ID

VAR-201007-0199

CVE

CVE-2010-1452

TITLE

Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities

DESCRIPTION

The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. Apache HTTP Server is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to deny service to legitimate users. Versions prior to Apache 2.2.16 are vulnerable. Packages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452 http://httpd.apache.org/security/vulnerabilities_22.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 06e857488c2b40c2a0aaf7004726a502 2008.0/i586/apache-base-2.2.6-8.6mdv2008.0.i586.rpm 2694040802b1329f0adac51bd7640136 2008.0/i586/apache-devel-2.2.6-8.6mdv2008.0.i586.rpm 6c4a5fb028605baa3459e03085b37d5e 2008.0/i586/apache-htcacheclean-2.2.6-8.6mdv2008.0.i586.rpm e8e0cff4447b3f7b264f660fbe379449 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.6mdv2008.0.i586.rpm 582f3ecc2eb97e6eef6a3bdae1ff5498 2008.0/i586/apache-mod_cache-2.2.6-8.6mdv2008.0.i586.rpm 2a080305b7e8b11bdd97b61f79c03d6d 2008.0/i586/apache-mod_dav-2.2.6-8.6mdv2008.0.i586.rpm 902b29ea25196ddd0c718ba5ff8fb5bc 2008.0/i586/apache-mod_dbd-2.2.6-8.6mdv2008.0.i586.rpm 88820b4987fb8dbe91983a57448aefa4 2008.0/i586/apache-mod_deflate-2.2.6-8.6mdv2008.0.i586.rpm caf10ec66d8a7cc0abc3e41d0862da38 2008.0/i586/apache-mod_disk_cache-2.2.6-8.6mdv2008.0.i586.rpm 0c99ec09dc44adcd28816e6ea1362cde 2008.0/i586/apache-mod_file_cache-2.2.6-8.6mdv2008.0.i586.rpm 478b82672ede1c503fc865206d21a100 2008.0/i586/apache-mod_ldap-2.2.6-8.6mdv2008.0.i586.rpm fe63f0ff63ed611e682d2f7c40e017e9 2008.0/i586/apache-mod_mem_cache-2.2.6-8.6mdv2008.0.i586.rpm 7feee63e323c6a3b5183c42093b31e0d 2008.0/i586/apache-mod_proxy-2.2.6-8.6mdv2008.0.i586.rpm a92cb47580b48464e12ce9a22d083ed3 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.6mdv2008.0.i586.rpm 40911443f472c5af1ab59b1fff907872 2008.0/i586/apache-mod_ssl-2.2.6-8.6mdv2008.0.i586.rpm 665e6157da7ecc8a553c358627014137 2008.0/i586/apache-modules-2.2.6-8.6mdv2008.0.i586.rpm 23842ef27bc0cb4c2928ea30c461d7bc 2008.0/i586/apache-mod_userdir-2.2.6-8.6mdv2008.0.i586.rpm 0736f77fe06f01e7d22b921902ed73d2 2008.0/i586/apache-mpm-event-2.2.6-8.6mdv2008.0.i586.rpm ab1654f679b3f5a7032922dd9f6c8025 2008.0/i586/apache-mpm-itk-2.2.6-8.6mdv2008.0.i586.rpm eb834fb78041f217d30c532bf95c0143 2008.0/i586/apache-mpm-prefork-2.2.6-8.6mdv2008.0.i586.rpm add5fb58f78e7ce6689cd58c16ffdffb 2008.0/i586/apache-mpm-worker-2.2.6-8.6mdv2008.0.i586.rpm 2bd4caaf1128cb0fc94c4c44f2c56453 2008.0/i586/apache-source-2.2.6-8.6mdv2008.0.i586.rpm 57c08b6909e494350019980e757991f5 2008.0/SRPMS/apache-2.2.6-8.6mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 2a34fe7f0be72ccf8c9b734ca63be6e5 2008.0/x86_64/apache-base-2.2.6-8.6mdv2008.0.x86_64.rpm 3335fb591a6401a1b310d6bd8120660e 2008.0/x86_64/apache-devel-2.2.6-8.6mdv2008.0.x86_64.rpm de353f53148a32682f8a3ffb51b76ed5 2008.0/x86_64/apache-htcacheclean-2.2.6-8.6mdv2008.0.x86_64.rpm bfc150afb6ccbe9eab57849a94419e5f 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.6mdv2008.0.x86_64.rpm a0481e9c6a2bbd44247782bc90e2b915 2008.0/x86_64/apache-mod_cache-2.2.6-8.6mdv2008.0.x86_64.rpm 06242bb4f8bdea11cf9ae424c5515231 2008.0/x86_64/apache-mod_dav-2.2.6-8.6mdv2008.0.x86_64.rpm 302f9ecc1dfb77352e296c05190afe24 2008.0/x86_64/apache-mod_dbd-2.2.6-8.6mdv2008.0.x86_64.rpm 2ab511c8144aa3dd8a1ad3a2feb82458 2008.0/x86_64/apache-mod_deflate-2.2.6-8.6mdv2008.0.x86_64.rpm 83b8eb7acd50b8a6d05b8519f7c6cb4b 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.6mdv2008.0.x86_64.rpm 427b3929d5e10ffc6064ca2cc38ccd88 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.6mdv2008.0.x86_64.rpm 471cf9d248c1868bf9cb52e0cf544a10 2008.0/x86_64/apache-mod_ldap-2.2.6-8.6mdv2008.0.x86_64.rpm f32c311f6fd086c49cebfcd61b685fce 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.6mdv2008.0.x86_64.rpm d4f5e603a512172fb1079942eaa9c076 2008.0/x86_64/apache-mod_proxy-2.2.6-8.6mdv2008.0.x86_64.rpm 581b37d6fa9de183f81676686693e689 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.6mdv2008.0.x86_64.rpm 5e866de5a08f901f76ea0f37f6502624 2008.0/x86_64/apache-mod_ssl-2.2.6-8.6mdv2008.0.x86_64.rpm 