240b48
10.2/RPMS/apache2-devel-2.0.53-9.1.102mdk.i586.rpm
187ef5bee839462b228c27b0e3030bc1
10.2/RPMS/apache2-manual-2.0.53-9.1.102mdk.i586.rpm
341212271ce65e34e45c6387cc8db140
10.2/RPMS/apache2-mod_cache-2.0.53-9.1.102mdk.i586.rpm
80481386b09d14db6bc003fe63478d7b
10.2/RPMS/apache2-mod_dav-2.0.53-9.1.102mdk.i586.rpm
35f7d8092a015ede56dc839e959b1b48
10.2/RPMS/apache2-mod_deflate-2.0.53-9.1.102mdk.i586.rpm
5def4e1615db9c737bf2e0ddb3006e86
10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.1.102mdk.i586.rpm
f583040aef7deaa580ab9ba62073d2bf
10.2/RPMS/apache2-mod_file_cache-2.0.53-9.1.102mdk.i586.rpm
6f1e9594d1505ab09306a4c62f954465
10.2/RPMS/apache2-mod_ldap-2.0.53-9.1.102mdk.i586.rpm
05b9a88df5ea49d99d39afca7406424f
10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.1.102mdk.i586.rpm
93aefd71936b00b41b12ef94b2ce2846
10.2/RPMS/apache2-mod_proxy-2.0.53-9.1.102mdk.i586.rpm
ed2df774035eb0dbe59068072aeeec79
10.2/RPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.i586.rpm
7ee623fb31b7f376b39975dfee0f31c0
10.2/RPMS/apache2-modules-2.0.53-9.1.102mdk.i586.rpm
59051fb0fe21645879fe0281e91db3e8
10.2/RPMS/apache2-peruser-2.0.53-9.1.102mdk.i586.rpm
ad69e3d21133523c91636385000d3bda
10.2/RPMS/apache2-source-2.0.53-9.1.102mdk.i586.rpm
a54b95b2c62f2fd8027576b26cf37c18
10.2/RPMS/apache2-worker-2.0.53-9.1.102mdk.i586.rpm
2b0c98cc0b33008809b0598548449765
10.2/SRPMS/apache2-2.0.53-9.1.102mdk.src.rpm
d661143590371366ed74be65d5e425ad
10.2/SRPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
e9af8fb208bd208b7ffa481643b8469b
x86_64/10.2/RPMS/apache2-2.0.53-9.1.102mdk.x86_64.rpm
2cd3a72352db34a00186618d3f81b426
x86_64/10.2/RPMS/apache2-common-2.0.53-9.1.102mdk.x86_64.rpm
44bfc9125cf981b85c58b4d7550444a7
x86_64/10.2/RPMS/apache2-devel-2.0.53-9.1.102mdk.x86_64.rpm
3a5dcbd5883c8fd8b82fc29511ab49a4
x86_64/10.2/RPMS/apache2-manual-2.0.53-9.1.102mdk.x86_64.rpm
966050237bfa99fb5b12c219c2c92828
x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.1.102mdk.x86_64.rpm
c5b4cd5f4b13fa715f864b16fe93aa57
x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.1.102mdk.x86_64.rpm
951c80d965d5d726c24c25dc1a8a16df
x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.1.102mdk.x86_64.rpm

70e59f70873401e6f6860037b7e4aed3
x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.1.102mdk.x86_64.rpm

2c908e5104d4b82e0f022f4ac626b4f2
x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.1.102mdk.x86_64.rpm

21433e67d76597d40f861ccb4cbfe87a
x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.1.102mdk.x86_64.rpm
0d0eb089f16df8bdae792a07afe14bcf
x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.1.102mdk.x86_64.rpm

cdf79606f5a389626a617bb3c686da33
x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.1.102mdk.x86_64.rpm
b4773216a19e79e54784f9e9ff096ddf
x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.x86_64.rpm
7182963429a49b17c5bea219b04a2206
x86_64/10.2/RPMS/apache2-modules-2.0.53-9.1.102mdk.x86_64.rpm
26c382f742185b98696043ef49477527
x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.1.102mdk.x86_64.rpm
0a075ac9d255c6973696fbd8235b59a8
x86_64/10.2/RPMS/apache2-source-2.0.53-9.1.102mdk.x86_64.rpm
095fef6176f224c42145827b344946f2
x86_64/10.2/RPMS/apache2-worker-2.0.53-9.1.102mdk.x86_64.rpm
2b0c98cc0b33008809b0598548449765
x86_64/10.2/SRPMS/apache2-2.0.53-9.1.102mdk.src.rpm
d661143590371366ed74be65d5e425ad
x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.src.rpm

