|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ Mandrake Linux Security Update Advisory ________________________________________________________________________ Package name: apache Advisory ID: MDKSA-2002:039-1 Date: June 21st, 2002 Original Advisory Date: June 20th, 2002 Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1, Single Network Firewall 7.2 ________________________________________________________________________ Problem Description: A Denial of Service attack was discovered by Mark Litchfield in the Apache webserver. As well, while investigating this problem, the Apache Software Foundation discovered that the code for handling invalid requests that use chunked encoding may also allow arbitrary code to be executed on 64bit architectures. All versions of Apache prior to 1.3.26 and 2.0.37 are vulnerable to this problem. This update provides patched versions of Apache for the remaining supported Mandrake Linux versions. ________________________________________________________________________ References: http://httpd.apache.org/info/security_bulletin_20020617.txt ________________________________________________________________________ Updated Packages: Linux-Mandrake 7.1: e88a36b186ed910b350ded94ecf017eb 7.1/RPMS/apache-1.3.22-10.1mdk.i586.rpm 084e29eb5ea8f07924bd3c3aaa62e166 7.1/RPMS/apache-common-1.3.22-10.1mdk.i586.rpm 99ee271be857848a76ee4e5ddba164db 7.1/RPMS/apache-devel-1.3.22-10.1mdk.i586.rpm 7419f968d50062a46fdb5c932a4e6a66 7.1/RPMS/apache-manual-1.3.22-10.1mdk.i586.rpm a814f93494464cb1dc17ba363d128ade 7.1/RPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.i586.rpm 8ad5af9470bf2efc5a9500c0ca0dc1f0 7.1/RPMS/apache-modules-1.3.22-10.1mdk.i586.rpm fb6de8872a5f8e378df18f7867167202 7.1/RPMS/apache-source-1.3.22-10.1mdk.i586.rpm 6657b308799219bb0adcfd7339c3bacc 7.1/RPMS/mod_perl-common-1.3.22_1.26-2.1mdk.i586.rpm f1ec2ba965c0217b346b9c43e2d9ec3f 7.1/RPMS/mod_perl-devel-1.3.22_1.26-2.1mdk.i586.rpm f743e6702701f49ec7c7226663e94256 7.1/RPMS/HTML-Embperl-1.3.22_1.3.4-2.1mdk.i586.rpm 1ec9d40da21ba65855962c4b05b51f2f 7.1/SRPMS/apache-1.3.22-10.1mdk.src.rpm 4a21f924efa9b33df29b63838a0bd283 7.1/SRPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.src.rpm Linux-Mandrake 7.2: cbcd89d798177d172cc380a870f93601 7.2/RPMS/apache-1.3.22-10.1mdk.i586.rpm 812a6720c2f5f87ba2e658898b4db982 7.2/RPMS/apache-common-1.3.22-10.1mdk.i586.rpm 47824b2d81b9fd3f2e89fa2a859fc7b0 7.2/RPMS/apache-devel-1.3.22-10.1mdk.i586.rpm 8646380d8ee739b07dedbe49037239e3 7.2/RPMS/apache-manual-1.3.22-10.1mdk.i586.rpm c2cfc97d6808f7641453927fa6ab2138 7.2/RPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.i586.rpm f95cc26eda9c416cf5e2b871516329f9 7.2/RPMS/apache-modules-1.3.22-10.1mdk.i586.rpm 1722fd161613caaadaecf7c210c28964 7.2/RPMS/apache-source-1.3.22-10.1mdk.i586.rpm 885e426cee102583480d33af73d95410 7.2/RPMS/mod_perl-common-1.3.22_1.26-2.1mdk.i586.rpm 4ffdbd4779e52664f4cd10c9dc378333 7.2/RPMS/mod_perl-devel-1.3.22_1.26-2.1mdk.i586.rpm 0472c912f4eca60a286928914f7f1977 7.2/RPMS/HTML-Embperl-1.3.22_1.3.4-2.1mdk.i586.rpm 1ec9d40da21ba65855962c4b05b51f2f 7.2/SRPMS/apache-1.3.22-10.1mdk.src.rpm 4a21f924efa9b33df29b63838a0bd283 7.2/SRPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.src.rpm Mandrake Linux 8.0: a841d196743ff8be5140155bf26b6c06 8.0/RPMS/apache-1.3.22-10.1mdk.i586.rpm 913417de276e1b3b7ca4987c844f690a 8.0/RPMS/apache-common-1.3.22-10.1mdk.i586.rpm 25fb2306bc4927196ba052dfc704b103 8.0/RPMS/apache-devel-1.3.22-10.1mdk.i586.rpm 18723219d012d68cf674e06787f667dd 8.0/RPMS/apache-manual-1.3.22-10.1mdk.i586.rpm ad618ff45792c4f6d1e48220e802313d 8.0/RPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.i586.rpm 8bc6da7fcf97d54512a567dc6cb8ccb1 8.0/RPMS/apache-modules-1.3.22-10.1mdk.i586.rpm ae02827f90a4982f53554290deb66e67 8.0/RPMS/apache-source-1.3.22-10.1mdk.i586.rpm 6923fa950409e09bf5f4fc956060c098 8.0/RPMS/mod_perl-common-1.3.22_1.26-2.1mdk.i586.rpm 0f9a055653afe3fc42c9241a9016d6e0 8.0/RPMS/mod_perl-devel-1.3.22_1.26-2.1mdk.i586.rpm bace2f60df56c7382e39422d32c30b0e 8.0/RPMS/HTML-Embperl-1.3.22_1.3.4-2.1mdk.i586.rpm 1ec9d40da21ba65855962c4b05b51f2f 8.0/SRPMS/apache-1.3.22-10.1mdk.src.rpm 4a21f924efa9b33df29b63838a0bd283 8.0/SRPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.src.rpm Mandrake Linux 8.0/ppc: 26133a7c9c93f567cb84810f656e952f ppc/8.0/RPMS/apache-1.3.22-10.1mdk.ppc.rpm 716c398ecc4afe5529f9a00c6fd177ef ppc/8.0/RPMS/apache-common-1.3.22-10.1mdk.ppc.rpm 7c47e06cc5f746027f3097a9878a3303 ppc/8.0/RPMS/apache-devel-1.3.22-10.1mdk.ppc.rpm 7b18a419746effb8ffb71a82277d0332 ppc/8.0/RPMS/apache-manual-1.3.22-10.1mdk.ppc.rpm aadc1eaa4f1d351f278e918cc984f550 ppc/8.0/RPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.ppc.rpm 101422ece6691cf6c34ac775eabdbc7b ppc/8.0/RPMS/apache-modules-1.3.22-10.1mdk.ppc.rpm 1592a59441a459b672aeebc0ed76eb02 ppc/8.0/RPMS/apache-source-1.3.22-10.1mdk.ppc.rpm 498c22b912ed1fddc35115fae2af672c ppc/8.0/RPMS/mod_perl-common-1.3.22_1.26-2.1mdk.ppc.rpm 41f5918cc085da962429eae01c7264cd ppc/8.0/RPMS/mod_perl-devel-1.3.22_1.26-2.1mdk.ppc.rpm ef20447e4a837606656b993edfe38c7a ppc/8.0/RPMS/HTML-Embperl-1.3.22_1.3.4-2.1mdk.ppc.rpm 1ec9d40da21ba65855962c4b05b51f2f ppc/8.0/SRPMS/apache-1.3.22-10.1mdk.src.rpm 4a21f924efa9b33df29b63838a0bd283 ppc/8.0/SRPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.src.rpm Mandrake Linux 8.1: f01f2c68d9124e6e650fc06ff6db4a46 8.1/RPMS/apache-1.3.22-10.1mdk.i586.rpm 27783fc8be6747fb48abc10a3b0c77e2 8.1/RPMS/apache-common-1.3.22-10.1mdk.i586.rpm 1b6574c559c0f3161a8a73caddda146a 8.1/RPMS/apache-devel-1.3.22-10.1mdk.i586.rpm f91416ba4dc54370f047b7bd45dace62 8.1/RPMS/apache-manual-1.3.22-10.1mdk.i586.rpm 40414ad27f48f9da4f0bf097acecdc4b 8.1/RPMS/apache-mod_perl-1.3.22_1.26-4.1mdk.i586.rpm 8209dc54e8880b56a5242d195942a3be 8.1/RPMS/apache-modules-1.3.22-10.1mdk.i586.rpm 417afb2d22aa7eae89ec469ea65d131c 8.1/RPMS/apache-source-1.3.22-10.1mdk.i586.rpm 5e745c184801f2a285740c8d7cf08b72 8.1/RPMS/mod_perl-common-1.3.22_1.26-4.1mdk.i586.rpm 79ffee5c0944f733977502b1c73add5a 8.1/RPMS/mod_perl-devel-1.3.22_1.26-4.1mdk.i586.rpm 861765252ed3a55d8070d5587f1c5a50 8.1/RPMS/HTML-Embperl-1.3.22_1.3.4-4.1mdk.i586.rpm 1ec9d40da21ba65855962c4b05b51f2f 8.1/SRPMS/apache-1.3.22-10.1mdk.src.rpm 5e559e9d0b701fc80aa78c65dbc57a04 8.1/SRPMS/apache-mod_perl-1.3.22_1.26-4.1mdk.src.rpm Mandrake Linux 8.1/ia64: c33afa1e5f7ea056cbd0ad933aef1a56 ia64/8.1/RPMS/apache-1.3.22-10.1mdk.ia64.rpm 184c43ed1e75453b3a62652156f7a132 ia64/8.1/RPMS/apache-common-1.3.22-10.1mdk.ia64.rpm 6cc2cfb6407648d2a9880da1d5993a78 ia64/8.1/RPMS/apache-devel-1.3.22-10.1mdk.ia64.rpm 562c6ab26a9d0f5324ab8abb8e4fc9f8 ia64/8.1/RPMS/apache-manual-1.3.22-10.1mdk.ia64.rpm 950d02262a7111b53b1832367344089d ia64/8.1/RPMS/apache-mod_perl-1.3.22_1.26-4.1mdk.ia64.rpm 401219d5dc0efeec2aaf19965a67a94b ia64/8.1/RPMS/apache-modules-1.3.22-10.1mdk.ia64.rpm f7e7328bfe89c2050e70af3f676e1e28 ia64/8.1/RPMS/apache-source-1.3.22-10.1mdk.ia64.rpm ae2566087bee798b3d5532b1c1ff2d5d ia64/8.1/RPMS/mod_perl-common-1.3.22_1.26-4.1mdk.ia64.rpm 53aaeb8cbafce545f0fb4f2ae24145ce ia64/8.1/RPMS/mod_perl-devel-1.3.22_1.26-4.1mdk.ia64.rpm d8e950aec1b517d7e43dbeb13a92ca65 ia64/8.1/RPMS/HTML-Embperl-1.3.22_1.3.4-4.1mdk.ia64.rpm 1ec9d40da21ba65855962c4b05b51f2f ia64/8.1/SRPMS/apache-1.3.22-10.1mdk.src.rpm 5e559e9d0b701fc80aa78c65dbc57a04 ia64/8.1/SRPMS/apache-mod_perl-1.3.22_1.26-4.1mdk.src.rpm Mandrake Linux 8.2: d4b8e74109a6a9a06b77f4ca00703cb4 8.2/RPMS/apache-1.3.23-4.1mdk.i586.rpm 5d31265dfbaeadfbe1166c4724f9c25b 8.2/RPMS/apache-common-1.3.23-4.1mdk.i586.rpm 17bd94c4c80f8b9ce126f0b21bf961f0 8.2/RPMS/apache-devel-1.3.23-4.1mdk.i586.rpm 490f38b5a2151b2cc77c203ae34aa730 8.2/RPMS/apache-manual-1.3.23-4.1mdk.i586.rpm 4f3e54f01aca15c5df969a7064a4f9bd 8.2/RPMS/apache-mod_perl-1.3.23_1.26-5.1mdk.i586.rpm 7d95deff869faee09fe98c724e80f9ef 8.2/RPMS/apache-modules-1.3.23-4.1mdk.i586.rpm f7d87a1c308557aa6239e7fcd9e81a79 8.2/RPMS/apache-source-1.3.23-4.1mdk.i586.rpm f996109f1ac074cdd90e4edd13c252de 8.2/RPMS/mod_perl-common-1.3.23_1.26-5.1mdk.i586.rpm 07c6d444c12e46d4a1a316cd4515261f 8.2/RPMS/mod_perl-devel-1.3.23_1.26-5.1mdk.i586.rpm a978089b6b0166f11fb7470106d4b411 8.2/RPMS/HTML-Embperl-1.3.23_1.3.4-5.1mdk.i586.rpm d95c5a21cc4afa31842be448f3cb6706 8.2/SRPMS/apache-1.3.23-4.1mdk.src.rpm d8cd1dcc8132f3fea8e5859b049cb4e0 8.2/SRPMS/apache-mod_perl-1.3.23_1.26-5.1mdk.src.rpm Mandrake Linux 8.2/ppc: 5e704d302c63f04fafa1d638b05b727f ppc/8.2/RPMS/apache-1.3.23-4.1mdk.ppc.rpm 40b0cf509f1c61bdb7839b327bf24b11 ppc/8.2/RPMS/apache-common-1.3.23-4.1mdk.ppc.rpm 84baeef6cd679067e8ed749b695c91d0 ppc/8.2/RPMS/apache-devel-1.3.23-4.1mdk.ppc.rpm d37d2b4f7025782f611d5e20df6b5189 ppc/8.2/RPMS/apache-manual-1.3.23-4.1mdk.ppc.rpm 3d5e185655df9bdc6606a21363862bdd ppc/8.2/RPMS/apache-mod_perl-1.3.23_1.26-5.1mdk.ppc.rpm c638e0fff62d6f6778d9a0fdd6d37d12 ppc/8.2/RPMS/apache-modules-1.3.23-4.1mdk.ppc.rpm 7a8212db2441bc3902e62633f081bb38 ppc/8.2/RPMS/apache-source-1.3.23-4.1mdk.ppc.rpm afe9bac22898aec350365823574be78e ppc/8.2/RPMS/mod_perl-common-1.3.23_1.26-5.1mdk.ppc.rpm 5c87d6fdd4c22b8a210a82310c6f8466 ppc/8.2/RPMS/mod_perl-devel-1.3.23_1.26-5.1mdk.ppc.rpm 31e1f7b4a7b4718527ebc3a4cb88f0ba ppc/8.2/RPMS/perl-Apache-Session-1.54-2mdk.noarch.rpm 0ae8d78611012756b767181ff1236553 ppc/8.2/RPMS/HTML-Embperl-1.3.23_1.3.4-5.1mdk.ppc.rpm d95c5a21cc4afa31842be448f3cb6706 ppc/8.2/SRPMS/apache-1.3.23-4.1mdk.src.rpm d8cd1dcc8132f3fea8e5859b049cb4e0 ppc/8.2/SRPMS/apache-mod_perl-1.3.23_1.26-5.1mdk.src.rpm d97cf098556de43b291ada4376a18fc3 