9bae7e180f5aa6310a7c324fc787a4a6 2008.0/x86_64/apache-modules-2.2.6-8.6mdv2008.0.x86_64.rpm 4d21f60be29a3fe37865571977fe2ab5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.6mdv2008.0.x86_64.rpm 28ebbf3878143f3887458f67acbed740 2008.0/x86_64/apache-mpm-event-2.2.6-8.6mdv2008.0.x86_64.rpm af1174cb9648d8be0a80a66a3edb7b92 2008.0/x86_64/apache-mpm-itk-2.2.6-8.6mdv2008.0.x86_64.rpm fcdfe3685f407af5649820bd14a79bce 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.6mdv2008.0.x86_64.rpm 008ab6ab051abdbb1f901d9589eb96b3 2008.0/x86_64/apache-mpm-worker-2.2.6-8.6mdv2008.0.x86_64.rpm cb79c4764ef712acb77358b046a45af6 2008.0/x86_64/apache-source-2.2.6-8.6mdv2008.0.x86_64.rpm 57c08b6909e494350019980e757991f5 2008.0/SRPMS/apache-2.2.6-8.6mdv2008.0.src.rpm Mandriva Linux 2009.1: 438cc4f99ff6b9a3089abcf968b510fb 2009.1/i586/apache-base-2.2.11-10.10mdv2009.1.i586.rpm a697c7c99b63c9a53424b1275ad27eb3 2009.1/i586/apache-devel-2.2.11-10.10mdv2009.1.i586.rpm 531ae4a131f5020349dc5eaf4dceea4e 2009.1/i586/apache-htcacheclean-2.2.11-10.10mdv2009.1.i586.rpm 24aaa106a6875c2cf74bcde75cb92fa7 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.10mdv2009.1.i586.rpm bfab01f304f9a63c33fa607a7bc1cfbc 2009.1/i586/apache-mod_cache-2.2.11-10.10mdv2009.1.i586.rpm 1646b80101227abc9aa3b4ad3727f130 2009.1/i586/apache-mod_dav-2.2.11-10.10mdv2009.1.i586.rpm 9f010b2842a1b3202c120750769e2e7c 2009.1/i586/apache-mod_dbd-2.2.11-10.10mdv2009.1.i586.rpm 029a02fb78004c129aa5f2cb8094a78b 2009.1/i586/apache-mod_deflate-2.2.11-10.10mdv2009.1.i586.rpm 05aa6334cad5a530f83de6d3d397b3c5 2009.1/i586/apache-mod_disk_cache-2.2.11-10.10mdv2009.1.i586.rpm 0a8ac878bc405034f60f26ee6b77a0a1 2009.1/i586/apache-mod_file_cache-2.2.11-10.10mdv2009.1.i586.rpm c1c8ce63df3a5216c1ed0d61c2eabd7f 2009.1/i586/apache-mod_ldap-2.2.11-10.10mdv2009.1.i586.rpm 07826ea42fc0969eecbebaf0a52f437c 2009.1/i586/apache-mod_mem_cache-2.2.11-10.10mdv2009.1.i586.rpm 9aa4372f650c53b4c9de7ef6a7703c0d 2009.1/i586/apache-mod_proxy-2.2.11-10.10mdv2009.1.i586.rpm 51001455d07cfcf3be903eee230d0d5c 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.10mdv2009.1.i586.rpm c3d7392dfedf7ef768ab22346310ed5f 2009.1/i586/apache-mod_ssl-2.2.11-10.10mdv2009.1.i586.rpm 733e414905d5053090729c360661d449 2009.1/i586/apache-modules-2.2.11-10.10mdv2009.1.i586.rpm d49fa50485969144d9fbe84618e05a0b 2009.1/i586/apache-mod_userdir-2.2.11-10.10mdv2009.1.i586.rpm b65c0045b7fcec8962942726f006dc15 2009.1/i586/apache-mpm-event-2.2.11-10.10mdv2009.1.i586.rpm 2ada36115bdd7f2b540db8a670c49f87 2009.1/i586/apache-mpm-itk-2.2.11-10.10mdv2009.1.i586.rpm 941eb5f837611ebf546602681c23ec63 2009.1/i586/apache-mpm-peruser-2.2.11-10.10mdv2009.1.i586.rpm 4b8bfd8c7836a334dc179b595667927a 2009.1/i586/apache-mpm-prefork-2.2.11-10.10mdv2009.1.i586.rpm 0d5ec80d9b80b0d696f1f96fb5d59969 2009.1/i586/apache-mpm-worker-2.2.11-10.10mdv2009.1.i586.rpm 79ca6f0054bfdaa2abaff9cec654a611 2009.1/i586/apache-source-2.2.11-10.10mdv2009.1.i586.rpm 3ae26760bb88faf07e2d3f23a8ad702e 2009.1/SRPMS/apache-2.2.11-10.10mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: f06534ae41a7ab731de03a28aca15046 2009.1/x86_64/apache-base-2.2.11-10.10mdv2009.1.x86_64.rpm 32e0e29ebcc149cbe2c7d49cac1ebe6c 2009.1/x86_64/apache-devel-2.2.11-10.10mdv2009.1.x86_64.rpm ad8f95bcc2f16c204a3e3a762524ce6f 2009.1/x86_64/apache-htcacheclean-2.2.11-10.10mdv2009.1.x86_64.rpm 81faf288d4ec397664badee3336b516e 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.10mdv2009.1.x86_64.rpm d1237cf0a5e16b5b9e59fc9c0cb55109 2009.1/x86_64/apache-mod_cache-2.2.11-10.10mdv2009.1.x86_64.rpm 7cc14cdb79d2675730f28c4b8ae46664 2009.1/x86_64/apache-mod_dav-2.2.11-10.10mdv2009.1.x86_64.rpm db7421a8cabd21a128cefddfc29aaff6 2009.1/x86_64/apache-mod_dbd-2.2.11-10.10mdv2009.1.x86_64.rpm 3bd006d2f3610f2cc8c6cd26cd9d8bc6 2009.1/x86_64/apache-mod_deflate-2.2.11-10.10mdv2009.1.x86_64.rpm 1f32a2e5e45ab93247a3985a3c350175 2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.10mdv2009.1.x86_64.rpm e2b3e4272944dda0ff28da011b35d8c1 2009.1/x86_64/apache-mod_file_cache-2.2.11-10.10mdv2009.1.x86_64.rpm f3d39731f291f4a4291849da20390610 