Multi Network Firewall 2.0:
1a18dfe450b2f222bd303d699f9d6ad2
mnf/2.0/RPMS/apache2-2.0.48-6.9.M20mdk.i586.rpm
501464d0d433addc3bb4f40184c3c087
mnf/2.0/RPMS/apache2-common-2.0.48-6.9.M20mdk.i586.rpm
88d2c5d67cc53bce6681e6c155c97a04
mnf/2.0/RPMS/apache2-mod_cache-2.0.48-6.9.M20mdk.i586.rpm
59c231b8ca8fa4ac0e231e1cb0ab581d
mnf/2.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.M20mdk.i586.rpm
30df96dcea309c22fa35501455692dc5
mnf/2.0/RPMS/apache2-mod_proxy-2.0.48-6.9.M20mdk.i586.rpm
82ca0e9319ef4ce1c0e4035affbc3f77
mnf/2.0/RPMS/apache2-mod_ssl-2.0.48-6.9.M20mdk.i586.rpm
69a57868e0bb930aa1f80a2a52ce66ed
mnf/2.0/RPMS/apache2-modules-2.0.48-6.9.M20mdk.i586.rpm
d68d321fa52e1fda5740130d1bc73821
mnf/2.0/RPMS/libapr0-2.0.48-6.9.M20mdk.i586.rpm
e23874e9cec97aa3f720d00fe9694619
mnf/2.0/SRPMS/apache2-2.0.48-6.9.M20mdk.src.rpm

Corporate 3.0:
1c89b3ad77c737313acb5f1d5f48129b
corporate/3.0/RPMS/apache2-2.0.48-6.9.C30mdk.i586.rpm
35e9f3b14c4de61538770009015a9554
corporate/3.0/RPMS/apache2-common-2.0.48-6.9.C30mdk.i586.rpm
55c0c1c976e29e79b44df58de2fea4ab
corporate/3.0/RPMS/apache2-manual-2.0.48-6.9.C30mdk.i586.rpm
e65aa8841fc1a7bc3146c7370ca55e5b
corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.9.C30mdk.i586.rpm
b6b5d352206a7643688e64d6a72219da
corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.9.C30mdk.i586.rpm
2b281f5ab46acca21ead65966e46fbc4
corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.C30mdk.i586.rpm

715c79fd4f46883621a099c4124a8f68
corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.9.C30mdk.i586.rpm
64eca9c3242e64a98bbd7d0f20eb9ce0
corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.9.C30mdk.i586.rpm
589a154565d218cfaecb31992df1516e
corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.9.C30mdk.i586.rpm
5ee73292109ad86649cd7345de4a895d
corporate/3.0/RPMS/apache2-modules-2.0.48-6.9.C30mdk.i586.rpm
19dca123d4f2680b42972c438d57c6c5
corporate/3.0/RPMS/libapr0-2.0.48-6.9.C30mdk.i586.rpm
49e85703438cbe2e91a6c9cdf114b68c
corporate/3.0/SRPMS/apache2-2.0.48-6.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
ecb414e090a0f9fa94286960b5802a18
x86_64/corporate/3.0/RPMS/apache2-2.0.48-6.9.C30mdk.x86_64.rpm
af212e22e9fd393fc20a571ce7b5ef0a
x86_64/corporate/3.0/RPMS/apache2-common-2.0.48-6.9.C30mdk.x86_64.rpm

dc68ff259e52b77291649ab877a4e8ca
x86_64/corporate/3.0/RPMS/apache2-manual-2.0.48-6.9.C30mdk.x86_64.rpm

adc6238e04c25e2cacd27970c0c2127b
x86_64/corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.9.C30mdk.x86_64.rpm

9487b688732a0da0ccef34527dac2b99
x86_64/corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.9.C30mdk.x86_64.rpm

