BugTraq
[ MDVSA-2014:065 ] apache Mar 20 2014 12:10PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:065
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : apache
Date : March 20, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in apache
(ASF HTTPD):

XML parsing code in mod_dav incorrectly calculates the end of the
string when removing leading spaces and places a NUL character outside
the buffer, causing random crashes. This XML parsing code is only
used with DAV provider modules that support DeltaV, of which the only
publicly released provider is mod_dav_svn (CVE-2013-6438).

A flaw was found in mod_log_config. A remote attacker could send a
specific truncated cookie causing a crash. This crash would only be
a denial of service if using a threaded MPM (CVE-2014-0098).

The updated packages have been upgraded to the latest 2.2.27 version
which is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
https://httpd.apache.org/security/vulnerabilities_24.html
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
http://svn.apache.org/viewvc?view=revision&revision=1576716
http://svn.apache.org/viewvc?view=revision&revision=1576706
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
b5e67e1ec8eecc90ed3c776be71884b5 mes5/i586/apache-base-2.2.27-0.1mdvmes5.2.i586.rpm
e16c269288c33326c63dad69fbd5d742 mes5/i586/apache-conf-2.2.27-0.1mdvmes5.2.i586.rpm
11490118b15176832c62e64b72873609 mes5/i586/apache-devel-2.2.27-0.1mdvmes5.2.i586.rpm
8a34bbef25421b5e2383ac562078aed5 mes5/i586/apache-doc-2.2.27-0.1mdvmes5.2.i586.rpm
3891966385c973595a02762c7a7feaaf mes5/i586/apache-htcacheclean-2.2.27-0.1mdvmes5.2.i586.rpm
fc0a5bf2b0f1a76e872ea576f58d109c mes5/i586/apache-mod_authn_dbd-2.2.27-0.1mdvmes5.2.i586.rpm
45637e33dbf459ad74b73bb8e499cb76 mes5/i586/apache-mod_cache-2.2.27-0.1mdvmes5.2.i586.rpm
bdc00a86280c77f0e304daf07a36012b mes5/i586/apache-mod_dav-2.2.27-0.1mdvmes5.2.i586.rpm
2f0dd4c1914cb339975e2452a8431db5 mes5/i586/apache-mod_dbd-2.2.27-0.1mdvmes5.2.i586.rpm
993a009191f7c94ef0571308de37659d mes5/i586/apache-mod_deflate-2.2.27-0.1mdvmes5.2.i586.rpm
791d43838768761473fe188ff9da7f05 mes5/i586/apache-mod_disk_cache-2.2.27-0.1mdvmes5.2.i586.rpm
a236df927b98accfed0ac37630e887fd mes5/i586/apache-mod_file_cache-2.2.27-0.1mdvmes5.2.i586.rpm
6c1f38d784ed01fdf773d600f25bc822 mes5/i586/apache-mod_ldap-2.2.27-0.1mdvmes5.2.i586.rpm
db6236186f3ed655ff14f8190a6b9b11 mes5/i586/apache-mod_mem_cache-2.2.27-0.1mdvmes5.2.i586.rpm
f3c6a2e67c302d940ed7789e14730adb mes5/i586/apache-mod_proxy-2.2.27-0.1mdvmes5.2.i586.rpm
2ff0faab5b2e6bf9032ab602cc721f87 mes5/i586/apache-mod_proxy_ajp-2.2.27-0.1mdvmes5.2.i586.rpm
570084346136e6ca0a2eb71a37523996 mes5/i586/apache-mod_proxy_scgi-2.2.27-0.1mdvmes5.2.i586.rpm
04c90937763864425f46e4447280cf4a mes5/i586/apache-mod_reqtimeout-2.2.27-0.1mdvmes5.2.i586.rpm
01baf75de1196eed684d3dd296607322 mes5/i586/apache-mod_ssl-2.2.27-0.1mdvmes5.2.i586.rpm
d8df1a10ffbad3c3700f3e9028882dbb mes5/i586/apache-mod_suexec-2.2.27-0.1mdvmes5.2.i586.rpm
60478eb5d2d1fc7a53c42e2ad3536dee mes5/i586/apache-modules-2.2.27-0.1mdvmes5.2.i586.rpm
0985355dcf2786d5df081584a5365075 mes5/i586/apache-mod_userdir-2.2.27-0.1mdvmes5.2.i586.rpm