2009.1/x86_64/apache-mod_ldap-2.2.11-10.10mdv2009.1.x86_64.rpm a439ba3cbc490e1dd7a76f3f8c7f56b5 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.10mdv2009.1.x86_64.rpm 71f0be1913da09692d0b8fd33a7da9f5 2009.1/x86_64/apache-mod_proxy-2.2.11-10.10mdv2009.1.x86_64.rpm f40caa33abd21ecb44334bd55ae8a7b7 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.10mdv2009.1.x86_64.rpm 4dfb70c0c3a54a656b418b01f480b36c 2009.1/x86_64/apache-mod_ssl-2.2.11-10.10mdv2009.1.x86_64.rpm a30c6a87cf0d89feb3cb28051d05e233 2009.1/x86_64/apache-modules-2.2.11-10.10mdv2009.1.x86_64.rpm 5a7d0c3c2c141162f14f7f1e22d87610 2009.1/x86_64/apache-mod_userdir-2.2.11-10.10mdv2009.1.x86_64.rpm a422a257fb958dbd142393a95909e59c 2009.1/x86_64/apache-mpm-event-2.2.11-10.10mdv2009.1.x86_64.rpm 7595de4a8ee906bff6aabd80f2c98353 2009.1/x86_64/apache-mpm-itk-2.2.11-10.10mdv2009.1.x86_64.rpm 8d23806b472a51e74994362a1dd21a80 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.10mdv2009.1.x86_64.rpm d9a7d26c895f5bfa98cb757ca4c56c29 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.10mdv2009.1.x86_64.rpm 54ab15addb1371d5efe612cf0a298268 2009.1/x86_64/apache-mpm-worker-2.2.11-10.10mdv2009.1.x86_64.rpm b7354e59c5f2f11b669b44ae1492b2fc 2009.1/x86_64/apache-source-2.2.11-10.10mdv2009.1.x86_64.rpm 3ae26760bb88faf07e2d3f23a8ad702e 2009.1/SRPMS/apache-2.2.11-10.10mdv2009.1.src.rpm Mandriva Linux 2010.0: 4a6b15a74ecf71f8ce6cfcb9acd53c02 2010.0/i586/apache-base-2.2.14-1.5mdv2010.0.i586.rpm 42c21ee835dce3b4b393692c4789b725 2010.0/i586/apache-devel-2.2.14-1.5mdv2010.0.i586.rpm 9cbc878de19a7a7734767f31801734b9 2010.0/i586/apache-htcacheclean-2.2.14-1.5mdv2010.0.i586.rpm c64d9828f49d631aac84d9e77d55b75e 2010.0/i586/apache-mod_authn_dbd-2.2.14-1.5mdv2010.0.i586.rpm 5ea4a68122fc7d4a67b50a71fcd24d66 2010.0/i586/apache-mod_cache-2.2.14-1.5mdv2010.0.i586.rpm daefdaefc755ba3f860e6cc0ce86b5b0 2010.0/i586/apache-mod_dav-2.2.14-1.5mdv2010.0.i586.rpm a2f69656e519f7b5cd7cc416a5df56c1 2010.0/i586/apache-mod_dbd-2.2.14-1.5mdv2010.0.i586.rpm bb3b5843edd4bda61eb42832b22c3c1f 2010.0/i586/apache-mod_deflate-2.2.14-1.5mdv2010.0.i586.rpm 8094be6c71416cb705fc0d665f6ff69f 2010.0/i586/apache-mod_disk_cache-2.2.14-1.5mdv2010.0.i586.rpm d2c4ac50a83a1a6bc1482a2c5f3f80c6 2010.0/i586/apache-mod_file_cache-2.2.14-1.5mdv2010.0.i586.rpm d47b635a8c017bb3136aa3964047e316 2010.0/i586/apache-mod_ldap-2.2.14-1.5mdv2010.0.i586.rpm 0e73b2a273ab891ddf37acf55825c7b3 2010.0/i586/apache-mod_mem_cache-2.2.14-1.5mdv2010.0.i586.rpm e521df25d9e94a05207d3de47840680d 2010.0/i586/apache-mod_proxy-2.2.14-1.5mdv2010.0.i586.rpm 65922d3276b06d2771ce75f67877b962 2010.0/i586/apache-mod_proxy_ajp-2.2.14-1.5mdv2010.0.i586.rpm b613e8dc796c0dbc5753aba6f86a779e 2010.0/i586/apache-mod_proxy_scgi-2.2.14-1.5mdv2010.0.i586.rpm 032eeba7e05d24b50fa4118c5116cbea 2010.0/i586/apache-mod_ssl-2.2.14-1.5mdv2010.0.i586.rpm e65d45117c978ac60cdcb32bbf5f345b 2010.0/i586/apache-modules-2.2.14-1.5mdv2010.0.i586.rpm 5b5b4a9a7b9e2f89c15f337b6ee96f20 2010.0/i586/apache-mod_userdir-2.2.14-1.5mdv2010.0.i586.rpm 450d10228a6748992c2071b1078679b3 2010.0/i586/apache-mpm-event-2.2.14-1.5mdv2010.0.i586.rpm 5752776f9e331c3fd6c939bf630c0846 2010.0/i586/apache-mpm-itk-2.2.14-1.5mdv2010.0.i586.rpm 8bc7831cabf5ff2d18560cc62680bab7 2010.0/i586/apache-mpm-peruser-2.2.14-1.5mdv2010.0.i586.rpm 40af5f4718daee77419e3fe7822ab6b9 2010.0/i586/apache-mpm-prefork-2.2.14-1.5mdv2010.0.i586.rpm e006560fcd253ae7464ddf6d0dfca21e 2010.0/i586/apache-mpm-worker-2.2.14-1.5mdv2010.0.i586.rpm ae6ca11f2b442159b8778dcf3ae69d98 2010.0/i586/apache-source-2.2.14-1.5mdv2010.0.i586.rpm 5119b9d8096e2e421e06879932b4c247 2010.0/SRPMS/apache-2.2.14-1.5mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 41e071cecc40e0a6318c774ac94dc430 2010.0/x86_64/apache-base-2.2.14-1.5mdv2010.0.x86_64.rpm eab3ff643cd7086ecf03841840f47b2b 2010.0/x86_64/apache-devel-2.2.14-1.5mdv2010.0.x86_64.rpm 61d145423f92bc0ffbca5e7773c91421 2010.0/x86_64/apache-htcacheclean-2.2.14-1.5mdv2010.0.x86_64.rpm c77512a7dfe7e694b3c9d7af203c897e 2010.0/x86_64/apache-mod_authn_dbd-2.2.14-1.5mdv2010.0.x86_64.rpm 6c24fa5660b2e44ecc49c0f9249d4ffa 2010.0/x86_64/apache-mod_cache-2.2.14-1.5mdv2010.0.x86_64.rpm 1dca27df1d4943a60c587123c10a701c 2010.0/x86_64/apache-mod_dav-2.2.14-1.5mdv2010.0.x86_64.rpm 58adc8e0a16b9eb1e28a945800ec2bde 2010.0/x86_64/apache-mod_dbd-2.2.14-1.5mdv2010.0.x86_64.rpm fb8b638e6209b222e9571d027a193aa4 2010.0/x86_64/apache-mod_deflate-2.2.14-1.5mdv2010.0.x86_64.rpm 59510a5e731fc66bb8190ec767dc10db 2010.0/x86_64/apache-mod_disk_cache-2.2.14-1.5mdv2010.0.x86_64.rpm 29347ec13ebfa486bc4890b883e01ad7 2010.0/x86_64/apache-mod_file_cache-2.2.14-1.5mdv2010.0.x86_64.rpm dfa08e0e2977d37b47cba99f56913ef2 2010.0/x86_64/apache-mod_ldap-2.2.14-1.5mdv2010.0.x86_64.rpm f693ee3a83823d631dd87a3cafd8a6ef 2010.0/x86_64/apache-mod_mem_cache-2.2.14-1.5mdv2010.0.x86_64.rpm 7721c2cbf5e43b7a234910810bec4519 2010.0/x86_64/apache-mod_proxy-2.2.14-1.5mdv2010.0.x86_64.rpm 00f3631e6de8a256c290d3966a4c7057 2010.0/x86_64/apache-mod_proxy_ajp-2.2.14-1.5mdv2010.0.x86_64.rpm aac0380502f3f44d0a30f7e43f211a72 2010.0/x86_64/apache-mod_proxy_scgi-2.2.14-1.5mdv2010.0.x86_64.rpm 1cb5133f3e78328abdd936221d9144df 2010.0/x86_64/apache-mod_ssl-2.2.14-1.5mdv2010.0.x86_64.rpm 0214a53c1c40a28eba373ab970af393d 2010.0/x86_64/apache-modules-2.2.14-1.5mdv2010.0.x86_64.rpm 4ea375cc538cb8721770a322425ef435 2010.0/x86_64/apache-mod_userdir-2.2.14-1.5mdv2010.0.x86_64.rpm f30b6d4d5bc6aeafef878a7882af8a42 2010.0/x86_64/apache-mpm-event-2.2.14-1.5mdv2010.0.x86_64.rpm 6655132e7e9fee08d356e0fdc05b9eaa 2010.0/x86_64/apache-mpm-itk-2.2.14-1.5mdv2010.0.x86_64.rpm 7c69b3713008f0e5b390bfb23d3316ac 2010.0/x86_64/apache-mpm-peruser-2.2.14-1.5mdv2010.0.x86_64.rpm 68112f2b1bd9a531568ee047460b708f 2010.0/x86_64/apache-mpm-prefork-2.2.14-1.5mdv2010.0.x86_64.rpm 4124d166bee84a0c3c0fd1396cc3970e 2010.0/x86_64/apache-mpm-worker-2.2.14-1.5mdv2010.0.x86_64.rpm f96b9c51cd923177a8d9f6c1fabddd92 2010.0/x86_64/apache-source-2.2.14-1.5mdv2010.0.x86_64.rpm 5119b9d8096e2e421e06879932b4c247 2010.0/SRPMS/apache-2.2.14-1.5mdv2010.0.src.rpm Mandriva Linux 2010.1: caf5da35cbd6ab037e849996dd84bbaf 2010.1/i586/apache-base-2.2.15-3.1mdv2010.1.i586.rpm 646cad2b1eefa8236392041038b8e1ca 2010.1/i586/apache-devel-2.2.15-3.1mdv2010.1.i586.rpm 795478d94b0623a6603e01535ac81cf3 2010.1/i586/apache-htcacheclean-2.2.15-3.1mdv2010.1.i586.rpm 7e5c8901a69c9a4c149ef3a97334b912 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.1mdv2010.1.i586.rpm ce039cfac61295bc8582dd40f1b754ff 2010.1/i586/apache-mod_cache-2.2.15-3.1mdv2010.1.i586.rpm d2b7e8f30b2b7db77dede2c183891980 2010.1/i586/apache-mod_dav-2.2.15-3.1mdv2010.1.i586.rpm 598fb473552bb95b482d69fd12697970 2010.1/i586/apache-mod_dbd-2.2.15-3.1mdv2010.1.i586.rpm fb38e92846184dbe5e6c093832457709 2010.1/i586/apache-mod_deflate-2.2.15-3.1mdv2010.1.i586.rpm 55e8e36bb79b1670c87745bf9e9a79ff 2010.1/i586/apache-mod_disk_cache-2.2.15-3.1mdv2010.1.i586.rpm 7fcd6eaf9c80c09d252a03c3ad7b88c8 2010.1/i586/apache-mod_file_cache-2.2.15-3.1mdv2010.1.i586.rpm 7b97a103fbebcc14db232643e6abd003 2010.1/i586/apache-mod_ldap-2.2.15-3.1mdv2010.1.i586.rpm f998d39b152038bd617e92f40f8bfc22 2010.1/i586/apache-mod_mem_cache-2.2.15-3.1mdv2010.1.i586.rpm be5e3357abf707c0002fddaebc4c2345 2010.1/i586/apache-mod_proxy-2.2.15-3.1mdv2010.1.i586.rpm 3347e425568086756ac8494a61072484 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.1mdv2010.1.i586.rpm b2b5897d2c74b14df3dff1ab678a807f 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.1mdv2010.1.i586.rpm feca8c4579d7e9b709b552e52d82c31b 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.1mdv2010.1.i586.rpm 197573516b2dd4b2fa4732e8ccd3312b 2010.1/i586/apache-mod_ssl-2.2.15-3.1mdv2010.1.i586.rpm 69a5700ef8b7e78b5f8d5bda2f7e19b8 2010.1/i586/apache-modules-2.2.15-3.1mdv2010.1.i586.rpm 4d5fb155f37ba883c6ebfab106d72259 2010.1/i586/apache-mod_userdir-2.2.15-3.1mdv2010.1.i586.rpm 79daa6e2928e5f98fe34ed04194d7609 2010.1/i586/apache-mpm-event-2.2.15-3.1mdv2010.1.i586.rpm 7f1d8518661ab5bafbe8aa36bdf9c849 2010.1/i586/apache-mpm-itk-2.2.15-3.1mdv2010.1.i586.rpm 4872dccb8b9b82f8d36b2379042f46bd 2010.1/i586/apache-mpm-peruser-2.2.15-3.1mdv2010.1.i586.rpm b108e0b234dc6ee0d5b568d9454c7130 2010.1/i586/apache-mpm-prefork-2.2.15-3.1mdv2010.1.i586.rpm ee4790aefd835fd456c40302c6c59a09 2010.1/i586/apache-mpm-worker-2.2.15-3.1mdv2010.1.i586.rpm 45e5f88e670493dc5a1cd889f88da44f 2010.1/i586/apache-source-2.2.15-3.1mdv2010.1.i586.rpm 3f43a061bf387d595407dfa14dc5673c 2010.1/SRPMS/apache-2.2.15-3.