59f097e6e3f07b4ab9d98d8399da2a11
x86_64/corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.C30mdk.x86_64.rpm

e2be8dce1adfb811af8a84595c5ab383
x86_64/corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.9.C30mdk.x86_64.rpm

bfba74b829509c6031e5ba0bae21ebd7
x86_64/corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.9.C30mdk.x86_64.rpm

5bf5d2e8968de23e9d80d187210ee1ba
x86_64/corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.9.C30mdk.x86_64.rpm

c33572e8d8a3468531ee59f6e37e0f4f
x86_64/corporate/3.0/RPMS/apache2-modules-2.0.48-6.9.C30mdk.x86_64.rpm

c9e65871380ca2fd72be75f532081bad
x86_64/corporate/3.0/RPMS/lib64apr0-2.0.48-6.9.C30mdk.x86_64.rpm

49e85703438cbe2e91a6c9cdf114b68c
x86_64/corporate/3.0/SRPMS/apache2-2.0.48-6.9.C30mdk.src.rpm

---

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

---

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

---

Mandriva Linux Security Update Advisory

---

Package name: apache
Advisory ID: MDKSA-2005:130
Date: August 3rd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate
Server 2.1

---

Problem Description:

Watchfire reported a flaw that occured when using the Apache
server as a HTTP proxy. A remote attacker could send an HTTP
request with both a “Transfer-Encoding: chunked” header and a
“Content-Length” header which would cause Apache to incorrectly
handle and forward the body of the request in a way that the
receiving server processed it as a separate HTTP request. This
could be used to allow the bypass of web application firewall
protection or lead to cross-site scripting (XSS) attacks
(CAN-2005-2088).

The updated packages have been patched to prevent these
issues.

---

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088

---

Updated Packages:

Mandrakelinux 10.0:
7b647c45b60004470689faf9a461be6c
10.0/RPMS/apache-1.3.29-1.4.100mdk.i586.rpm
8b185dee42649dd3a56d5cffdd47f31c
10.0/RPMS/apache-devel-1.3.29-1.4.100mdk.i586.rpm
991592ab1cb3accd8456f748d8dd1d32
10.0/RPMS/apache-modules-1.3.29-1.4.100mdk.i586.rpm
a8bc7aee751c8a84584fbcc45d24e5d1
10.0/RPMS/apache-source-1.3.29-1.4.100mdk.i586.rpm
7dde17d7931fcbb2c24fdae964c7d2e1
10.0/SRPMS/apache-1.3.29-1.4.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
38a8d4da07d15367f3b6a47507edd4ef
amd64/10.0/RPMS/apache-1.3.29-1.4.100mdk.amd64.rpm
fdb2f8fe48ac0f99dd7b06a77d6df5eb
amd64/10.0/RPMS/apache-devel-1.3.29-1.4.100mdk.amd64.rpm
ac6018c0c08d7c2e77ae7df8744f5cf0
amd64/10.0/RPMS/apache-modules-1.3.29-1.4.100mdk.amd64.rpm
0cc565a8b52aa6aaea33041a1a33b535
amd64/10.0/RPMS/apache-source-1.3.29-1.4.100mdk.amd64.rpm
7dde17d7931fcbb2c24fdae964c7d2e1
amd64/10.0/SRPMS/apache-1.3.29-1.4.100mdk.src.rpm

Mandrakelinux 10.1:
37fd0fb92592efe5a3fe5d5fa89b0c8c
10.1/RPMS/apache-1.3.31-7.2.101mdk.i586.rpm
3fcc7e95d9def7cb64aeb6d702563498
10.1/RPMS/apache-devel-1.3.31-7.2.101mdk.i586.rpm
47a376032b85aeabc5370bebbac51e38
10.1/RPMS/apache-modules-1.3.31-7.2.101mdk.i586.rpm
cd6757a1cc0270243fbc63c10508da0b
10.1/RPMS/apache-source-1.3.31-7.2.101mdk.i586.rpm
99461fdd6a1955961867fa888cc68d8f
10.1/SRPMS/apache-1.3.31-7.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
ac16e81572c092fe5d6448df9442ca8e
x86_64/10.1/RPMS/apache-1.3.31-7.2.101mdk.x86_64.rpm
28de6be2c20737d3819a787e310b2707
x86_64/10.1/RPMS/apache-devel-1.3.31-7.2.101mdk.x86_64.rpm
c02b7724a815cfd4cd8e49a1fb016620
x86_64/10.1/RPMS/apache-modules-1.3.31-7.2.101mdk.x86_64.rpm
8dca2b8497dd582eb732a23933e43a0f
x86_64/10.1/RPMS/apache-source-1.3.31-7.2.101mdk.x86_64.rpm
99461fdd6a1955961867fa888cc68d8f
x86_64/10.1/SRPMS/apache-1.3.31-7.2.101mdk.src.rpm