589ff991bbc2418a558952aab141802e mes5/i586/apache-mpm-event-2.2.27-0.1mdvmes5.2.i586.rpm
e7f2e1496d22505ae65e62284b2b970c mes5/i586/apache-mpm-itk-2.2.27-0.1mdvmes5.2.i586.rpm
620f4244f503eab2b96a6be9e8ab1666 mes5/i586/apache-mpm-peruser-2.2.27-0.1mdvmes5.2.i586.rpm
e114434dafc66f47f8e52ab75aa7143e mes5/i586/apache-mpm-prefork-2.2.27-0.1mdvmes5.2.i586.rpm
962a5a9c092f23eb11c16167a836cc3f mes5/i586/apache-mpm-worker-2.2.27-0.1mdvmes5.2.i586.rpm
9a5b83b069447c37e3a0a3120f6f1048 mes5/i586/apache-source-2.2.27-0.1mdvmes5.2.i586.rpm
2507314b81d2c933cf4879c6d0f19c18 mes5/SRPMS/apache-2.2.27-0.1mdvmes5.2.src.rpm
d5e8602ed0ea75413c7ad540c1bd4cb3 mes5/SRPMS/apache-conf-2.2.27-0.1mdvmes5.2.src.rpm
c8f195227825c721a4c618cf31cf5fcb mes5/SRPMS/apache-mod_suexec-2.2.27-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
d943ec6695e181bb18f2d8c4e3222ffd mes5/x86_64/apache-base-2.2.27-0.1mdvmes5.2.x86_64.rpm
b49b023b202a2bad32ecf8d48711f7bf mes5/x86_64/apache-conf-2.2.27-0.1mdvmes5.2.x86_64.rpm
feb28ca173194c44d0973c0c470f2193 mes5/x86_64/apache-devel-2.2.27-0.1mdvmes5.2.x86_64.rpm
391d8d6b95d2b4689bb4e426df332ce6 mes5/x86_64/apache-doc-2.2.27-0.1mdvmes5.2.x86_64.rpm
173911d5948fefa17765495b8092e76d mes5/x86_64/apache-htcacheclean-2.2.27-0.1mdvmes5.2.x86_64.rpm
1759fe1247cad34ea0e47d8ab2a0f16e mes5/x86_64/apache-mod_authn_dbd-2.2.27-0.1mdvmes5.2.x86_64.rpm
624d53cfd9eba36e27538170fad22448 mes5/x86_64/apache-mod_cache-2.2.27-0.1mdvmes5.2.x86_64.rpm
207b1e9c9ae0209dd474f476dd8058af mes5/x86_64/apache-mod_dav-2.2.27-0.1mdvmes5.2.x86_64.rpm
f64626bd170b85077cb155199a0a7b7d mes5/x86_64/apache-mod_dbd-2.2.27-0.1mdvmes5.2.x86_64.rpm
b03d31b694c3547afd34d770809a228d mes5/x86_64/apache-mod_deflate-2.2.27-0.1mdvmes5.2.x86_64.rpm
29d10687579ab5063b9b13c1ec9413f4 mes5/x86_64/apache-mod_disk_cache-2.2.27-0.1mdvmes5.2.x86_64.rpm
14b29246f53953558ea1cb0378c015e1 mes5/x86_64/apache-mod_file_cache-2.2.27-0.1mdvmes5.2.x86_64.rpm
41130c165e310f3b811d1a37e251b064 mes5/x86_64/apache-mod_ldap-2.2.27-0.1mdvmes5.2.x86_64.rpm
5599f490c632ba8b8bc3572d00cadf28 mes5/x86_64/apache-mod_mem_cache-2.2.27-0.1mdvmes5.2.x86_64.rpm
c30200d51d074f274dacbbf9b6a0e509 mes5/x86_64/apache-mod_proxy-2.2.27-0.1mdvmes5.2.x86_64.rpm
e8bd582626b42bf5f953ae8f574ecc05 mes5/x86_64/apache-mod_proxy_ajp-2.2.27-0.1mdvmes5.2.x86_64.rpm
15b83bafb6460e87cb2e2225c1f36f8e mes5/x86_64/apache-mod_proxy_scgi-2.2.27-0.1mdvmes5.2.x86_64.rpm
9882e8d318d67f0545289707945d5d5d mes5/x86_64/apache-mod_reqtimeout-2.2.27-0.1mdvmes5.2.x86_64.rpm
78da0fd6eb45543c7b6445504055e65b mes5/x86_64/apache-mod_ssl-2.2.27-0.1mdvmes5.2.x86_64.rpm
3b5cced3102d837ad69ea89776041aa0 mes5/x86_64/apache-mod_suexec-2.2.27-0.1mdvmes5.2.x86_64.rpm
562020cac2840f941538410e1b2e2d30 mes5/x86_64/apache-modules-2.2.27-0.1mdvmes5.2.x86_64.rpm
08261dd04dcc1b36ba6a5790e71ea9df mes5/x86_64/apache-mod_userdir-2.2.27-0.1mdvmes5.2.x86_64.rpm
e9a3b15af20da1f18bb33664595eeae2 mes5/x86_64/apache-mpm-event-2.2.27-0.1mdvmes5.2.x86_64.rpm
4126660d6e4bbf93ccae6d825c71d402 mes5/x86_64/apache-mpm-itk-2.2.27-0.1mdvmes5.2.x86_64.rpm
89a50add3e4ef8a0e8d618225dad48bf mes5/x86_64/apache-mpm-peruser-2.2.27-0.1mdvmes5.2.x86_64.rpm
