Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <security <at> mandriva.com>
Subject: [ MDVSA-2011:130-1 ] apache
Newsgroups: gmane.linux.mandrake.security.announce
Date: Saturday 17th September 2011 10:23:00 UTC (over 5 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2011:130-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : apache
 Date    : September 17, 2011
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in apache:
 
 The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through
 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a
 denial of service (memory and CPU consumption) via a Range header
 that expresses multiple overlapping ranges, as exploited in the
 wild in August 2011, a different vulnerability than CVE-2007-0086
 (CVE-2011-3192).
 
 The updated packages have been patched to correct this issue.

 Update:

 Packages for Mandriva Linux 2011 is now being provided as well. Enjoy!
 
 * apache has been upgraded to the latest version (2.2.21) for 2011
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 5c4825e4c63b4a06c68a5fd81517de71 
2011/i586/apache-base-2.2.21-0.1-mdv2011.0.i586.rpm
 b5a00191b27804f9735643cdcd704b19 
2011/i586/apache-conf-2.2.21-0.1-mdv2011.0.i586.rpm
 49defd7efbb4a37ec49c01c7ef9c64aa 
2011/i586/apache-devel-2.2.21-0.1-mdv2011.0.i586.rpm
 a023e40689777630df036eae1a84a475 
2011/i586/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm
 f03744bb74a3e0872cb08465799c3ee1 
2011/i586/apache-htcacheclean-2.2.21-0.1-mdv2011.0.i586.rpm
 bb9efa66089deef66f9434b813d41a95 
2011/i586/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.i586.rpm
 bb334eb7fe43927ba7c6c9196b4e1fd1 
2011/i586/apache-mod_cache-2.2.21-0.1-mdv2011.0.i586.rpm
 086b5ed82c064b16964fff70bf9c841e 
2011/i586/apache-mod_dav-2.2.21-0.1-mdv2011.0.i586.rpm
 115008b2471e10ea01689dafe5c46bcd 
2011/i586/apache-mod_dbd-2.2.21-0.1-mdv2011.0.i586.rpm
 6b686ec6612ff8740d1e482faa06c544 
2011/i586/apache-mod_deflate-2.2.21-0.1-mdv2011.0.i586.rpm
 8c8f14074bc0dbbeb2b3890611f95c6b 
2011/i586/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.i586.rpm
 b03569edc20c9393e0b5eea09f590368 
2011/i586/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.i586.rpm
 343703d3822a6757e000edeebe7e0a06 
2011/i586/apache-mod_ldap-2.2.21-0.1-mdv2011.0.i586.rpm
 3457011403525d40e525716c4da8e477 
2011/i586/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.i586.rpm
 3d060145b3665ca4c0b309f812af9370 
2011/i586/apache-mod_proxy-2.2.21-0.1-mdv2011.0.i586.rpm
 a0e00b0610eb5a8c5c57afabeafc07f8 
2011/i586/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.i586.rpm
 dd4bb38bbc2997ca398fb37225eca371 
2011/i586/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.i586.rpm
 2966cdfddf02fa32447711af6a3046dd 
2011/i586/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.i586.rpm
 48774d9c282dc476f35a0c8b2e821a7f 
2011/i586/apache-mod_ssl-2.2.21-0.1-mdv2011.0.i586.rpm
 7b832f85bd258abf0c7abb161f4028b4 
2011/i586/apache-mod_suexec-2.2.21-0.1-mdv2011.0.i586.rpm
 1c6b93eaa5b27477989bf82ea9a63685 
2011/i586/apache-modules-2.2.21-0.1-mdv2011.0.i586.rpm
 1e7dc0ee3fafae8a786be0cc164ebe4a 
2011/i586/apache-mod_userdir-2.2.21-0.1-mdv2011.0.i586.rpm
 ab2d074f2dfe57a64b022d4e6b8254ab 
2011/i586/apache-mpm-event-2.2.21-0.1-mdv2011.0.i586.rpm
 a22debf09366b64e236965a4091009e9 
2011/i586/apache-mpm-itk-2.2.21-0.1-mdv2011.0.i586.rpm
 174aed4327491b83f147f3b4e76bcd1f 
2011/i586/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.i586.rpm
 e141881c27496e7e74ad7f3f566a1bd2 
2011/i586/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.i586.rpm
 97893069a3d6eb73e3773bc0ee78c9a4 
2011/i586/apache-mpm-worker-2.2.21-0.1-mdv2011.0.i586.rpm
 fe530e2da15b3e0bf14c617824ff82c9 
2011/i586/apache-source-2.2.21-0.1-mdv2011.0.i586.rpm 
 4376094cd799523a1a7666f4e768707d  2011/SRPMS/apache-2.2.21-0.1.src.rpm
 b37e2a1dafb6883a10cefb4140e9635e 
2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm
 d83c587ad4d56a31362f67334bbf9455  2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm
 0b4a145fd5ff8c11a53956f750cdbd42 
2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 8837c56966896e10d3403956e7cf86ac 
2011/x86_64/apache-base-2.2.21-0.1-mdv2011.0.x86_64.rpm
 aec6da25319585e53623471734f99c57 
2011/x86_64/apache-conf-2.2.21-0.1-mdv2011.0.x86_64.rpm
 e8600455214ad4f2303d9f36576e4952 
2011/x86_64/apache-devel-2.2.21-0.1-mdv2011.0.x86_64.rpm
 90694f3211fca3d436ec4130b8bb43e2 
2011/x86_64/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm
 fd3f6a51c8abf8b1ff8356489ba6d6e1 
2011/x86_64/apache-htcacheclean-2.2.21-0.1-mdv2011.0.x86_64.rpm
 796c8129bbc160455587bc54c58c2220 
2011/x86_64/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm
 61add54b6e0c8306dff065a150b262e2 
2011/x86_64/apache-mod_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
 cb98169c29008c256662f3a08141bf95 
2011/x86_64/apache-mod_dav-2.2.21-0.1-mdv2011.0.x86_64.rpm
 5aa03ee54a7e40d41fd746fd1a223c72 
2011/x86_64/apache-mod_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm
 386a956f014fe2d64dfe38fc261abd39 
2011/x86_64/apache-mod_deflate-2.2.21-0.1-mdv2011.0.x86_64.rpm
 5a473bc45fa59323c4d526dd4f5a30d3 
2011/x86_64/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
 aaa544f7a4912c161a2c73e222ae87d6 
2011/x86_64/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
 f04054edc62a24ea9042c5b41074bd1d 
2011/x86_64/apache-mod_ldap-2.2.21-0.1-mdv2011.0.x86_64.rpm
 1c97f63c1169f483d086a94b97f5c421 
2011/x86_64/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
 ca912c34fec5cf470947a7f87e9705a4 
2011/x86_64/apache-mod_proxy-2.2.21-0.1-mdv2011.0.x86_64.rpm
 b5ae70a8ed412e40275b4de7b639caa0 
2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.x86_64.rpm
 6b11b032c13277712c336405ea23a8b0 
2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.x86_64.rpm
 874a420342f1ea9278e014b79fe5a337 
2011/x86_64/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.x86_64.rpm
 2757b3d7c8261563e22c41d3f94aaa29 
2011/x86_64/apache-mod_ssl-2.2.21-0.1-mdv2011.0.x86_64.rpm
 6edbc6963aab9beee507f9a3c8be38a2 
2011/x86_64/apache-mod_suexec-2.2.21-0.1-mdv2011.0.x86_64.rpm
 fe6143eaa1acc0de751198ea19129279 
2011/x86_64/apache-modules-2.2.21-0.1-mdv2011.0.x86_64.rpm
 3e66fa1e1e2cf243c1c6472243cb86fe 
2011/x86_64/apache-mod_userdir-2.2.21-0.1-mdv2011.0.x86_64.rpm
 7d45bfd7d3aa87d45d2287fdd9507847 
2011/x86_64/apache-mpm-event-2.2.21-0.1-mdv2011.0.x86_64.rpm
 bce9e2cdffe45cbc4baf72f0d0c4000e 
2011/x86_64/apache-mpm-itk-2.2.21-0.1-mdv2011.0.x86_64.rpm
 217bd96dfa802f7d049b6fd12600b154 
2011/x86_64/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.x86_64.rpm
 cc304b9011d16d7f3cf5c8250e4d9f18 
2011/x86_64/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.x86_64.rpm
 a8bb9b62c39f98a6df728d51a4fff39a 
2011/x86_64/apache-mpm-worker-2.2.21-0.1-mdv2011.0.x86_64.rpm
 7d41c857be2574ac5f3ea7090a1f3c78 
2011/x86_64/apache-source-2.2.21-0.1-mdv2011.0.x86_64.rpm 
 4376094cd799523a1a7666f4e768707d  2011/SRPMS/apache-2.2.21-0.1.src.rpm
 b37e2a1dafb6883a10cefb4140e9635e 
2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm
 d83c587ad4d56a31362f67334bbf9455  2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm
 0b4a145fd5ff8c11a53956f750cdbd42 
2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOdErbmqjQ0CJFipgRArO0AJ9MeU1I/ItvY699awHPqXD7TZZ46gCeP/Lc
OVJD0GobLzQ3q1XZS8WiqdY=
=O8Ag
-----END PGP SIGNATURE-----
 
CD: 3ms