Mandrakelinux 10.2:
72a644da1a2b6ca9b108f169f0dcb683
10.2/RPMS/apache-1.3.33-6.1.102mdk.i586.rpm
9b715d3b8013f3c475ccd2225a70989a
10.2/RPMS/apache-devel-1.3.33-6.1.102mdk.i586.rpm
9eaa3fa994130d1de447cab50db7d66f
10.2/RPMS/apache-modules-1.3.33-6.1.102mdk.i586.rpm
3a2908d244f78eb80f529f843ce5c1ac
10.2/RPMS/apache-source-1.3.33-6.1.102mdk.i586.rpm
4711227c7c38a014663194c198913907
10.2/SRPMS/apache-1.3.33-6.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
d8d495e7b7fc8aa9c1fb15614ae04e34
x86_64/10.2/RPMS/apache-1.3.33-6.1.102mdk.x86_64.rpm
830b2e4bf1b3f9a390c8e7a7846b1353
x86_64/10.2/RPMS/apache-devel-1.3.33-6.1.102mdk.x86_64.rpm
a8b1adc69eaf5dc2b83bf49e84935a81
x86_64/10.2/RPMS/apache-modules-1.3.33-6.1.102mdk.x86_64.rpm
38bd01fe2513c2c10499689d6fe4f1b1
x86_64/10.2/RPMS/apache-source-1.3.33-6.1.102mdk.x86_64.rpm
4711227c7c38a014663194c198913907
x86_64/10.2/SRPMS/apache-1.3.33-6.1.102mdk.src.rpm

Corporate Server 2.1:
9ce162ffa4d94c527ab84e668ae17a78
corporate/2.1/RPMS/apache-1.3.26-7.4.C21mdk.i586.rpm
4bddd4119a520be80ddd577c0f45acca
corporate/2.1/RPMS/apache-common-1.3.26-7.4.C21mdk.i586.rpm
132604f1487d76a5f5d7ace3ee10c040
corporate/2.1/RPMS/apache-devel-1.3.26-7.4.C21mdk.i586.rpm
920f9e8aa639db5e55224db2a75e908d
corporate/2.1/RPMS/apache-manual-1.3.26-7.4.C21mdk.i586.rpm
fe919175f6898834f3372f20d76f55df
corporate/2.1/RPMS/apache-modules-1.3.26-7.4.C21mdk.i586.rpm
64cf8b3d566d5010da1273f1ceeb9416
corporate/2.1/RPMS/apache-source-1.3.26-7.4.C21mdk.i586.rpm
9a7d8ecb5a9530d17347c5490fe5df87
corporate/2.1/SRPMS/apache-1.3.26-7.4.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
0dffe139277b76e135e535b4bd4fa79a
x86_64/corporate/2.1/RPMS/apache-1.3.26-7.4.C21mdk.x86_64.rpm
8226b7fd08c890401944c5aa490600d2
x86_64/corporate/2.1/RPMS/apache-common-1.3.26-7.4.C21mdk.x86_64.rpm

69e8a4f73342352b52bf828b2304af18
x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-7.4.C21mdk.x86_64.rpm

112bde1b90f4741699c5618894c61f99
x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-7.4.C21mdk.x86_64.rpm

d732d8e462489a368d3c1b237b29570a
x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-7.4.C21mdk.x86_64.rpm

b40b4e4b81a090015754136d8eeb2e58
x86_64/corporate/2.1/RPMS/apache-source-1.3.26-7.4.C21mdk.x86_64.rpm

9a7d8ecb5a9530d17347c5490fe5df87
x86_64/corporate/2.1/SRPMS/apache-1.3.26-7.4.C21mdk.src.rpm

Corporate 3.0:
9b2d7101aa263e860ea3839260620fe6
corporate/3.0/RPMS/apache-1.3.29-1.4.C30mdk.i586.rpm
be9d739b634cf93d229ad7b65bbf6c28
corporate/3.0/RPMS/apache-modules-1.3.29-1.4.C30mdk.i586.rpm
7c9f246c832fec1cf3487e516ff334f4
corporate/3.0/SRPMS/apache-1.3.29-1.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
58bb5e99baa148f0bedf1d8982b3301f
x86_64/corporate/3.0/RPMS/apache-1.3.29-1.4.C30mdk.x86_64.rpm
b7de432d1647f4ffe0661e9a921251dd
x86_64/corporate/3.0/RPMS/apache-modules-1.3.29-1.4.C30mdk.x86_64.rpm

7c9f246c832fec1cf3487e516ff334f4
x86_64/corporate/3.0/SRPMS/apache-1.3.29-1.4.C30mdk.src.rpm

---

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

---

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Red Hat Linux

---

Red Hat Security Advisory

Synopsis: Low: dump security update
Advisory ID: RHSA-2005:583-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-583.html

Issue date: 2005-08-03
Updated on: 2005-08-03
Product: Red Hat Enterprise Linux
CVE Names: CAN-2002-1914

---

1. Summary:

Updated dump packages that address two security issues are now
available for Red Hat Enterprise Linux 2.1.

This update has been rated as having low security impact by the
Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386

3. Problem description:

Dump examines files in a file system, determines which ones need
to be backed up, and copies those files to a specified disk, tape,
or other storage medium.

A flaw was found with dump file locking. A malicious local user
could manipulate the file lock in such a way as to prevent dump
from running. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) assigned the
name CAN-2002-1914 to this issue.

Users of dump should upgrade to these erratum packages, which
contain a patch to resolve this issue.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

162903 – CAN-2002-1914 dump denial of service

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/dump-0.4b25-1.72.2.src.rpm
a2105338ff2279973bcec74ea8dd96dd dump-0.4b25-1.72.2.src.rpm

i386:
b14ad2aef495fd52b2bfa8501147a86c dump-0.4b25-1.72.2.i386.rpm
1d658c6130d9b317456b56b6e21acd42 rmt-0.4b25-1.72.2.i386.rpm

ia64:
ace0b517d6b4d26fdfc40744368053cd dump-0.4b25-1.72.2.ia64.rpm
f6ed788f99e81abdde859cbb4dabe1fb rmt-0.4b25-1.72.2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/dump-0.4b25-1.72.2.src.rpm
a2105338ff2279973bcec74ea8dd96dd dump-0.4b25-1.72.2.src.rpm

ia64:
ace0b517d6b4d26fdfc40744368053cd dump-0.4b25-1.72.2.ia64.rpm
f6ed788f99e81abdde859cbb4dabe1fb rmt-0.4b25-1.72.2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/dump-0.4b25-1.72.2.src.rpm
a2105338ff2279973bcec74ea8dd96dd

i386:
b14ad2aef495fd52b2bfa8501147a86c dump-0.4b25-1.72.2.i386.rpm
1d658c6130d9b317456b56b6e21acd42 rmt-0.4b25-1.72.2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/dump-0.4b25-1.72.2.src.rpm
a2105338ff2279973bcec74ea8dd96dd dump-0.4b25-1.72.2.src.rpm

i386:
b14ad2aef495fd52b2bfa8501147a86c dump-0.4b25-1.72.2.i386.rpm
1d658c6130d9b317456b56b6e21acd42 rmt-0.4b25-1.72.2.i386.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://marc.theaimsgroup.com/?l=bugtraq&m=102701096228027

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1914

8. Contact:

The Red Hat security contact is <[email protected]>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

---

Red Hat Security Advisory

Synopsis: Moderate: SquirrelMail security update
Advisory ID: RHSA-2005:595-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-595.html

Issue date: 2005-08-03
Updated on: 2005-08-03
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2095 CAN-2005-1769

---

1. Summary:

An updated squirrelmail package that fixes two security issues
is now available.