3139a9eaf050b5d36904e8d9594037fe mes5/x86_64/apache-mpm-prefork-2.2.27-0.1mdvmes5.2.x86_64.rpm
5ee83c2ddd05bc4bf4b181572901e4d1 mes5/x86_64/apache-mpm-worker-2.2.27-0.1mdvmes5.2.x86_64.rpm
148c679fdebbcfc2db352e54e2601986 mes5/x86_64/apache-source-2.2.27-0.1mdvmes5.2.x86_64.rpm
2507314b81d2c933cf4879c6d0f19c18 mes5/SRPMS/apache-2.2.27-0.1mdvmes5.2.src.rpm
d5e8602ed0ea75413c7ad540c1bd4cb3 mes5/SRPMS/apache-conf-2.2.27-0.1mdvmes5.2.src.rpm
c8f195227825c721a4c618cf31cf5fcb mes5/SRPMS/apache-mod_suexec-2.2.27-0.1mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
728c1edd6393661989108a7366c17153 mbs1/x86_64/apache-2.2.27-1.mbs1.x86_64.rpm
88c168a73dd792a713b8a1fddbb7064a mbs1/x86_64/apache-devel-2.2.27-1.mbs1.x86_64.rpm
80c94adda8494d789468fb91f94667ca mbs1/x86_64/apache-doc-2.2.27-1.mbs1.noarch.rpm
24e02863dab7c758e53057ab83473654 mbs1/x86_64/apache-htcacheclean-2.2.27-1.mbs1.x86_64.rpm
e7bcff8aadefad739f730aacf2bfe40f mbs1/x86_64/apache-mod_authn_dbd-2.2.27-1.mbs1.x86_64.rpm
ed043b70acda2c73dac9e1a3d1e557ea mbs1/x86_64/apache-mod_cache-2.2.27-1.mbs1.x86_64.rpm
c1c03eab1681f186752f0944b2b5d70a mbs1/x86_64/apache-mod_dav-2.2.27-1.mbs1.x86_64.rpm
f5be2ccab0a0d6ff085117643e189df8 mbs1/x86_64/apache-mod_dbd-2.2.27-1.mbs1.x86_64.rpm
177ef274249c7d0f393cc22b62f4d9a2 mbs1/x86_64/apache-mod_deflate-2.2.27-1.mbs1.x86_64.rpm
0a30594a7e7aeb0871c5cfa94d942d5a mbs1/x86_64/apache-mod_disk_cache-2.2.27-1.mbs1.x86_64.rpm
67702789c9838c767c023a1bb2571fac mbs1/x86_64/apache-mod_file_cache-2.2.27-1.mbs1.x86_64.rpm
f72e3480d50dfbcdd776ff07ec5d31f0 mbs1/x86_64/apache-mod_ldap-2.2.27-1.mbs1.x86_64.rpm
df6b4e550100e4f8532e7d4a4c7c18e3 mbs1/x86_64/apache-mod_mem_cache-2.2.27-1.mbs1.x86_64.rpm
c69d91ebc72f15221aa56fee982b35cc mbs1/x86_64/apache-mod_proxy-2.2.27-1.mbs1.x86_64.rpm
6dce9fabb3d6c6e482fbdc640f852506 mbs1/x86_64/apache-mod_proxy_ajp-2.2.27-1.mbs1.x86_64.rpm
b30af36aeee0d8f2d4f5fd1cc801c8eb mbs1/x86_64/apache-mod_proxy_scgi-2.2.27-1.mbs1.x86_64.rpm
11abe25adefdaaf6955e5636fa6be368 mbs1/x86_64/apache-mod_reqtimeout-2.2.27-1.mbs1.x86_64.rpm
7afd66d37f530771bb50559224513558 mbs1/x86_64/apache-mod_ssl-2.2.27-1.mbs1.x86_64.rpm
521f46b704f64869e2ae142489ba8f4e mbs1/x86_64/apache-mod_suexec-2.2.27-1.mbs1.x86_64.rpm
73e41eaade715b59c51739e937d49d97 mbs1/x86_64/apache-mod_userdir-2.2.27-1.mbs1.x86_64.rpm
183176fe544deffab73e187a6b6837df mbs1/x86_64/apache-mpm-event-2.2.27-1.mbs1.x86_64.rpm
153d52dbca8cef01eb71210c7877f7ce mbs1/x86_64/apache-mpm-itk-2.2.27-1.mbs1.x86_64.rpm
ffe2a2ad92be8303db5f33a551af70d8 mbs1/x86_64/apache-mpm-peruser-2.2.27-1.mbs1.x86_64.rpm
78cba8364678e0ec37727955557be71a mbs1/x86_64/apache-mpm-prefork-2.2.27-1.mbs1.x86_64.rpm
4fb059e3c63e99c36c05a2cf98485247 mbs1/x86_64/apache-mpm-worker-2.2.27-1.mbs1.x86_64.rpm
8822901f7d57c4f280b029dd6e9157d3 mbs1/x86_64/apache-source-2.2.27-1.mbs1.noarch.rpm
0e308e214a758f2e703059db6b11103c mbs1/SRPMS/apache-2.2.27-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTKq52mqjQ0CJFipgRAnE4AJ9VvdPz8fTEBhXeuOOpB4ICr/mSXgCgjjqo
tbRNgzbwe6j2OyL9Q3x9jM8=
=T90d
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus