MDKSA-2004:043 - Updated apache2 packages fixes a denial of service vulnerability in mod_ssl

From: Mandrake Linux Security Team (security_at_linux-mandrake.com)
Date: 05/11/04

  • Next message: Shaun Colley: "Linux Kernel sctp_setsockopt() Integer Overflow"
    Date: 11 May 2004 01:55:11 -0000
    To: bugtraq@securityfocus.com
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

     _______________________________________________________________________

                     Mandrakelinux Security Update Advisory
     _______________________________________________________________________

     Package name: apache2
     Advisory ID: MDKSA-2004:043
     Date: May 10th, 2004

     Affected versions: 10.0, 9.1, 9.2
     ______________________________________________________________________

     Problem Description:

     A memory leak in mod_ssl in the Apache HTTP Server prior to version
     2.0.49 allows a remote denial of service attack against an SSL-enabled
     server.
     
     The updated packages provide a patched mod_ssl to correct these
     problems.
     _______________________________________________________________________

     References:

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113
     ______________________________________________________________________

     Updated Packages:
      
     Mandrakelinux 10.0:
     532c951a2e856a199362407bbd720bea 10.0/RPMS/apache2-2.0.48-6.1.100mdk.i586.rpm
     aaf7818ed49d7eea93cd8be9bafc9604 10.0/RPMS/apache2-common-2.0.48-6.1.100mdk.i586.rpm
     42e8e3361a2870ae5c764bee2334d3d2 10.0/RPMS/apache2-devel-2.0.48-6.1.100mdk.i586.rpm
     93974a49c89c02483887bdbd80108ab2 10.0/RPMS/apache2-manual-2.0.48-6.1.100mdk.i586.rpm
     ba37cf3b1997eb9449a7b1639c495afe 10.0/RPMS/apache2-mod_cache-2.0.48-6.1.100mdk.i586.rpm
     16a6141a93fb829f491daf60860f5666 10.0/RPMS/apache2-mod_dav-2.0.48-6.1.100mdk.i586.rpm
     6a8d97f4e4ac74aad25483b22fad95fc 10.0/RPMS/apache2-mod_deflate-2.0.48-6.1.100mdk.i586.rpm
     1827a1ecf6250cb6d31c2613ad810463 10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.1.100mdk.i586.rpm
     5ef4c065e071275a9b291e483b3986e5 10.0/RPMS/apache2-mod_file_cache-2.0.48-6.1.100mdk.i586.rpm
     9c863cb5101db085b9955824bd452092 10.0/RPMS/apache2-mod_ldap-2.0.48-6.1.100mdk.i586.rpm
     677d50bcfd6400e2d599a0f6076b68af 10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.1.100mdk.i586.rpm
     b76151c0bedac4f608617ed2af18abf4 10.0/RPMS/apache2-mod_proxy-2.0.48-6.1.100mdk.i586.rpm
     e2adf66af1c6741fb2054197c2dbd6a6 10.0/RPMS/apache2-mod_ssl-2.0.48-6.1.100mdk.i586.rpm
     7a27537ef71bc4d5c54625b060dbedf5 10.0/RPMS/apache2-modules-2.0.48-6.1.100mdk.i586.rpm
     62e878523dc30fa0eb026b89d53c1194 10.0/RPMS/apache2-source-2.0.48-6.1.100mdk.i586.rpm
     2a6c31fcaeb7bd382b2014c0e26e7aa1 10.0/RPMS/libapr0-2.0.48-6.1.100mdk.i586.rpm
     10f0202c416df685f75cdf2e9e17371e 10.0/SRPMS/apache2-2.0.48-6.1.100mdk.src.rpm

     Mandrakelinux 9.1:
     224e5dda94a7a7dab82d79f6c46396a8 9.1/RPMS/apache2-2.0.47-1.7.91mdk.i586.rpm
     22968f6ad5b25bff2642ad28021fc4af 9.1/RPMS/apache2-common-2.0.47-1.7.91mdk.i586.rpm
     f1f68cdc9b7b7d0c54147dc3bf6640fa 9.1/RPMS/apache2-devel-2.0.47-1.7.91mdk.i586.rpm
     0be71b125b03073f6488f36169559c47 9.1/RPMS/apache2-manual-2.0.47-1.7.91mdk.i586.rpm
     1ce19c65a7934dfb5fa62ed2115351eb 9.1/RPMS/apache2-mod_dav-2.0.47-1.7.91mdk.i586.rpm
     7887a7082207cce69fcc2ced053a4044 9.1/RPMS/apache2-mod_ldap-2.0.47-1.7.91mdk.i586.rpm
     4e719e3ec078fe05b6b58916baf311eb 9.1/RPMS/apache2-mod_ssl-2.0.47-1.7.91mdk.i586.rpm
     1908bcc959a702a9d7265dc3116a6ead 9.1/RPMS/apache2-modules-2.0.47-1.7.91mdk.i586.rpm
     5817db5654c325471219ec4b3c98ccf4 9.1/RPMS/apache2-source-2.0.47-1.7.91mdk.i586.rpm
     fcbc8d2e20e477aa0b63bb6a7e67c55b 9.1/RPMS/libapr0-2.0.47-1.7.91mdk.i586.rpm
     3a63938eae592a0437fb76f64c7efd60 9.1/SRPMS/apache2-2.0.47-1.7.91mdk.src.rpm

     Mandrakelinux 9.1/PPC:
     b55c0dfd5a5d90ebc2e536c90d20ccf1 ppc/9.1/RPMS/apache2-2.0.47-1.7.91mdk.ppc.rpm
     49400d29d0f7589bbd26f0ae3c4c689d ppc/9.1/RPMS/apache2-common-2.0.47-1.7.91mdk.ppc.rpm
     b07803b544d4e001976229d21fbc531e ppc/9.1/RPMS/apache2-devel-2.0.47-1.7.91mdk.ppc.rpm
     1fb08c4e5db906dc378b2f1c4899ea33 ppc/9.1/RPMS/apache2-manual-2.0.47-1.7.91mdk.ppc.rpm
     fda663af745d7ad64279e9572dae211e ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.7.91mdk.ppc.rpm
     d4de598464a6428923de3043ffa0c2a6 ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.7.91mdk.ppc.rpm
     2105ce6164a02e459bb3eeeb07f3c8dd ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.7.91mdk.ppc.rpm
     65b7f816e1931d238675d24b8395c610 ppc/9.1/RPMS/apache2-modules-2.0.47-1.7.91mdk.ppc.rpm
     b1857e8f6b90546a8f0e1640e5af378d ppc/9.1/RPMS/apache2-source-2.0.47-1.7.91mdk.ppc.rpm
     68860abfbb9e7ebd1454feebf2b261dd ppc/9.1/RPMS/libapr0-2.0.47-1.7.91mdk.ppc.rpm
     3a63938eae592a0437fb76f64c7efd60 ppc/9.1/SRPMS/apache2-2.0.47-1.7.91mdk.src.rpm

     Mandrakelinux 9.2:
     789a99411d67d1ce4ea4476739fe8f05 9.2/RPMS/apache2-2.0.47-6.4.92mdk.i586.rpm
     4a69dbc249db52654ce08c458bb12590 9.2/RPMS/apache2-common-2.0.47-6.4.92mdk.i586.rpm
     e637e85cf0e7d26a3db224ca275873d4 9.2/RPMS/apache2-devel-2.0.47-6.4.92mdk.i586.rpm
     aeba5b682e253a78068a7ee65de2f66c 9.2/RPMS/apache2-manual-2.0.47-6.4.92mdk.i586.rpm
     81d435af697858141a8fabc90b33ae26 9.2/RPMS/apache2-mod_cache-2.0.47-6.4.92mdk.i586.rpm
     b893135ff384838c0a349ea2eac4d3de 9.2/RPMS/apache2-mod_dav-2.0.47-6.4.92mdk.i586.rpm
     9a20ef3b0904bf445b3ece28b7080164 9.2/RPMS/apache2-mod_deflate-2.0.47-6.4.92mdk.i586.rpm
     ddec306b01653022bc65631bf05e5fde 9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.4.92mdk.i586.rpm
     ffd1676b2b7b86846634979f4b168859 9.2/RPMS/apache2-mod_file_cache-2.0.47-6.4.92mdk.i586.rpm
     bac512f8f990400ad0dbef903b38448b 9.2/RPMS/apache2-mod_ldap-2.0.47-6.4.92mdk.i586.rpm
     7eda96296894a887d4d7618a24dc5aec 9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.4.92mdk.i586.rpm
     6a79afc9bd5f1850be2bd82d244d8ccb 9.2/RPMS/apache2-mod_proxy-2.0.47-6.4.92mdk.i586.rpm
     61972ba631c361f0e3f0863a26001d20 9.2/RPMS/apache2-mod_ssl-2.0.47-6.4.92mdk.i586.rpm
     d97100f8181716eeb5d2ab4d20bb8bc1 9.2/RPMS/apache2-modules-2.0.47-6.4.92mdk.i586.rpm
     08905fea2a078dbb36f953c17f334dce 9.2/RPMS/apache2-source-2.0.47-6.4.92mdk.i586.rpm
     93c6a24dd9f4af88157e193df63a47c6 9.2/RPMS/libapr0-2.0.47-6.4.92mdk.i586.rpm
     7d51dac774f2d887b4856990dc9fd5b1 9.2/SRPMS/apache2-2.0.47-6.4.92mdk.src.rpm

