-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:168 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache Date : November 9, 2011 Affected: 2010.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in apache: The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request (CVE-2011-3348). The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348 https://issues.apache.org/bugzilla/show_bug.cgi?id=51878 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: efa3019014628e3c480750c1f2004a7c 2010.1/i586/apache-base-2.2.15-3.5mdv2010.2.i586.rpm 3087616095041b2a0ec35a4f07b0db39 2010.1/i586/apache-devel-2.2.15-3.5mdv2010.2.i586.rpm f64f79810c740c6ea48a62b6efaa2e57 2010.1/i586/apache-htcacheclean-2.2.15-3.5mdv2010.2.i586.rpm 54193e742de9f3c09033686110dbcf12 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.5mdv2010.2.i586.rpm 5190c0b547fdabd83f11f2c0b3c4c59c 2010.1/i586/apache-mod_cache-2.2.15-3.5mdv2010.2.i586.rpm 797c23a6d7bd773b56f12ef80e598bd3 2010.1/i586/apache-mod_dav-2.2.15-3.5mdv2010.2.i586.rpm 2489ede1721764643b2942292de4e43a 2010.1/i586/apache-mod_dbd-2.2.15-3.5mdv2010.2.i586.rpm 32132cdd5a453e1d35b34ad86756469b 2010.1/i586/apache-mod_deflate-2.2.15-3.5mdv2010.2.i586.rpm bb94bf4569a6979b23bbf29e51172deb 2010.1/i586/apache-mod_disk_cache-2.2.15-3.5mdv2010.2.i586.rpm c0465fd2bf450d8229c92ebd7b96e796 2010.1/i586/apache-mod_file_cache-2.2.15-3.5mdv2010.2.i586.rpm 8fe0536c0567db805b18eee9b6fbae4c 2010.1/i586/apache-mod_ldap-2.2.15-3.5mdv2010.2.i586.rpm f9f7679d70d4c06573737e401c9efa56 2010.1/i586/apache-mod_mem_cache-2.2.15-3.5mdv2010.2.i586.rpm bb61c23cadc265c1182e4d08beaf6834 2010.1/i586/apache-mod_proxy-2.2.15-3.5mdv2010.2.i586.rpm 724885ee3820d7b0ae7c20a188fb8c54 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.5mdv2010.2.i586.rpm 2582960ff8ed44b516dba77a8ca3f79e 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.5mdv2010.2.i586.rpm 54829077b157f55baa47bcb05769c039 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.5mdv2010.2.i586.rpm 2e977bb1f6a182a2c70912167265ce50 2010.1/i586/apache-mod_ssl-2.2.15-3.5mdv2010.2.i586.rpm a5bf2b114ee2d72336adce28811c3037 2010.1/i586/apache-modules-2.2.15-3.5mdv2010.2.i586.rpm 83b2206a476ef960dd2267e42b2121af 2010.1/i586/apache-mod_userdir-2.2.15-3.5mdv2010.2.i586.rpm e5c81b0d5dee76dfe644188c719208fd 2010.1/i586/apache-mpm-event-2.2.15-3.5mdv2010.2.i586.rpm 1f565927f0329db6a6dcbfc146862d7d 2010.1/i586/apache-mpm-itk-2.2.15-3.5mdv2010.2.i586.rpm 9fe74c5aa75109bd04e60278d3ce4f27 2010.1/i586/apache-mpm-peruser-2.2.15-3.5mdv2010.2.i586.rpm 3a253e811772ae2eeed3ed028bb05dec 2010.1/i586/apache-mpm-prefork-2.2.15-3.5mdv2010.2.i586.rpm ada4b77b392aa8a5b6c283d1d3394f19 2010.1/i586/apache-mpm-worker-2.2.15-3.5mdv2010.2.i586.rpm f777f009148573676e3bda6fa9d3472a 2010.1/i586/apache-source-2.2.15-3.5mdv2010.2.i586.rpm 30b49a94b9485639515c5323a58a87b2 2010.1/SRPMS/apache-2.2.15-3.5mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 904ac3e39e1544ac03201c638f272461 2010.1/x86_64/apache-base-2.2.15-3.5mdv2010.2.x86_64.rpm 48164409c194bc836764f105d332b9b2 2010.1/x86_64/apache-devel-2.2.15-3.5mdv2010.2.x86_64.rpm 7f9ba9d3b24e352fd9c6dbb770d1c0e2 2010.1/x86_64/apache-htcacheclean-2.2.15-3.5mdv2010.2.x86_64.rpm bfc5629f34ceec77cc9f63cbacedec8b 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.5mdv2010.2.x86_64.rpm e4f47be08c6bf1e1e12f8f8263014238 2010.1/x86_64/apache-mod_cache-2.2.15-3.5mdv2010.2.x86_64.rpm 01f8ba996efc43df6e94cf3ba7b960ee 2010.1/x86_64/apache-mod_dav-2.2.15-3.5mdv2010.2.x86_64.rpm 07b4081d62a107a075f1b2e13a505496 2010.1/x86_64/apache-mod_dbd-2.2.15-3.5mdv2010.2.x86_64.rpm 42dc96e272815486f57db1fc5b5006c3 2010.1/x86_64/apache-mod_deflate-2.2.15-3.5mdv2010.2.x86_64.rpm 5ab4bcddcd345aee9938a53f8c66f652 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.5mdv2010.2.x86_64.rpm 8bc139a4c4ce0381292885d35e0dc9a8 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.5mdv2010.2.x86_64.rpm d7add6101b8b2393c9e16bbe4570e474 2010.1/x86_64/apache-mod_ldap-2.2.15-3.5mdv2010.2.x86_64.rpm 4276d115ba3061e90c55b3614fc094e9 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.5mdv2010.2.x86_64.rpm f12d0cfb139cfe7b46b2a6d6d0dbea74 2010.1/x86_64/apache-mod_proxy-2.2.15-3.5mdv2010.2.x86_64.rpm 527aa8011d33407b6e7419f51b1ba1f4 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.5mdv2010.2.x86_64.rpm 4b4fbeb9ae7243582d7a6d0f702c2f22 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.5mdv2010.2.x86_64.rpm fc812b63a2078aa8ee8cd6bbee447589 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.5mdv2010.2.x86_64.rpm 5b13aaae983d8d37ade193afe05f97d0 2010.1/x86_64/apache-mod_ssl-2.2.15-3.5mdv2010.2.x86_64.rpm c00c4fd9fd7bb6179f96e65567c6197d 2010.1/x86_64/apache-modules-2.2.15-3.5mdv2010.2.x86_64.rpm 0280efe603339cea73a9989d1e216d2e 2010.1/x86_64/apache-mod_userdir-2.2.15-3.5mdv2010.2.x86_64.rpm 53d1ba40692126ce9d98110e754bdece 2010.1/x86_64/apache-mpm-event-2.2.15-3.5mdv2010.2.x86_64.rpm 74caa9e8aee48eb0506d91acd2c8075e 2010.1/x86_64/apache-mpm-itk-2.2.15-3.5mdv2010.2.x86_64.rpm 73e3ada13fe3df988d00ae0a7c31a8e4 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.5mdv2010.2.x86_64.rpm 81ab4347551eb3c860b01985e614e309 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.5mdv2010.2.x86_64.rpm 16164f1d9cbaf6e4d80874ef53a8b6fa 2010.1/x86_64/apache-mpm-worker-2.2.15-3.5mdv2010.2.x86_64.rpm 990b96231afbdc851ff03ccbb0e1203d 2010.1/x86_64/apache-source-2.2.15-3.5mdv2010.2.x86_64.rpm 30b49a94b9485639515c5323a58a87b2 2010.1/SRPMS/apache-2.2.15-3.5mdv2010.2.src.rpm Mandriva Enterprise Server 5: 000a1b64448acad341d2bead5a7b2b40 mes5/i586/apache-base-2.2.9-12.14mdvmes5.2.i586.rpm 4c904a9851b0a6b54c936952e21d4f9a mes5/i586/apache-devel-2.2.9-12.14mdvmes5.2.i586.rpm f8772da8100473cdb73c580764a052ff mes5/i586/apache-htcacheclean-2.2.9-12.14mdvmes5.2.i586.rpm df5ff9f23abbf7bfdfe3290dd229fa3c mes5/i586/apache-mod_authn_dbd-2.2.9-12.14mdvmes5.2.i586.rpm 495e3856b6a6c6deed0879a74ff96e91 mes5/i586/apache-mod_cache-2.2.9-12.14mdvmes5.2.i586.rpm 19bf954e5808bb55904eb15e0da83eaa mes5/i586/apache-mod_dav-2.2.9-12.14mdvmes5.2.i586.rpm 69b7ed150f649056ca9ed5c8dbb69ab9 mes5/i586/apache-mod_dbd-2.2.9-12.14mdvmes5.2.i586.rpm e0ef096233b8ab089944bd97a636d984 mes5/i586/apache-mod_deflate-2.2.9-12.14mdvmes5.2.i586.rpm ba8efbb0753f0c4b9e0542714c0dc38d mes5/i586/apache-mod_disk_cache-2.2.9-12.14mdvmes5.2.i586.rpm 778ee556b1cccf580aafe55104718ced mes5/i586/apache-mod_file_cache-2.2.9-12.14mdvmes5.2.i586.rpm 7e779a0c3ab9bf94a0f07a37b5a1ad76 mes5/i586/apache-mod_ldap-2.2.9-12.14mdvmes5.2.i586.rpm f1a30b1609adfd75a1d1aa81145cc2b1 mes5/i586/apache-mod_mem_cache-2.2.9-12.14mdvmes5.2.i586.rpm fe9fcfd8ca9b7129de9535aee2917f3f mes5/i586/apache-mod_proxy-2.2.9-12.14mdvmes5.2.i586.rpm 95943de5218e180dcdc4088e5757f6db mes5/i586/apache-mod_proxy_ajp-2.2.9-12.14mdvmes5.2.i586.rpm 318c98c15a80c6f54b5eafcb0f35c3dd mes5/i586/apache-mod_ssl-2.2.9-12.14mdvmes5.2.i586.rpm a4d215acc80c76d8fa7296a1a9e71e66 mes5/i586/apache-modules-2.2.9-12.14mdvmes5.2.i586.rpm 6dd522fae06c5b507125966862f3baeb mes5/i586/apache-mod_userdir-2.2.9-12.14mdvmes5.2.i586.rpm f142012531d29a89eb26bdf94fed9e77 mes5/i586/apache-mpm-event-2.2.9-12.14mdvmes5.2.i586.rpm 12f441381a02a93615f570de2984296d mes5/i586/apache-mpm-itk-2.2.9-12.14mdvmes5.2.i586.rpm e6fe55d8db2ea5fb88ea1b39f76b0bdb mes5/i586/apache-mpm-peruser-2.2.9-12.14mdvmes5.2.i586.rpm 74ba90b3e16d7dc1bf44f28e83666086 mes5/i586/apache-mpm-prefork-2.2.9-12.14mdvmes5.2.i586.rpm 89059e7700f61272a5a1bed0a5aa9854 mes5/i586/apache-mpm-worker-2.2.9-12.14mdvmes5.2.i586.rpm dceffe55d15d99932e04cf2b1f8f12c3 mes5/i586/apache-source-2.2.9-12.14mdvmes5.2.i586.rpm 1803c43f9aaa75ba96abb9b82b3f9cfd mes5/SRPMS/apache-2.2.9-12.14mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 050aa909a942ddf054f913066552fbcc mes5/x86_64/apache-base-2.2.9-12.14mdvmes5.2.x86_64.rpm 2d9fa3f4003f8577fc372493a216ff4a mes5/x86_64/apache-devel-2.2.9-12.14mdvmes5.2.x86_64.rpm 68305995effc2bd9a1cc6c234da9ce88 mes5/x86_64/apache-htcacheclean-2.2.9-12.14mdvmes5.2.x86_64.rpm 895e327ff7b75ba1489904c7f50c9219 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.14mdvmes5.2.x86_64.rpm 92f1a4e37e02079b707844c119f396cf mes5/x86_64/apache-mod_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm 61c1d304dd3fc85717d1fdc74c62402a mes5/x86_64/apache-mod_dav-2.2.9-12.14mdvmes5.2.x86_64.rpm b4f161ec2d9745ea40e6be83ec670ad4 mes5/x86_64/apache-mod_dbd-2.2.9-12.14mdvmes5.2.x86_64.rpm b3dd2d1cd1d3a4236c022254e7f5dae5 mes5/x86_64/apache-mod_deflate-2.2.9-12.14mdvmes5.2.x86_64.rpm 6992b43e842ff1a77132c1667204a1f1 mes5/x86_64/apache-mod_disk_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm 68885f5adf906884bfede7be9b98c0de mes5/x86_64/apache-mod_file_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm 38152f4ed136292e725f0cac2a836a23 mes5/x86_64/apache-mod_ldap-2.2.9-12.14mdvmes5.2.x86_64.rpm d4e4ab43908f41d33106e069e85e19f0 mes5/x86_64/apache-mod_mem_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm 4c54f275dd6dc1f4ef56c0fa26f1f262 mes5/x86_64/apache-mod_proxy-2.2.9-12.14mdvmes5.2.x86_64.rpm ab35ab1aedb6b0fe30143af8ebb1c51b mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.14mdvmes5.2.x86_64.rpm 86d6ca8156a2ec224dd2c8f064bfa685 mes5/x86_64/apache-mod_ssl-2.2.9-12.14mdvmes5.2.x86_64.rpm f0771cbbcad7bbbbb230ba17b49a00ec mes5/x86_64/apache-modules-2.2.9-12.14mdvmes5.2.x86_64.rpm 9d6ed0960614673c4085a2d9a90876b9 mes5/x86_64/apache-mod_userdir-2.2.9-12.14mdvmes5.2.x86_64.rpm 2dfc496e8aea977d133823ccbb72f754 mes5/x86_64/apache-mpm-event-2.2.9-12.14mdvmes5.2.x86_64.rpm f1a306cc23d666161058585337e598e6 mes5/x86_64/apache-mpm-itk-2.2.9-12.14mdvmes5.2.x86_64.rpm ede25d1a607e03b8e65b3ecb46fd7b2b mes5/x86_64/apache-mpm-peruser-2.2.9-12.14mdvmes5.2.x86_64.rpm 67c5a299b3ed4c15341a54cbbc06a2bc mes5/x86_64/apache-mpm-prefork-2.2.9-12.14mdvmes5.2.x86_64.rpm abd16d61836ee16d267d3cf29c68bdbf mes5/x86_64/apache-mpm-worker-2.2.9-12.14mdvmes5.2.x86_64.rpm 07dcbb776ca1b4261aa945b9daed5c3c mes5/x86_64/apache-source-2.2.9-12.14mdvmes5.2.x86_64.rpm 1803c43f9aaa75ba96abb9b82b3f9cfd mes5/SRPMS/apache-2.2.9-12.14mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFOuoyXmqjQ0CJFipgRAnR9AKCyVUZGycLkHzYaojJWEYZEDJHEFgCfU3oa SBbMFvjmZIC1PWkEhcd2oiU= =HxW0 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/