ppc/8.2/SRPMS/perl-Apache-Session-1.54-2mdk.src.rpm Corporate Server 1.0.1: e88a36b186ed910b350ded94ecf017eb 1.0.1/RPMS/apache-1.3.22-10.1mdk.i586.rpm 084e29eb5ea8f07924bd3c3aaa62e166 1.0.1/RPMS/apache-common-1.3.22-10.1mdk.i586.rpm 99ee271be857848a76ee4e5ddba164db 1.0.1/RPMS/apache-devel-1.3.22-10.1mdk.i586.rpm 7419f968d50062a46fdb5c932a4e6a66 1.0.1/RPMS/apache-manual-1.3.22-10.1mdk.i586.rpm a814f93494464cb1dc17ba363d128ade 1.0.1/RPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.i586.rpm 8ad5af9470bf2efc5a9500c0ca0dc1f0 1.0.1/RPMS/apache-modules-1.3.22-10.1mdk.i586.rpm fb6de8872a5f8e378df18f7867167202 1.0.1/RPMS/apache-source-1.3.22-10.1mdk.i586.rpm 6657b308799219bb0adcfd7339c3bacc 1.0.1/RPMS/mod_perl-common-1.3.22_1.26-2.1mdk.i586.rpm f1ec2ba965c0217b346b9c43e2d9ec3f 1.0.1/RPMS/mod_perl-devel-1.3.22_1.26-2.1mdk.i586.rpm f743e6702701f49ec7c7226663e94256 1.0.1/RPMS/HTML-Embperl-1.3.22_1.3.4-2.1mdk.i586.rpm 1ec9d40da21ba65855962c4b05b51f2f 1.0.1/SRPMS/apache-1.3.22-10.1mdk.src.rpm 4a21f924efa9b33df29b63838a0bd283 1.0.1/SRPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.src.rpm Single Network Firewall 7.2: 24f79880c17c12b1a0106c210e46ec9e snf7.2/RPMS/apache-1.3.20-5.1mdk.i586.rpm 2b8d3b2b0430b78a49fe172e72e7b5a1 snf7.2/RPMS/apache-common-1.3.20-5.1mdk.i586.rpm d104f95454b1d28035db97df19a6460b snf7.2/RPMS/apache-devel-1.3.20-5.1mdk.i586.rpm 7180b8f52e477f89a68bc27a220d3ab2 snf7.2/RPMS/apache-manual-1.3.20-5.1mdk.i586.rpm d9768de21cd57c828deaa36c63839ba0 snf7.2/RPMS/apache-mod_perl-1.3.20_1.24-5.1mdk.i586.rpm 44f05723dc7d10eb6e5590e34b21ce9a snf7.2/RPMS/apache-mod_perl-devel-1.3.20_1.24-5.1mdk.i586.rpm dc20b172adaa53806cc055b1f8ffe50a snf7.2/RPMS/apache-suexec-1.3.20-5.1mdk.i586.rpm 49e9f481c8cc83fff20309e0f24add2e snf7.2/RPMS/HTML-Embperl-1.3b6-5.1mdk.i586.rpm 5be9ae334cabbd773f43719f2d54853f snf7.2/SRPMS/apache-1.3.20-5.1mdk.src.rpm ________________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ________________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig <filename> All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from: https://www.mandrakesecure.net/RPM-GPG-KEYS Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security@linux-mandrake.com ________________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security@linux-mandrake.com> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.7 (GNU/Linux) mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7 WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg 2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy /NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H 8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K +jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+ OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ 9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z 269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN 6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo 0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ EJGXlA== =yGlX - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9E24cmqjQ0CJFipgRAnonAKDxfwjbKOhfBokmDpVTpFFdoJk7/wCg3Y/B zNvSq77L52pAwujBesB/rtc= =61BU -----END PGP SIGNATURE-----