     Mandrakelinux 9.2/AMD64:
     7348baec2a9ee27adb7d3f0b9338a88d amd64/9.2/RPMS/apache2-2.0.47-6.4.92mdk.amd64.rpm
     9397b3136c547cd44108572b95a77070 amd64/9.2/RPMS/apache2-common-2.0.47-6.4.92mdk.amd64.rpm
     96fb3738db8400f305ec9dcb7d1ac6fa amd64/9.2/RPMS/apache2-devel-2.0.47-6.4.92mdk.amd64.rpm
     41e476759a14a345664c23ff41352032 amd64/9.2/RPMS/apache2-manual-2.0.47-6.4.92mdk.amd64.rpm
     6e7981bb03b337e006332b3954505353 amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.4.92mdk.amd64.rpm
     9ac5aa7d5d4789c405606ffb94c73c27 amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.4.92mdk.amd64.rpm
     69f831614c30c05396219c1f005e2a8f amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.4.92mdk.amd64.rpm
     732d8e9b68178cff1ff84d461782471c amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.4.92mdk.amd64.rpm
     de7d183e50e3f8d1f21b3096e3b673a6 amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.4.92mdk.amd64.rpm
     a6e91e4734ced8e5374efaa1f2ca3a4c amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.4.92mdk.amd64.rpm
     23efa2aebf4f31a22e039f30f30c13ae amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.4.92mdk.amd64.rpm
     ec40d800c099decec00a5aae69b3b703 amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.4.92mdk.amd64.rpm
     2fbf446a8c3d9bda09598415cb3c641d amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.4.92mdk.amd64.rpm
     c6ab1265bf1ea5c2d34ac42293f5e12c amd64/9.2/RPMS/apache2-modules-2.0.47-6.4.92mdk.amd64.rpm
     b1d8ff422f5fd0dd161208018717f0e0 amd64/9.2/RPMS/apache2-source-2.0.47-6.4.92mdk.amd64.rpm
     9995904303e6275524baf47b16adbe39 amd64/9.2/RPMS/lib64apr0-2.0.47-6.4.92mdk.amd64.rpm
     7d51dac774f2d887b4856990dc9fd5b1 amd64/9.2/SRPMS/apache2-2.0.47-6.4.92mdk.src.rpm
     _______________________________________________________________________

     To upgrade automatically use MandrakeUpdate or urpmi. The verification
     of md5 checksums and GPG signatures is performed automatically for you.

     A list of FTP mirrors can be obtained from:

      http://www.mandrakesecure.net/en/ftp.php

     All packages are signed by Mandrakesoft for security. You can obtain
     the GPG public key of the Mandrakelinux Security Team by executing:

      gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

     Please be aware that sometimes it takes the mirrors a few hours to
     update.

     You can view other update advisories for Mandrakelinux at:

      http://www.mandrakesecure.net/en/advisories/

     Mandrakesoft has several security-related mailing list services that
     anyone can subscribe to. Information on these lists can be obtained by
     visiting:

      http://www.mandrakesecure.net/en/mlist.php

     If you want to report vulnerabilities, please contact

      security_linux-mandrake.com

     Type Bits/KeyID Date User ID
     pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
      <security linux-mandrake.com>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQFAoDJ/mqjQ0CJFipgRAsQVAJsEYlxxTysU87oT7QR/xGZ92VS/4gCeMHqo
    g+D3ZxJoS222nPW/1iqLfkE=
    =/uFP
    -----END PGP SIGNATURE-----


  • Next message: Shaun Colley: "Linux Kernel sctp_setsockopt() Integer Overflow"

    Relevant Pages