This update has been rated as having moderate security impact by
the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 – noarch
Red Hat Desktop version 3 – noarch
Red Hat Enterprise Linux ES version 3 – noarch
Red Hat Enterprise Linux WS version 3 – noarch
Red Hat Enterprise Linux AS version 4 – noarch
Red Hat Enterprise Linux Desktop version 4 – noarch
Red Hat Enterprise Linux ES version 4 – noarch
Red Hat Enterprise Linux WS version 4 – noarch

3. Problem description:

SquirrelMail is a standards-based webmail package written in
PHP4.

A bug was found in the way SquirrelMail handled the $_POST
variable. A user’s SquirrelMail preferences could be read or
modified if the user is tricked into visiting a malicious URL. The
Common Vulnerabilities and Exposures project assigned the name
CAN-2005-2095 to this issue.

Several cross-site scripting bugs were discovered in
SquirrelMail. An attacker could inject arbitrary Javascript or HTML
content into SquirrelMail pages by tricking a user into visiting a
carefully crafted URL, or by sending them a carefully constructed
HTML email message. (CAN-2005-1769)

All users of SquirrelMail should upgrade to this updated
package, which contains backported patches that resolve these
issues.

4. Solution:

Before applying this update, make sure that all
previously-released errata relevant to your system have been
applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to
the following Web page for the System Administration or
Customization guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

Additionally, users will have to bring up the “Network Proxy”
dialog and reset their keys for the settings to take place.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

160241 – CAN-2005-1769 Multiple XSS issues in squirrelmail
162275 – CAN-2005-2095 squirrelmail cross site posting issue

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squirrelmail-1.4.3a-10.EL3.src.rpm
ba88d8cade37412c5abda4e5c4660b18
squirrelmail-1.4.3a-10.EL3.src.rpm

noarch:
78615d9edfaa42e09f81267778e121ed
squirrelmail-1.4.3a-10.EL3.noarch.rpm

Red Hat Desktop version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squirrelmail-1.4.3a-10.EL3.src.rpm
ba88d8cade37412c5abda4e5c4660b18
squirrelmail-1.4.3a-10.EL3.src.rpm

noarch:
78615d9edfaa42e09f81267778e121ed
squirrelmail-1.4.3a-10.EL3.noarch.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squirrelmail-1.4.3a-10.EL3.src.rpm
ba88d8cade37412c5abda4e5c4660b18
squirrelmail-1.4.3a-10.EL3.src.rpm

noarch:
78615d9edfaa42e09f81267778e121ed
squirrelmail-1.4.3a-10.EL3.noarch.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squirrelmail-1.4.3a-10.EL3.src.rpm
ba88d8cade37412c5abda4e5c4660b18
squirrelmail-1.4.3a-10.EL3.src.rpm

noarch:
78615d9edfaa42e09f81267778e121ed
squirrelmail-1.4.3a-10.EL3.noarch.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/squirrelmail-1.4.3a-11.EL4.src.rpm
4abd471bd12dce975d68297c2a82837f
squirrelmail-1.4.3a-11.EL4.src.rpm

noarch:
b19badf585b022e32acd1a546b624e1b
squirrelmail-1.4.3a-11.EL4.noarch.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/squirrelmail-1.4.3a-11.EL4.src.rpm
4abd471bd12dce975d68297c2a82837f
squirrelmail-1.4.3a-11.EL4.src.rpm

noarch:
b19badf585b022e32acd1a546b624e1b
squirrelmail-1.4.3a-11.EL4.noarch.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/squirrelmail-1.4.3a-11.EL4.src.rpm
4abd471bd12dce975d68297c2a82837f
squirrelmail-1.4.3a-11.EL4.src.rpm

noarch:
b19badf585b022e32acd1a546b624e1b
squirrelmail-1.4.3a-11.EL4.noarch.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/squirrelmail-1.4.3a-11.EL4.src.rpm
4abd471bd12dce975d68297c2a82837f
squirrelmail-1.4.3a-11.EL4.src.rpm

noarch:
b19badf585b022e32acd1a546b624e1b
squirrelmail-1.4.3a-11.EL4.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2095

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1769

8. Contact:

The Red Hat security contact is <[email protected]>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.