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: b819ba22c97203bca6ab0d503eb06a13 2010.1/x86_64/apache-base-2.2.15-3.1mdv2010.1.x86_64.rpm ccebb263f1b8accceabd58c55b146919 2010.1/x86_64/apache-devel-2.2.15-3.1mdv2010.1.x86_64.rpm 3b920dea2e2c6876ed811f7ab58a3bb5 2010.1/x86_64/apache-htcacheclean-2.2.15-3.1mdv2010.1.x86_64.rpm 8c9ef5ee180a1ee0d04988f67d8123d2 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.1mdv2010.1.x86_64.rpm c8a137110e651c47c8abf331e0e6a7f1 2010.1/x86_64/apache-mod_cache-2.2.15-3.1mdv2010.1.x86_64.rpm b9f81731ed94b15bf75bce8382650cd5 2010.1/x86_64/apache-mod_dav-2.2.15-3.1mdv2010.1.x86_64.rpm 60d56edcf9af3fe7384c8ea31f2592d2 2010.1/x86_64/apache-mod_dbd-2.2.15-3.1mdv2010.1.x86_64.rpm 0a522cb53f7fc2081442761b594e3bb8 2010.1/x86_64/apache-mod_deflate-2.2.15-3.1mdv2010.1.x86_64.rpm ce20afaaadcb926bb58b347294cdf78c 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.1mdv2010.1.x86_64.rpm 28f2b86f2049f2bac446ecd6f563b66a 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.1mdv2010.1.x86_64.rpm c28699c7fd4b97f5425673c9834e3c46 2010.1/x86_64/apache-mod_ldap-2.2.15-3.1mdv2010.1.x86_64.rpm a2dde0e8181163fc33adc5aadb1a7771 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.1mdv2010.1.x86_64.rpm cdc09bcbbda04c0ccdd0af646cfbe720 2010.1/x86_64/apache-mod_proxy-2.2.15-3.1mdv2010.1.x86_64.rpm 055a9cf864d4c2427d94bfa90a427c72 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.1mdv2010.1.x86_64.rpm 05656b17fe5cd958861b98d4f922787c 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.1mdv2010.1.x86_64.rpm ff77c47a517e722f9c8053ad3178d2ed 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.1mdv2010.1.x86_64.rpm 4c42fa164c7ef8a27c243b512e708ef6 2010.1/x86_64/apache-mod_ssl-2.2.15-3.1mdv2010.1.x86_64.rpm d50ca5db08d261eb1db7fe4ffc0baf43 2010.1/x86_64/apache-modules-2.2.15-3.1mdv2010.1.x86_64.rpm 67f5aca43ea08dfcd4870c898f3bcfd9 2010.1/x86_64/apache-mod_userdir-2.2.15-3.1mdv2010.1.x86_64.rpm 3778408b805e61537de5a57dea439af4 2010.1/x86_64/apache-mpm-event-2.2.15-3.1mdv2010.1.x86_64.rpm 4f710cb9926c7420b1dd98a8a8cb3547 2010.1/x86_64/apache-mpm-itk-2.2.15-3.1mdv2010.1.x86_64.rpm 1c052c41d4808add2d03861a0019fdff 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.1mdv2010.1.x86_64.rpm 94a38ed6e9c09b46651e483d687c92d8 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.1mdv2010.1.x86_64.rpm 4bdefa2fe6a9eeb472b763124d3ca761 2010.1/x86_64/apache-mpm-worker-2.2.15-3.1mdv2010.1.x86_64.rpm e54bc39182993e42a016244831763414 2010.1/x86_64/apache-source-2.2.15-3.1mdv2010.1.x86_64.rpm 3f43a061bf387d595407dfa14dc5673c 2010.1/SRPMS/apache-2.2.15-3.1mdv2010.1.src.rpm Corporate 4.0: 0404ef7ac86c12ece11c3817701718aa corporate/4.0/i586/apache-base-2.2.3-1.12.20060mlcs4.i586.rpm 3f93f65004e6605ebb049b707ebab6f6 corporate/4.0/i586/apache-devel-2.2.3-1.12.20060mlcs4.i586.rpm 4a7a5d0f6882f38b9d1bae484360c5a1 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.12.20060mlcs4.i586.rpm ab110c22397dcffb8f4e2b6d45bc5669 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.12.20060mlcs4.i586.rpm d3502aca3c909a9b5f4b20d17a5e3685 corporate/4.0/i586/apache-mod_cache-2.2.3-1.12.20060mlcs4.i586.rpm fbb7da54b8c22f54569774efa2c226b2 corporate/4.0/i586/apache-mod_dav-2.2.3-1.12.20060mlcs4.i586.rpm 0a97028c22469edbb6de9ab7c5b21b42 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.12.20060mlcs4.i586.rpm af7eab2e787b27474a30d12c8fe08267 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.12.20060mlcs4.i586.rpm e5c4a612c59c1f9f9c4002977f493e9a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.12.20060mlcs4.i586.rpm 2a03d398b7367c59d061da0944318c8d corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.12.20060mlcs4.i586.rpm 95f11057475009f8d728d8a0f8f354df corporate/4.0/i586/apache-mod_ldap-2.2.3-1.12.20060mlcs4.i586.rpm 883be9a3bbdf99b5797f95bcd86684cd corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.12.20060mlcs4.i586.rpm 8a4b6c9c2d4f38c70b1d1c57c43f8f8b corporate/4.0/i586/apache-mod_proxy-2.2.3-1.12.20060mlcs4.i586.rpm 7871523480b1ab2885d94be8de209367 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.12.20060mlcs4.i586.rpm 4e9995c8827f7fb19c4df5683cf0b880 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.12.20060mlcs4.i586.rpm 25b61feb0f905e9d77df12e8f29c6ce5 corporate/4.0/i586/apache-modules-2.2.3-1.12.20060mlcs4.i586.rpm 23cd15cf42b057b30104ff4a2e01ea7a corporate/4.0/i586/apache-mod_userdir-2.2.3-1.12.20060mlcs4.i586.rpm 6271b1bcff87ee688f201643b1aa368e corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.12.20060mlcs4.i586.rpm 215d763d6a2d31360c3f0b6ca8d8fc3d corporate/4.0/i586/apache-mpm-worker-2.2.3-1.12.20060mlcs4.i586.rpm 9225c39001d023034a5a2cc05492d63c corporate/4.0/i586/apache-source-2.2.3-1.12.20060mlcs4.i586.rpm b87a4bb7750a1eeb213b041375655db2 corporate/4.0/SRPMS/apache-2.2.3-1.12.20060mlcs4.src.rpm Corporate 4.0/X86_64: 02a11f59079d6ed93e75080446cab75c corporate/4.0/x86_64/apache-base-2.2.3-1.12.20060mlcs4.x86_64.rpm 45eb12e5894da52db5998969628317c3 corporate/4.0/x86_64/apache-devel-2.2.3-1.12.20060mlcs4.x86_64.rpm 9d0c34163b2731c26ef5e3d423aa450b corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.12.20060mlcs4.x86_64.rpm ffec999ef592adf07dbb6488342f92ff corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.12.20060mlcs4.x86_64.rpm aeeee38f4e4b188bd1f66f767ea8d70d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.12.20060mlcs4.x86_64.rpm d85b9f61e5947575a6cd21ad4621a51e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.12.20060mlcs4.x86_64.rpm 2e88fd54598a392c20e47f0ced4299d5 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.12.20060mlcs4.x86_64.rpm ed045653f645821bdfc166fea401cf97 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.12.20060mlcs4.x86_64.rpm 12f3ef51c37be66a87b172dcfb175fe4 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.12.20060mlcs4.x86_64.rpm 5a9e17b78725b510ca4bd7843de17f43 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.12.20060mlcs4.x86_64.rpm e7dfc0678cde51fdabb6ab661bcfaa9f corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.12.20060mlcs4.x86_64.rpm 0c9c544ea94c7aa89cb8daf055a58e03 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.12.20060mlcs4.x86_64.rpm 5c40b6b9a93a7edafad5637b0192bbc1 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.12.20060mlcs4.x86_64.rpm db912c24810608ce52278ad4f21079cf corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.12.20060mlcs4.x86_64.rpm aad4e7736383461e132097d8a616c6fe corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.12.20060mlcs4.x86_64.rpm 66e0cad4501ab964c6fc7c3890d3a740 corporate/4.0/x86_64/apache-modules-2.2.3-1.12.20060mlcs4.x86_64.rpm 21928801fe96c948f73d3a3cda9313ee corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.12.20060mlcs4.x86_64.rpm 6f554fe6c0b0cbbf5f5d3c5a5b59cac4 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.12.20060mlcs4.x86_64.rpm 9261c820d088b3a4f6a465597f37c48e corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.12.20060mlcs4.x86_64.rpm 2429eca9599e61e7535d0749651722ad corporate/4.0/x86_64/apache-source-2.2.3-1.12.20060mlcs4.x86_64.rpm b87a4bb7750a1eeb213b041375655db2 corporate/4.0/SRPMS/apache-2.2.3-1.12.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: JBoss Enterprise Web Server 1.0.2 update Advisory ID: RHSA-2011:0896-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0896.html Issue date: 2011-06-22 CVE Names: CVE-2008-7270 CVE-2009-3245 CVE-2009-3560 CVE-2009-3720 CVE-2009-3767 CVE-2010-1157 CVE-2010-1452 CVE-2010-1623 CVE-2010-2068 CVE-2010-3718 CVE-2010-4172 CVE-2010-4180 CVE-2011-0013 CVE-2011-0419 ===================================================================== 1. Summary: JBoss Enterprise Web Server 1.0.2 is now available from the Red Hat Customer Portal for Red Hat Enterprise Linux 4, 5 and 6, Solaris, and Microsoft Windows. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: JBoss Enterprise Web Server is a fully-integrated and certified set of components for hosting Java web applications. This is the first release of JBoss Enterprise Web Server for Red Hat Enterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, Solaris, and Microsoft Windows, this release serves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes a number of bug fixes. Refer to the Release Notes, linked in the References, for more information. This update corrects security flaws in the following components: tomcat6: A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. If a remote attacker could trick a user who is logged into the Manager application into visiting a specially-crafted URL, the attacker could perform Manager application tasks with the privileges of the logged in user. (CVE-2010-4172) tomcat5 and tomcat6: It was found that web applications could modify the location of the Apache Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718) A second cross-site scripting (XSS) flaw was found in the Manager application. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013) A possible minor information leak was found in the way Apache Tomcat generated HTTP BASIC and DIGEST authentication requests. For configurations where a realm name was not specified and Tomcat was accessed via a proxy, the default generated realm contained the hostname and port used by the proxy to send requests to the Tomcat server. (CVE-2010-1452) A flaw was discovered in the way the mod_proxy_http module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. In some configurations, the proxy could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. Note: This issue only affected httpd running on the Windows operating system. (CVE-2010-2068) apr: It was found that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching. (CVE-2011-0419) apr-util: It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line() function. An attacker able to provide input in small chunks to an application using the apr-util library (such as httpd) could possibly use this flaw to trigger high memory consumption. (CVE-2010-1623) The following flaws were corrected in the packages for Solaris and Windows. Updates for Red Hat Enterprise Linux can be downloaded from the Red Hat Network. Multiple flaws in OpenSSL, which could possibly cause a crash, code execution, or a change of session parameters, have been corrected. (CVE-2009-3245, CVE-2010-4180, CVE-2008-7270) Two denial of service flaws were corrected in Expat. (CVE-2009-3560, CVE-2009-3720) An X.509 certificate verification flaw was corrected in OpenLDAP. (CVE-2009-3767) More information about these flaws is available from the CVE links in the References. 3. Solution: All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat Customer Portal are advised to upgrade to JBoss Enterprise Web Server 1.0.2, which corrects these issues. The References section of this erratum contains a download link (you must log in to download the update). Before installing the update, backup your existing JBoss Enterprise Web Server installation (including all applications and configuration files). 4. Bugs fixed (http://bugzilla.redhat.com/): 530715 - CVE-2009-3767 OpenLDAP: Doesn't properly handle NULL character in subject Common Name 531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences 533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences 570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks 585331 - CVE-2010-1157 tomcat: information disclosure in authentication headers 618189 - CVE-2010-1452 httpd mod_cache, mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments 632994 - CVE-2010-2068 httpd (mod_proxy): Sensitive response disclosure due improper handling of timeouts 640281 - CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line() 656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application 659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack 660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack 675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface 675792 - CVE-2010-3718 tomcat: file permission bypass flaw 703390 - CVE-2011-0419 apr: unconstrained recursion in apr_fnmatch 5. References: https://www.redhat.com/security/data/cve/CVE-2008-7270.html https://www.redhat.com/security/data/cve/CVE-2009-3245.html https://www.redhat.com/security/data/cve/CVE-2009-3560.html https://www.redhat.com/security/data/cve/CVE-2009-3720.html https://www.redhat.com/security/data/cve/CVE-2009-3767.html https://www.redhat.com/security/data/cve/CVE-2010-1157.html https://www.redhat.com/security/data/cve/CVE-2010-1452.html https://www.redhat.com/security/data/cve/CVE-2010-1623.html https://www.redhat.com/security/data/cve/CVE-2010-2068.html https://www.redhat.com/security/data/cve/CVE-2010-3718.html https://www.redhat.com/security/data/cve/CVE-2010-4172.html https://www.redhat.com/security/data/cve/CVE-2010-4180.html https://www.redhat.com/security/data/cve/CVE-2011-0013.html https://www.redhat.com/security/data/cve/CVE-2011-0419.html https://access.redhat.com/security/updates/classification/#moderate http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0/html-single/Release_Notes_1.0.2/index.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=1.0.2 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOAuGhXlSAg2UNWIIRAqmMAJ4r9f3dvSqtXd7MjjpO8g90BsEongCgmhEo /GsGpZfcRmJUiJiwYZJk5fU= =KiZb -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . HP System Management Homepage (SMH) before v7.0 running on Linux and Windows. RESOLUTION HP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. This update fixes this bug. CVE-2010-1452 A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution. The regression has been fixed in the following packages: For the oldstable distribution (lenny), this problem has been fixed in version 2.2.9-10+lenny11. For the stable distribution (squeeze), this problem has been fixed in version 2.2.16-6+squeeze3. For the testing distribution (wheezy), this problem will be fixed in version 2.2.20-1. For the unstable distribution (sid), this problem has been fixed in version 2.2.20-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny6. In the stable distribution, apache2-mpm-itk has the same version number as apache2. Release Date: 2010-12-07 Last Updated: 2010-12-06 ------------------------------------------------------------------------------ Potential Security Impact: Local information disclosure, increase of privilege, remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache-based Web Server. These vulnerabilities could be exploited locally to disclose information, increase privilege or remotely create a Denial of Service (DoS). References: CVE-2010-1452, CVE-2009-1956, CVE-2009-1955, CVE-2009-1891, CVE-2009-1890, CVE-2009-1195, CVE-2009-0023, CVE-2007-6203, CVE-2006-3918 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23 and B.11.31 running Apache-based Web Server prior to v2.0.63.01 Note: HP-UX Apache-based Web Server v2.0.63.01 is contained in HP-UX Web Server Suite v.2.32 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-1956 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2009-1955 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2009-1890 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-1195 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2009-0023 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-6203 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com Note: HP-UX Web Server Suite v.2.32 contains HP-UX Apache-based Web Server v2.0.63.01 Web Server Suite Version / Apache Depot name HP-UX Web Server Suite v.2.32 HP-UX 11i PA-RISC with IPv6 HP-UX 11i version 2 PA-RISC/IPF 64-bit HP-UX 11i version 2 PA-RISC/IPF 32-bit HP-UX 11i version 3 PA-RISC/IPF 64-bit HP-UX 11i version 3 PA-RISC/IPF 32-bit MANUAL ACTIONS: Yes - Update Install Apache-based Web Server v2.0.63.01 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX Web Server Suite v2.32 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent HP-UX B.11.23 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent HP-UX B.11.31 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 7 December 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. BAC v8.07 supplies Apache 2.2.17

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES