ID

VAR-201201-0038

CVE

CVE-2012-0053

TITLE

Apache HTTP Server of protocol.c In HTTPOnly Cookie Vulnerability that gets the value of

DESCRIPTION

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. Apache HTTP Server is prone to an information-disclosure vulnerability. The issue occurs in the default error response for status code 400. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. The vulnerability affects Apache HTTP Server versions 2.2.0 through 2.2.21. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. (CVE-2011-3368) It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3607) A NULL pointer dereference flaw was found in the httpd mod_log_config module. This update also fixes the following bug: * The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update introduced a regression in the way httpd handled certain Range HTTP header values. This update corrects this regression. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03231301 Version: 1 HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-03-27 Last Updated: 2012-03-27 Potential Security Impact: Remote unauthorized disclosure of information, unauthorized modification, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache HTTP Server. The vulnerabilities could be exploited remotely resulting in unauthorized disclosure of information, unauthorized modification, or Denial of Service (DoS). References: CVE-2012-0053, CVE-2012-0031, CVE-2012-0021, CVE-2011-4317, CVE-2011-3607, CVE-2011-3368 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided a hotfix to resolve the vulnerabilities. The SSRT100772 hotfix is available by contacting the normal HP Services support channel. MANUAL ACTIONS: Yes - NonUpdate Install the hotfix for SSRT100772. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS (for HP-UX) For HP-UX OV NNM 7.53 HP-UX B.11.31 HP-UX B.11.23 (IA) HP-UX B.11.23 (PA) HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN,fr=B.07.50.00 action: install the hotfix for SSRT100772 END AFFECTED VERSIONS (for HP-UX) HISTORY Version:1 (rev.1) - 27 March 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The apr-util package has also been updated to the latest version. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded. Version bump for httpd upgrade. patches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded. *) SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Joe Orton] *) SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. [Stefan Fritsch, Greg Ames] *) SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. [Joe Orton] *) SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. PR 52256. [Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.4.1-i486-1_slack12.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.22-i486-1_slack12.0.tgz Updated packages for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.4.1-i486-1_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.22-i486-1_slack12.1.tgz Updated packages for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.4.1-i486-1_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.22-i486-1_slack12.2.tgz Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.4.1-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.22-i486-1_slack13.0.txz Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.4.1-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.22-x86_64-1_slack13.0.txz Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.4.1-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.22-i486-1_slack13.1.txz Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.4.1-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.22-x86_64-1_slack13.1.txz Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.22-i486-1_slack13.37.txz Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.4.1-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.22-x86_64-1_slack13.37.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.4.1-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.22-i486-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.4.1-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.22-x86_64-1.txz MD5 signatures: +-------------+ Slackware 12.0 packages: 3143affee7e89d16a2f5b4f58f1f2c9d apr-util-1.4.1-i486-1_slack12.0.tgz 86c2b71a544c9533794951f718bd907b httpd-2.2.22-i486-1_slack12.0.tgz Slackware 12.1 packages: aab31157fa672bb2bc11851b486c9d5c apr-util-1.4.1-i486-1_slack12.1.tgz 1362ef9a9b2d355e1cf9b5c7e0ae0607 httpd-2.2.22-i486-1_slack12.1.tgz Slackware 12.2 packages: f30f1f0a949f321b6aefb99a703eca3f apr-util-1.4.1-i486-1_slack12.2.tgz 18fd6ddd6e6bbf4a7222ade821ec1aa1 httpd-2.2.22-i486-1_slack12.2.tgz Slackware 13.0 packages: d3600fef7f1cabb62554417567fb55ab apr-util-1.4.1-i486-1_slack13.0.txz 0456c808efb92da333942ff939746d77 httpd-2.2.22-i486-1_slack13.0.txz Slackware x86_64 13.0 packages: d15c2e0a4aa074bbadfa50099da482b2 apr-util-1.4.1-x86_64-1_slack13.0.txz 1b72685b2519bbf167973d88dce562e1 httpd-2.2.22-x86_64-1_slack13.0.txz Slackware 13.1 packages: 9c7c2bb99c99f3a6275f0dc9636ce38c apr-util-1.4.1-i486-1_slack13.1.txz 49a5e4a73be2328d80cca186efe2f6f7 httpd-2.2.22-i486-1_slack13.1.txz Slackware x86_64 13.1 packages: 4f9dcb6495c04d3094cc68050440505b apr-util-1.4.1-x86_64-1_slack13.1.txz 1f378f8a4d990d7298e0155b22cfcf19 httpd-2.2.22-x86_64-1_slack13.1.txz Slackware 13.37 packages: 7feb382700511d72737c5a31e91ee56e apr-util-1.4.1-i486-1_slack13.37.txz 783de593b5827c8601e2b486cf98397f httpd-2.2.22-i486-1_slack13.37.txz Slackware x86_64 13.37 packages: 1bd4b3df67a0449f3015e82e47cd808d apr-util-1.4.1-x86_64-1_slack13.37.txz 8999903e736cbb29c055ea2bf66cfed1 httpd-2.2.22-x86_64-1_slack13.37.txz Slackware -current packages: e709c8056cede91c35fd354ad5b654df l/apr-util-1.4.1-i486-1.txz 97c295a42d4678537c62d6ce54d3e1fa n/httpd-2.2.22-i486-1.txz Slackware x86_64 -current packages: 55fdf36b05ff7e82aa9a015289290424 l/apr-util-1.4.1-x86_64-1.txz 09daa138b81fbf877596e4abc2a01bb6 n/httpd-2.2.22-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg apr-util-1.4.1-i486-1_slack13.37.txz httpd-2.2.22-i486-1_slack13.37.txz Then, restart the httpd daemon. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Hitachi Multiple Products Apache HTTP Server "httpOnly" Cookie Disclosure Vulnerability SECUNIA ADVISORY ID: SA51626 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51626/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51626 RELEASE DATE: 2012-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/51626/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51626/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51626 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged a vulnerability in multiple products, which can be exploited by malicious people to disclose potentially sensitive information. For more information see vulnerability #1 in: SA47779 Please see the vendor's advisory for a list of affected products. ORIGINAL ADVISORY: Hitachi (HS12-033): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2012:0323-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0323.html Issue date: 2012-02-21 CVE Names: CVE-2011-3607 CVE-2011-3639 CVE-2012-0031 CVE-2012-0053 ===================================================================== 1. Summary: Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. It was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1392) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. (CVE-2011-3639) The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607) A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix 769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow 773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling 785069 - CVE-2012-0053 httpd: cookie exposure due to error responses 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm i386: httpd-2.2.3-63.el5_8.1.i386.rpm httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm mod_ssl-2.2.3-63.el5_8.1.i386.rpm x86_64: httpd-2.2.3-63.el5_8.1.x86_64.rpm httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm mod_ssl-2.2.3-63.el5_8.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm i386: httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm httpd-devel-2.2.3-63.el5_8.1.i386.rpm httpd-manual-2.2.3-63.el5_8.1.i386.rpm x86_64: httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm httpd-devel-2.2.3-63.el5_8.1.i386.rpm httpd-devel-2.2.3-63.el5_8.1.x86_64.rpm httpd-manual-2.2.3-63.el5_8.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm i386: httpd-2.2.3-63.el5_8.1.i386.rpm httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm httpd-devel-2.2.3-63.el5_8.1.i386.rpm httpd-manual-2.2.3-63.el5_8.1.i386.rpm mod_ssl-2.2.3-63.el5_8.1.i386.rpm ia64: httpd-2.2.3-63.el5_8.1.ia64.rpm httpd-debuginfo-2.2.3-63.el5_8.1.ia64.rpm httpd-devel-2.2.3-63.el5_8.1.ia64.rpm httpd-manual-2.2.3-63.el5_8.1.ia64.rpm mod_ssl-2.2.3-63.el5_8.1.ia64.rpm ppc: httpd-2.2.3-63.el5_8.1.ppc.rpm httpd-debuginfo-2.2.3-63.el5_8.1.ppc.rpm httpd-debuginfo-2.2.3-63.el5_8.1.ppc64.rpm httpd-devel-2.2.3-63.el5_8.1.ppc.rpm httpd-devel-2.2.3-63.el5_8.1.ppc64.rpm httpd-manual-2.2.3-63.el5_8.1.ppc.rpm mod_ssl-2.2.3-63.el5_8.1.ppc.rpm s390x: httpd-2.2.3-63.el5_8.1.s390x.rpm httpd-debuginfo-2.2.3-63.el5_8.1.s390.rpm httpd-debuginfo-2.2.3-63.el5_8.1.s390x.rpm httpd-devel-2.2.3-63.el5_8.1.s390.rpm httpd-devel-2.2.3-63.el5_8.1.s390x.rpm httpd-manual-2.2.3-63.el5_8.1.s390x.rpm mod_ssl-2.2.3-63.el5_8.1.s390x.rpm x86_64: httpd-2.2.3-63.el5_8.1.x86_64.rpm httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm httpd-devel-2.2.3-63.el5_8.1.i386.rpm httpd-devel-2.2.3-63.el5_8.1.x86_64.rpm httpd-manual-2.2.3-63.el5_8.1.x86_64.rpm mod_ssl-2.2.3-63.el5_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3607.html https://www.redhat.com/security/data/cve/CVE-2011-3639.html https://www.redhat.com/security/data/cve/CVE-2012-0031.html https://www.redhat.com/security/data/cve/CVE-2012-0053.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-1392.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPRBwPXlSAg2UNWIIRAlvJAJ0TMniw4hLPlG+CAhF6cZd3RqTH3QCfVlvK 6HtbvIeYuOnRkg4sqECy22U= =UZwj -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function (CVE-2012-0031). Additionally APR and APR-UTIL has been upgraded to the latest versions 1.4.5 and 1.4.1 respectively which holds many improvments over the previous versions. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 http://httpd.apache.org/security/vulnerabilities_22.html http://www.apache.org/dist/httpd/CHANGES_2.2.22 http://www.apache.org/dist/apr/CHANGES-APR-1.4 http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.4 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 56fb4ba5b622b9603972ce3cf697f965 2010.1/i586/apache-base-2.2.22-0.1mdv2010.2.i586.rpm f5a8b8ca5a647ae031ed9ab220d0aed9 2010.1/i586/apache-conf-2.2.22-0.1mdv2010.2.i586.rpm 188a47c23fb1a981307e6ff856e105e1 2010.1/i586/apache-devel-2.2.22-0.1mdv2010.2.i586.rpm b8ac0aee0046e2ea49d1e20c06d434cb 2010.1/i586/apache-doc-2.2.22-0.1mdv2010.2.noarch.rpm 21cbaa3ddbfb8404509663e26122aae4 2010.1/i586/apache-htcacheclean-2.2.22-0.1mdv2010.2.i586.rpm 059c090d1f06b406ad1ef5a2988e4af7 2010.1/i586/apache-mod_authn_dbd-2.2.22-0.1mdv2010.2.i586.rpm 6d724071c1444d4d10bf1f7ae93458c7 2010.1/i586/apache-mod_cache-2.2.22-0.1mdv2010.2.i586.rpm 8b7e6311edd39109c0fef022525216aa 2010.1/i586/apache-mod_dav-2.2.22-0.1mdv2010.2.i586.rpm a24b8c9ad8877bbf5a89cfaddfbd13ce 2010.1/i586/apache-mod_dbd-2.2.22-0.1mdv2010.2.i586.rpm 2057cc8255abc168836d8857d971677d 2010.1/i586/apache-mod_deflate-2.2.22-0.1mdv2010.2.i586.rpm 76e225b09fc51fb027da2ea664c810ab 2010.1/i586/apache-mod_disk_cache-2.2.22-0.1mdv2010.2.i586.rpm 1b304277ed799f7fc6d9b4bac99636d1 2010.1/i586/apache-mod_file_cache-2.2.22-0.1mdv2010.2.i586.rpm c94e655651a24327238d289d44fcaff7 2010.1/i586/apache-mod_ldap-2.2.22-0.1mdv2010.2.i586.rpm 9ae6ef480be66f4028978cbbbe399087 2010.1/i586/apache-mod_mem_cache-2.2.22-0.1mdv2010.2.i586.rpm 2b54a187fe6d6138587a9473e0b3e315 2010.1/i586/apache-mod_proxy-2.2.22-0.1mdv2010.2.i586.rpm 9f5d84b537476e18fc5fbdff311014cd 2010.1/i586/apache-mod_proxy_ajp-2.2.22-0.1mdv2010.2.i586.rpm 2527f0749e10889b06323ed655eb1831 2010.1/i586/apache-mod_proxy_scgi-2.2.22-0.1mdv2010.2.i586.rpm f8f998f8b45fdd40db7e269addb99697 2010.1/i586/apache-mod_reqtimeout-2.2.22-0.1mdv2010.2.i586.rpm a63a485aae54a95d27992f1476f156c2 2010.1/i586/apache-mod_ssl-2.2.22-0.1mdv2010.2.i586.rpm 21fb7bb7c9edbf4d342a1d564aedc4da 2010.1/i586/apache-mod_suexec-2.2.22-0.1mdv2010.2.i586.rpm 075258e0ba1c55800306d3c65dadf077 2010.1/i586/apache-modules-2.2.22-0.1mdv2010.2.i586.rpm aaf72571b5573a5eab44d157063fb876 2010.1/i586/apache-mod_userdir-2.2.22-0.1mdv2010.2.i586.rpm 00b357ab023c4e2cac197b76a5b029e4 2010.1/i586/apache-mpm-event-2.2.22-0.1mdv2010.2.i586.rpm 995ff181c7fa28167cad871ace3efc8a 2010.1/i586/apache-mpm-itk-2.2.22-0.1mdv2010.2.i586.rpm ac869b3eda31437eacd790a7e98c12bf 2010.1/i586/apache-mpm-peruser-2.2.22-0.1mdv2010.2.i586.rpm 42aadf645d6aa7ad442400184024da5d 2010.1/i586/apache-mpm-prefork-2.2.22-0.1mdv2010.2.i586.rpm e48ee4f1e263630b33d91cc67b778d05 2010.1/i586/apache-mpm-worker-2.2.22-0.1mdv2010.2.i586.rpm 067694a2a8067461b030c469b3171e35 2010.1/i586/apache-source-2.2.22-0.1mdv2010.2.i586.rpm 511ec770eb3037c6de9fbafff7a6edbb 2010.1/i586/apr-util-dbd-freetds-1.4.1-0.1mdv2010.2.i586.rpm 90f16a6d6a50550907642be471b7fcea 2010.1/i586/apr-util-dbd-ldap-1.4.1-0.1mdv2010.2.i586.rpm 8fc2d6fb35866b98c0ff117e3a3a63ed 2010.1/i586/apr-util-dbd-mysql-1.4.1-0.1mdv2010.2.i586.rpm 8d3f78177261f5c85cceef0b60397710 2010.1/i586/apr-util-dbd-odbc-1.4.1-0.1mdv2010.2.i586.rpm 7f4e58ab12383a8a1d2f5d4a23dac3d9 2010.1/i586/apr-util-dbd-pgsql-1.4.1-0.1mdv2010.2.i586.rpm 5003ce64cd39eeb99309d2a3f36b73c7 2010.1/i586/apr-util-dbd-sqlite3-1.4.1-0.1mdv2010.2.i586.rpm 67fa4b82a25e219fc6f8b774c9f542bb 2010.1/i586/apr-util-dbm-db-1.4.1-0.1mdv2010.2.i586.rpm acfaa4d7c144eeba55ccdb0514554c07 2010.1/i586/apr-util-nss-1.4.1-0.1mdv2010.2.i586.rpm f441158622a8b0cf50b2676f40c9ccc1 2010.1/i586/apr-util-openssl-1.4.1-0.1mdv2010.2.i586.rpm fe0794c4c6a4c8659e9c408533e87fd9 2010.1/i586/libapr1-1.4.5-0.1mdv2010.2.i586.rpm eb5fb160c8d8547f519602fd3bac2942 2010.1/i586/libapr-devel-1.4.5-0.1mdv2010.2.i586.rpm d56f6d4fb981b313cf3ba7b470b27b1f 2010.1/i586/libapr-util1-1.4.1-0.1mdv2010.2.i586.rpm d8a89f5bfff8a02c8fd4ad0121e0ba0e 2010.1/i586/libapr-util-devel-1.4.1-0.1mdv2010.2.i586.rpm 11848d5837d5fbad6962b28061a7188e 2010.1/SRPMS/apache-2.2.22-0.1mdv2010.2.src.rpm 8b0691197f1cea700bbc8ea2322ecdc2 2010.1/SRPMS/apache-conf-2.2.22-0.1mdv2010.2.src.rpm 34506b2f07646d1133b02b0b5a0e87ce 2010.1/SRPMS/apache-mod_suexec-2.2.22-0.1mdv2010.2.src.rpm 1296d93ae700cc0d000f271ae90631cf 2010.1/SRPMS/apr-1.4.5-0.1mdv2010.2.src.rpm 1bc3d0f1beb53d76479ee2d6a0abafd1 2010.1/SRPMS/apr-util-1.4.1-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 796849afc4621679757bb933492955d6 2010.1/x86_64/apache-base-2.2.22-0.1mdv2010.2.x86_64.rpm 98c71aa8081f855edfeab12ef049ea12 2010.1/x86_64/apache-conf-2.2.22-0.1mdv2010.2.x86_64.rpm 7495ddd692f76dd1fb6d0c7af5443021 2010.1/x86_64/apache-devel-2.2.22-0.1mdv2010.2.x86_64.rpm 7d1a78a8cd122a90657d3bc533b5453c 2010.1/x86_64/apache-doc-2.2.22-0.1mdv2010.2.noarch.rpm 0d37d33eb2c693d0a594e86cb7564513 2010.1/x86_64/apache-htcacheclean-2.2.22-0.1mdv2010.2.x86_64.rpm c6644af4a3b6a3777b0e913315ed4fa0 2010.1/x86_64/apache-mod_authn_dbd-2.2.22-0.1mdv2010.2.x86_64.rpm a7398342d98e77f9b26870aeeb296083 2010.1/x86_64/apache-mod_cache-2.2.22-0.1mdv2010.2.x86_64.rpm 69ce20f7fe2558304f88953b257d6172 2010.1/x86_64/apache-mod_dav-2.2.22-0.1mdv2010.2.x86_64.rpm 151beb4179a08d9adb7b34b13d4bc70f 2010.1/x86_64/apache-mod_dbd-2.2.22-0.1mdv2010.2.x86_64.rpm 75b9143240fda7aae214c8dd6f38e25d 2010.1/x86_64/apache-mod_deflate-2.2.22-0.1mdv2010.2.x86_64.rpm 451aa35c47e79e1d568f628ac5c2ce21 2010.1/x86_64/apache-mod_disk_cache-2.2.22-0.1mdv2010.2.x86_64.rpm 2bb07736fe0def061e3b312770fb341a 2010.1/x86_64/apache-mod_file_cache-2.2.22-0.1mdv2010.2.x86_64.rpm 50ba607de01e7f3f5475ea2a6c8b3adf 2010.1/x86_64/apache-mod_ldap-2.2.22-0.1mdv2010.2.x86_64.rpm 5602023af3d1b638217e7299b238eac1 2010.1/x86_64/apache-mod_mem_cache-2.2.22-0.1mdv2010.2.x86_64.rpm a0c3082a6d0a8f33685e5a18f856f2b7 2010.1/x86_64/apache-mod_proxy-2.2.22-0.1mdv2010.2.x86_64.rpm 6f84d33f811d785668f56e2f47b66a4f 2010.1/x86_64/apache-mod_proxy_ajp-2.2.22-0.1mdv2010.2.x86_64.rpm dfdf2e995e29cccea11d5fb95bb48e02 2010.1/x86_64/apache-mod_proxy_scgi-2.2.22-0.1mdv2010.2.x86_64.rpm e27222d30d30ae20c18d877496d1cd4e 2010.1/x86_64/apache-mod_reqtimeout-2.2.22-0.1mdv2010.2.x86_64.rpm c97faa36b7211822f0146474268b0dbc 2010.1/x86_64/apache-mod_ssl-2.2.22-0.1mdv2010.2.x86_64.rpm c59c7b7a49bc73d948e4fc9fb8a3e9a5 2010.1/x86_64/apache-mod_suexec-2.2.22-0.1mdv2010.2.x86_64.rpm a2d9b9ab87df5c037f49ce677eebdbaa 2010.1/x86_64/apache-modules-2.2.22-0.1mdv2010.2.x86_64.rpm aeb9c05d580d4d3b747d67ca41cae83d 2010.1/x86_64/apache-mod_userdir-2.2.22-0.1mdv2010.2.x86_64.rpm 79abd3eb861a9f1bac3657d4c0b32b04 2010.1/x86_64/apache-mpm-event-2.2.22-0.1mdv2010.2.x86_64.rpm 7bc5c6e0ce8cfc9f552d8b2402544c7c 2010.1/x86_64/apache-mpm-itk-2.2.22-0.1mdv2010.2.x86_64.rpm 0c80a2fc89ed15ff04a7941871850f20 2010.1/x86_64/apache-mpm-peruser-2.2.22-0.1mdv2010.2.x86_64.rpm 851b8accd823b210d7f92a9061a9f971 2010.1/x86_64/apache-mpm-prefork-2.2.22-0.1mdv2010.2.x86_64.rpm 67765c9d1be70f7142fc29e1a1d7d48a 2010.1/x86_64/apache-mpm-worker-2.2.22-0.1mdv2010.2.x86_64.rpm 79767b14bd34f62b708b38efd0ba0e37 2010.1/x86_64/apache-source-2.2.22-0.1mdv2010.2.x86_64.rpm b7d0787fc2070b77744c07c570ed2127 2010.1/x86_64/apr-util-dbd-freetds-1.4.1-0.1mdv2010.2.x86_64.rpm f201517da3ea529b32ef9f0bf3e255d7 2010.1/x86_64/apr-util-dbd-ldap-1.4.1-0.1mdv2010.2.x86_64.rpm 3c1319d4b0fe19a255a7f2d81f474033 2010.1/x86_64/apr-util-dbd-mysql-1.4.1-0.1mdv2010.2.x86_64.rpm 8ddfddbe874d8b628ccb656e6ff6e8aa 2010.1/x86_64/apr-util-dbd-odbc-1.4.1-0.1mdv2010.2.x86_64.rpm 43018539c6defdcd04e0de2dd1147112 2010.1/x86_64/apr-util-dbd-pgsql-1.4.1-0.1mdv2010.2.x86_64.rpm 616697bd09e0eb3d688128984308540a 2010.1/x86_64/apr-util-dbd-sqlite3-1.4.1-0.1mdv2010.2.x86_64.rpm 4d6345aec5b686901f6350d82b2e4485 2010.1/x86_64/apr-util-dbm-db-1.4.1-0.1mdv2010.2.x86_64.rpm 1a558b7406055208c545134e5af95e55 2010.1/x86_64/apr-util-nss-1.4.1-0.1mdv2010.2.x86_64.rpm aada3398fc278beac6b167a36a81d6b0 2010.1/x86_64/apr-util-openssl-1.4.1-0.1mdv2010.2.x86_64.rpm 0eed117fada2ee7e77118994cc20e61a 2010.1/x86_64/lib64apr1-1.4.5-0.1mdv2010.2.x86_64.rpm e323edb7ea3fee9f2c57d0169f7f5cd9 2010.1/x86_64/lib64apr-devel-1.4.5-0.1mdv2010.2.x86_64.rpm 8ffa5f05f5c11b87460bb1f5202c0224 2010.1/x86_64/lib64apr-util1-1.4.1-0.1mdv2010.2.x86_64.rpm 0673a9fc2105a8684d6e47d18f10de93 2010.1/x86_64/lib64apr-util-devel-1.4.1-0.1mdv2010.2.x86_64.rpm 11848d5837d5fbad6962b28061a7188e 2010.1/SRPMS/apache-2.2.22-0.1mdv2010.2.src.rpm 8b0691197f1cea700bbc8ea2322ecdc2 2010.1/SRPMS/apache-conf-2.2.22-0.1mdv2010.2.src.rpm 34506b2f07646d1133b02b0b5a0e87ce 2010.1/SRPMS/apache-mod_suexec-2.2.22-0.1mdv2010.2.src.rpm 1296d93ae700cc0d000f271ae90631cf 2010.1/SRPMS/apr-1.4.5-0.1mdv2010.2.src.rpm 1bc3d0f1beb53d76479ee2d6a0abafd1 2010.1/SRPMS/apr-util-1.4.1-0.1mdv2010.2.src.rpm Mandriva Linux 2011: f1bb32ce70f76c8c133ee64248285d97 2011/i586/apache-base-2.2.22-0.1-mdv2011.0.i586.rpm bd254765319e62463916c63c5d1abdac 2011/i586/apache-conf-2.2.22-0.1-mdv2011.0.i586.rpm d98f97f6daba8b36deebae1ad70d9446 2011/i586/apache-devel-2.2.22-0.1-mdv2011.0.i586.rpm 5b7a5f9bda278c09a5bb2c3def93a80a 2011/i586/apache-doc-2.2.22-0.1-mdv2011.0.noarch.rpm 24ce29d16f9731011360f331d301d96a 2011/i586/apache-htcacheclean-2.2.22-0.1-mdv2011.0.i586.rpm 409307abbb0fa479c7fe2bc0664ab416 2011/i586/apache-mod_authn_dbd-2.2.22-0.1-mdv2011.0.i586.rpm 1b86d35acbd5eb767586f3b179c90816 2011/i586/apache-mod_cache-2.2.22-0.1-mdv2011.0.i586.rpm 125d64168f0e5643873ae50940e2d05b 2011/i586/apache-mod_dav-2.2.22-0.1-mdv2011.0.i586.rpm bf90713d4f6dfd23976928545bec3cb8 2011/i586/apache-mod_dbd-2.2.22-0.1-mdv2011.0.i586.rpm 9adf2d5ef8130d96935521b62cd52890 2011/i586/apache-mod_deflate-2.2.22-0.1-mdv2011.0.i586.rpm f705480602fd012c6f95fd060752aa1f 2011/i586/apache-mod_disk_cache-2.2.22-0.1-mdv2011.0.i586.rpm 4efad7e7893abcf082ee65b1e147b791 2011/i586/apache-mod_file_cache-2.2.22-0.1-mdv2011.0.i586.rpm 5f774d4572c70a3acd2de48f7cab5453 2011/i586/apache-mod_ldap-2.2.22-0.1-mdv2011.0.i586.rpm 1b23ccb6f0d0fe56b6506edc60eaa7c4 2011/i586/apache-mod_mem_cache-2.2.22-0.1-mdv2011.0.i586.rpm a25ef2471fff4e83bcc886e49150a733 2011/i586/apache-mod_proxy-2.2.22-0.1-mdv2011.0.i586.rpm 39e28aaa72e989e1a0585a452a50e243 2011/i586/apache-mod_proxy_ajp-2.2.22-0.1-mdv2011.0.i586.rpm b23c64361100c0d859db912113d4c9c1 2011/i586/apache-mod_proxy_scgi-2.2.22-0.1-mdv2011.0.i586.rpm 52a519f635fd2e37c64d024b3011d6d4 2011/i586/apache-mod_reqtimeout-2.2.22-0.1-mdv2011.0.i586.rpm 2fadfbfb75910cd25f6cee9c55f596d8 2011/i586/apache-mod_ssl-2.2.22-0.1-mdv2011.0.i586.rpm b487518e4d440a5e3529094df57ef623 2011/i586/apache-mod_suexec-2.2.22-0.1-mdv2011.0.i586.rpm e1f5d3062a09de8f2ed7f054ca78d1a1 2011/i586/apache-modules-2.2.22-0.1-mdv2011.0.i586.rpm fbb5e1cb45bae32638b47f4903a4fc42 2011/i586/apache-mod_userdir-2.2.22-0.1-mdv2011.0.i586.rpm 9603e978f5842d4589b0a8b564715888 2011/i586/apache-mpm-event-2.2.22-0.1-mdv2011.0.i586.rpm 16a128cf20932fdc1b1566a696a1ddcd 2011/i586/apache-mpm-itk-2.2.22-0.1-mdv2011.0.i586.rpm 0ba5d03ffe95cb2b52e03e9890d8d439 2011/i586/apache-mpm-peruser-2.2.22-0.1-mdv2011.0.i586.rpm a6ee846fe89221b3fb94cf08beb4f896 2011/i586/apache-mpm-prefork-2.2.22-0.1-mdv2011.0.i586.rpm 5e8fa57add6530602f9bbb388476aefe 2011/i586/apache-mpm-worker-2.2.22-0.1-mdv2011.0.i586.rpm f6cad6a647fccf8aeb183aeb5fc13885 2011/i586/apache-source-2.2.22-0.1-mdv2011.0.i586.rpm 6a98e4b3a0faf413a2d99fda92440458 2011/i586/apr-util-dbd-freetds-1.4.1-0.1-mdv2011.0.i586.rpm ee2475e7b0d72597de9667f9585f4a90 2011/i586/apr-util-dbd-ldap-1.4.1-0.1-mdv2011.0.i586.rpm 5a47a0190b8c7bc6b786d0a523bc98f9 2011/i586/apr-util-dbd-mysql-1.4.1-0.1-mdv2011.0.i586.rpm 7582dc90ee9b19eb7b280e5a419cd0e8 2011/i586/apr-util-dbd-odbc-1.4.1-0.1-mdv2011.0.i586.rpm 5358473ba718ee72b0e83ddc8de2b973 2011/i586/apr-util-dbd-pgsql-1.4.1-0.1-mdv2011.0.i586.rpm 283f4024d290d0a5d5d77e8836dcf2dc 2011/i586/apr-util-dbd-sqlite3-1.4.1-0.1-mdv2011.0.i586.rpm 27367e07c32a8c49eda4efec1963fd83 2011/i586/apr-util-dbm-db-1.4.1-0.1-mdv2011.0.i586.rpm 4b76496e9e529c55e182524a63f118f6 2011/i586/apr-util-nss-1.4.1-0.1-mdv2011.0.i586.rpm 3a711fe28146bbde3876d461398c04eb 2011/i586/apr-util-openssl-1.4.1-0.1-mdv2011.0.i586.rpm f962fcfe66bd9855464828ee45d6086a 2011/i586/libapr-util1-1.4.1-0.1-mdv2011.0.i586.rpm 0345295730b8cc89dc27c49cca2a3e20 2011/i586/libapr-util-devel-1.4.1-0.1-mdv2011.0.i586.rpm 64c2025376d485278d35787126297b16 2011/SRPMS/apache-2.2.22-0.1.src.rpm 1bec03b42630c1ebe51507da960178d7 2011/SRPMS/apache-conf-2.2.22-0.1.src.rpm 43c8390506b2dd80c17165b6f2fdd342 2011/SRPMS/apache-mod_suexec-2.2.22-0.1.src.rpm 0bf1ebb85fc04d62ca8a0ee78e789a9d 2011/SRPMS/apr-util-1.4.1-0.1.src.rpm Mandriva Linux 2011/X86_64: 288a117bb0a2a0ee70bba52b09965bdc 2011/x86_64/apache-base-2.2.22-0.1-mdv2011.0.x86_64.rpm 820c1e25d595ac09a00c82c37aafc54f 2011/x86_64/apache-conf-2.2.22-0.1-mdv2011.0.x86_64.rpm 34379127564d44174d6a62ef3730bbff 2011/x86_64/apache-devel-2.2.22-0.1-mdv2011.0.x86_64.rpm 8732fb52a40dc52706e7d33855d73e86 2011/x86_64/apache-doc-2.2.22-0.1-mdv2011.0.noarch.rpm 8270d5f5e742c9a9f010fca50d1d0fd7 2011/x86_64/apache-htcacheclean-2.2.22-0.1-mdv2011.0.x86_64.rpm 33f0de7a19c6053a59fb1057d5f2cd39 2011/x86_64/apache-mod_authn_dbd-2.2.22-0.1-mdv2011.0.x86_64.rpm b6a08d22622085fdf8b1caf6e515605e 2011/x86_64/apache-mod_cache-2.2.22-0.1-mdv2011.0.x86_64.rpm 34ae99330a07e7177adb569d4c9f6d7b 2011/x86_64/apache-mod_dav-2.2.22-0.1-mdv2011.0.x86_64.rpm 73100f2054ade73f4b03339a990208c1 2011/x86_64/apache-mod_dbd-2.2.22-0.1-mdv2011.0.x86_64.rpm 9f3eeee833a0b010fe60a318ae8c9175 2011/x86_64/apache-mod_deflate-2.2.22-0.1-mdv2011.0.x86_64.rpm 2b0b1b517169fcdc86aa6900e003f639 2011/x86_64/apache-mod_disk_cache-2.2.22-0.1-mdv2011.0.x86_64.rpm 7971158bee86308a757359e09f510cf3 2011/x86_64/apache-mod_file_cache-2.2.22-0.1-mdv2011.0.x86_64.rpm 7a8771c2428642aa721f4ba2595c1eb8 2011/x86_64/apache-mod_ldap-2.2.22-0.1-mdv2011.0.x86_64.rpm c95e8903306c6cb244e3131475fce4ad 2011/x86_64/apache-mod_mem_cache-2.2.22-0.1-mdv2011.0.x86_64.rpm 570ff003d002bc46d876ae0e17c158f9 2011/x86_64/apache-mod_proxy-2.2.22-0.1-mdv2011.0.x86_64.rpm ba435d7104679cd0a778a412ee0d0103 2011/x86_64/apache-mod_proxy_ajp-2.2.22-0.1-mdv2011.0.x86_64.rpm 2cdfef9ec7290e9c21cc8e168c37017f 2011/x86_64/apache-mod_proxy_scgi-2.2.22-0.1-mdv2011.0.x86_64.rpm 46d125a529029252bf2f464a18af2c76 2011/x86_64/apache-mod_reqtimeout-2.2.22-0.1-mdv2011.0.x86_64.rpm 0460a86fcf5664da452e6edee176f6a3 2011/x86_64/apache-mod_ssl-2.2.22-0.1-mdv2011.0.x86_64.rpm a18d004e065a9f6396a4fdb9ccdfecf1 2011/x86_64/apache-mod_suexec-2.2.22-0.1-mdv2011.0.x86_64.rpm 2b10178187ae57cb1c7b94f9e983288b 2011/x86_64/apache-modules-2.2.22-0.1-mdv2011.0.x86_64.rpm e8e4dbe9de83f2763e8c4e29246b76f4 2011/x86_64/apache-mod_userdir-2.2.22-0.1-mdv2011.0.x86_64.rpm 7faddb3b7036cf91d17a912cfe81da6e 2011/x86_64/apache-mpm-event-2.2.22-0.1-mdv2011.0.x86_64.rpm fd0892f2e98290839470ed962ce1a082 2011/x86_64/apache-mpm-itk-2.2.22-0.1-mdv2011.0.x86_64.rpm 96e27c56b1157047037529614b4f65c4 2011/x86_64/apache-mpm-peruser-2.2.22-0.1-mdv2011.0.x86_64.rpm e1e40cb337baec1308b6d84265436611 2011/x86_64/apache-mpm-prefork-2.2.22-0.1-mdv2011.0.x86_64.rpm ac367ca13f7bfe8a8e113645882bf49d 2011/x86_64/apache-mpm-worker-2.2.22-0.1-mdv2011.0.x86_64.rpm 506704bbd9fe1b8fe8eb1f951783bd15 2011/x86_64/apache-source-2.2.22-0.1-mdv2011.0.x86_64.rpm aed3b23f71ca246d1c2bea1cfbc066d3 2011/x86_64/apr-util-dbd-freetds-1.4.1-0.1-mdv2011.0.x86_64.rpm aa20bfe8aae919bb576e1bc658e5cb03 2011/x86_64/apr-util-dbd-ldap-1.4.1-0.1-mdv2011.0.x86_64.rpm 3a1ee88a118fe3c24558f5efdc321cd3 2011/x86_64/apr-util-dbd-mysql-1.4.1-0.1-mdv2011.0.x86_64.rpm 78c1c9b3ce0a83e68b96c1a24a9cddfa 2011/x86_64/apr-util-dbd-odbc-1.4.1-0.1-mdv2011.0.x86_64.rpm c2892d0587580b62ac6a26e681a9e238 2011/x86_64/apr-util-dbd-pgsql-1.4.1-0.1-mdv2011.0.x86_64.rpm aaf4a6aec4cee8032b60a165c1d10471 2011/x86_64/apr-util-dbd-sqlite3-1.4.1-0.1-mdv2011.0.x86_64.rpm b6cdd3f50f5279105eaf75d511a89707 2011/x86_64/apr-util-dbm-db-1.4.1-0.1-mdv2011.0.x86_64.rpm f08cd2bfc7c1cb948275e425ddec751f 2011/x86_64/apr-util-nss-1.4.1-0.1-mdv2011.0.x86_64.rpm 63eb5ff5faeadd882808cfaae7fceefa 2011/x86_64/apr-util-openssl-1.4.1-0.1-mdv2011.0.x86_64.rpm cb1b58232d8ce96aa2744eaf458442aa 2011/x86_64/lib64apr-util1-1.4.1-0.1-mdv2011.0.x86_64.rpm eb68d273aa7f80c343451e7fbe732e1d 2011/x86_64/lib64apr-util-devel-1.4.1-0.1-mdv2011.0.x86_64.rpm 64c2025376d485278d35787126297b16 2011/SRPMS/apache-2.2.22-0.1.src.rpm 1bec03b42630c1ebe51507da960178d7 2011/SRPMS/apache-conf-2.2.22-0.1.src.rpm 43c8390506b2dd80c17165b6f2fdd342 2011/SRPMS/apache-mod_suexec-2.2.22-0.1.src.rpm 0bf1ebb85fc04d62ca8a0ee78e789a9d 2011/SRPMS/apr-util-1.4.1-0.1.src.rpm Mandriva Enterprise Server 5: 0c4dfb80ed556ac1063dd380cfddc9c9 mes5/i586/apache-base-2.2.22-0.1mdvmes5.2.i586.rpm d4f72d4dd298c65700a334182fa4a2fb mes5/i586/apache-conf-2.2.22-0.1mdvmes5.2.i586.rpm 65f8da62e30b823e7721be6cacf11cc8 mes5/i586/apache-devel-2.2.22-0.1mdvmes5.2.i586.rpm d575144dcd98a24fb1f7f8795bae1c7e mes5/i586/apache-doc-2.2.22-0.1mdvmes5.2.i586.rpm ac94ec541786cfdd4f71cb2b21272210 mes5/i586/apache-htcacheclean-2.2.22-0.1mdvmes5.2.i586.rpm b04ac3899cc69f25533b9bacda052e03 mes5/i586/apache-mod_authn_dbd-2.2.22-0.1mdvmes5.2.i586.rpm 1b37a28786f1a9f5d21fbdde0aaa0ee0 mes5/i586/apache-mod_cache-2.2.22-0.1mdvmes5.2.i586.rpm 217a46e8e3353c6fc5ccb765685fe58a mes5/i586/apache-mod_dav-2.2.22-0.1mdvmes5.2.i586.rpm 93e9e17a7b3bb963b45bf94631e99dfb mes5/i586/apache-mod_dbd-2.2.22-0.1mdvmes5.2.i586.rpm 152c767fbb6a94e4c62d1e9ab2c9017a mes5/i586/apache-mod_deflate-2.2.22-0.1mdvmes5.2.i586.rpm 5d47797281bc62819d7cce4b5eeaa46f mes5/i586/apache-mod_disk_cache-2.2.22-0.1mdvmes5.2.i586.rpm 284ce81683908084165d8c11e6aea079 mes5/i586/apache-mod_file_cache-2.2.22-0.1mdvmes5.2.i586.rpm 6b8cdab1a406a3347f7b7b4773b4a086 mes5/i586/apache-mod_ldap-2.2.22-0.1mdvmes5.2.i586.rpm df0f2aa1c28739e45dface0f7b0f244e mes5/i586/apache-mod_mem_cache-2.2.22-0.1mdvmes5.2.i586.rpm f8e95a5fbbaa08dd9f8cc1d13897475b mes5/i586/apache-mod_proxy-2.2.22-0.1mdvmes5.2.i586.rpm 203d05f856247b52c243c383951c9d58 mes5/i586/apache-mod_proxy_ajp-2.2.22-0.1mdvmes5.2.i586.rpm 7b7475977845494bc032731e30e21e5c mes5/i586/apache-mod_proxy_scgi-2.2.22-0.1mdvmes5.2.i586.rpm adf72d8e77e7ab776d8e613392da39f6 mes5/i586/apache-mod_reqtimeout-2.2.22-0.1mdvmes5.2.i586.rpm cf35f4184eb71fe92a9d6b3580f3dd01 mes5/i586/apache-mod_ssl-2.2.22-0.1mdvmes5.2.i586.rpm 97e35e24522613aea29311721a8f7ce0 mes5/i586/apache-mod_suexec-2.2.22-0.1mdvmes5.2.i586.rpm 272ed5397006fd19275d4a729c503b90 mes5/i586/apache-modules-2.2.22-0.1mdvmes5.2.i586.rpm 9e2f6cc6547491161ab5928a383338f8 mes5/i586/apache-mod_userdir-2.2.22-0.1mdvmes5.2.i586.rpm 2466aae2d7b85bf00cd21128ddfdda9e mes5/i586/apache-mpm-event-2.2.22-0.1mdvmes5.2.i586.rpm f90acc33826952847be6d391c25142b3 mes5/i586/apache-mpm-itk-2.2.22-0.1mdvmes5.2.i586.rpm 6e6fb79880c2d0af63de719c2a3646d7 mes5/i586/apache-mpm-peruser-2.2.22-0.1mdvmes5.2.i586.rpm 722d1ac40379890f1f8ea964cff09b22 mes5/i586/apache-mpm-prefork-2.2.22-0.1mdvmes5.2.i586.rpm eac9b864d1a8c24658e8c3fb9e3a6534 mes5/i586/apache-mpm-worker-2.2.22-0.1mdvmes5.2.i586.rpm e1815f3436721d9ccc1b8586c39bed48 mes5/i586/apache-source-2.2.22-0.1mdvmes5.2.i586.rpm e157704dfb7395faf4c9773d8a769bf9 mes5/i586/apr-util-dbd-freetds-1.4.1-0.1mdvmes5.2.i586.rpm baa035ba115f4cecedc3b90cdc71ad04 mes5/i586/apr-util-dbd-ldap-1.4.1-0.1mdvmes5.2.i586.rpm 9f91cab8719d807820a37bf1f3737c36 mes5/i586/apr-util-dbd-mysql-1.4.1-0.1mdvmes5.2.i586.rpm 99008127277e5015efbb69c84b54b76f mes5/i586/apr-util-dbd-odbc-1.4.1-0.1mdvmes5.2.i586.rpm 81922659072b0f42279bbd695c569e00 mes5/i586/apr-util-dbd-pgsql-1.4.1-0.1mdvmes5.2.i586.rpm cceb0cde700d6ed1a299e7241f259c19 mes5/i586/apr-util-dbd-sqlite3-1.4.1-0.1mdvmes5.2.i586.rpm 23dbd932078a39ab0fcc5e55830a4a8a mes5/i586/apr-util-dbm-db-1.4.1-0.1mdvmes5.2.i586.rpm 4b6d926d60031cbd5dcdc8e3e84e4cb6 mes5/i586/apr-util-nss-1.4.1-0.1mdvmes5.2.i586.rpm 43dadea0443f32dc0966b9c09cadd297 mes5/i586/apr-util-openssl-1.4.1-0.1mdvmes5.2.i586.rpm fe199de9c3dc8dd7a1323a0f08b4f508 mes5/i586/libapr1-1.4.5-0.1mdvmes5.2.i586.rpm 882bd468fce086efff784482df3a8de6 mes5/i586/libapr-devel-1.4.5-0.1mdvmes5.2.i586.rpm 2bacede2a7838415a960382fe70751b0 mes5/i586/libapr-util1-1.4.1-0.1mdvmes5.2.i586.rpm 07169dc8c2a4a6f01d021761b38e8ea9 mes5/i586/libapr-util-devel-1.4.1-0.1mdvmes5.2.i586.rpm cce5b0b3b7e15779d239a836aab30898 mes5/SRPMS/apache-2.2.22-0.1mdvmes5.2.src.rpm 298bc647e0641ae7b71994c6b3b81062 mes5/SRPMS/apache-conf-2.2.22-0.1mdvmes5.2.src.rpm 8a9ce7c2d212ca88265d58f87db3f25b mes5/SRPMS/apache-mod_suexec-2.2.22-0.1mdvmes5.2.src.rpm 196bf16ed50a322ca5280b33c9fe6e57 mes5/SRPMS/apr-1.4.5-0.1mdvmes5.2.src.rpm e7a36ae2cf9f2ef47204f8c01991c2c7 mes5/SRPMS/apr-util-1.4.1-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: e439ae50888d92b179047cf0eb1af810 mes5/x86_64/apache-base-2.2.22-0.1mdvmes5.2.x86_64.rpm eaa56079e5ab03ae089ead348be20cfa mes5/x86_64/apache-conf-2.2.22-0.1mdvmes5.2.x86_64.rpm ae8e2395efd8868ccc1cc069ad90f8f9 mes5/x86_64/apache-devel-2.2.22-0.1mdvmes5.2.x86_64.rpm 7a051b32fda463d65382cb9d733c963b mes5/x86_64/apache-doc-2.2.22-0.1mdvmes5.2.x86_64.rpm 7c56f6fb236cb4fe3254e99beb4c13e4 mes5/x86_64/apache-htcacheclean-2.2.22-0.1mdvmes5.2.x86_64.rpm 23b47431fef56858287cdc0296a2f118 mes5/x86_64/apache-mod_authn_dbd-2.2.22-0.1mdvmes5.2.x86_64.rpm cc09bed05619459f4114e368d781f8bb mes5/x86_64/apache-mod_cache-2.2.22-0.1mdvmes5.2.x86_64.rpm dfa7ee773fd641298938de8e9b408404 mes5/x86_64/apache-mod_dav-2.2.22-0.1mdvmes5.2.x86_64.rpm ac769e946e94cb8efec0c8c4347f5d56 mes5/x86_64/apache-mod_dbd-2.2.22-0.1mdvmes5.2.x86_64.rpm 5e875cebdb24a2c1a8bcafc27c5dfb6d mes5/x86_64/apache-mod_deflate-2.2.22-0.1mdvmes5.2.x86_64.rpm 2a7925c6635a0094bed434f3d674f91a mes5/x86_64/apache-mod_disk_cache-2.2.22-0.1mdvmes5.2.x86_64.rpm 088c2f2ce7c5d355a8d8259875784b5b mes5/x86_64/apache-mod_file_cache-2.2.22-0.1mdvmes5.2.x86_64.rpm 054c093298a59fb251d0a1ab60b41453 mes5/x86_64/apache-mod_ldap-2.2.22-0.1mdvmes5.2.x86_64.rpm d9796c4ffeb7b0afb7a2c5ae82c9f657 mes5/x86_64/apache-mod_mem_cache-2.2.22-0.1mdvmes5.2.x86_64.rpm b7320ec2c76ed16f86bb4a66cc91a39c mes5/x86_64/apache-mod_proxy-2.2.22-0.1mdvmes5.2.x86_64.rpm ba11f817a23ded36bb37800207f67926 mes5/x86_64/apache-mod_proxy_ajp-2.2.22-0.1mdvmes5.2.x86_64.rpm 754f50de1865a9373518ce940f0796ba mes5/x86_64/apache-mod_proxy_scgi-2.2.22-0.1mdvmes5.2.x86_64.rpm e0ac87f253e32c31eca5e46808b7eca8 mes5/x86_64/apache-mod_reqtimeout-2.2.22-0.1mdvmes5.2.x86_64.rpm 2e0583164a8842495da3bc3aca1ae986 mes5/x86_64/apache-mod_ssl-2.2.22-0.1mdvmes5.2.x86_64.rpm a6cb49fb7ebb3efa23914bee649a130f mes5/x86_64/apache-mod_suexec-2.2.22-0.1mdvmes5.2.x86_64.rpm 203078e5296538b902945ed95773dbc8 mes5/x86_64/apache-modules-2.2.22-0.1mdvmes5.2.x86_64.rpm 28e523d5cf20be93489901bdde528753 mes5/x86_64/apache-mod_userdir-2.2.22-0.1mdvmes5.2.x86_64.rpm 8fc6912dab04fc8e9e6ed9ca913567e1 mes5/x86_64/apache-mpm-event-2.2.22-0.1mdvmes5.2.x86_64.rpm d8f1c11510697f1cfece8f16fe1916ea mes5/x86_64/apache-mpm-itk-2.2.22-0.1mdvmes5.2.x86_64.rpm b6df57e3edffad471867699bcff150d8 mes5/x86_64/apache-mpm-peruser-2.2.22-0.1mdvmes5.2.x86_64.rpm a600303c8eed4d583d3f55d3adb38e3a mes5/x86_64/apache-mpm-prefork-2.2.22-0.1mdvmes5.2.x86_64.rpm 8496bc1d7ba5e856bc49f8811c6ac419 mes5/x86_64/apache-mpm-worker-2.2.22-0.1mdvmes5.2.x86_64.rpm 7ec7c7393b63db8361b6cbf74226f26c mes5/x86_64/apache-source-2.2.22-0.1mdvmes5.2.x86_64.rpm 4e50011c5463339dfee0395ac28c9000 mes5/x86_64/apr-util-dbd-freetds-1.4.1-0.1mdvmes5.2.x86_64.rpm 4e521da4aa1589ce7e81832b6627a101 mes5/x86_64/apr-util-dbd-ldap-1.4.1-0.1mdvmes5.2.x86_64.rpm fed5c284c1739af45b63e6c570ded5e8 mes5/x86_64/apr-util-dbd-mysql-1.4.1-0.1mdvmes5.2.x86_64.rpm e35e100443e9aa9cc3d9b79676317661 mes5/x86_64/apr-util-dbd-odbc-1.4.1-0.1mdvmes5.2.x86_64.rpm 0490161e04cf95d1a1b4ca06ce0b2f0a mes5/x86_64/apr-util-dbd-pgsql-1.4.1-0.1mdvmes5.2.x86_64.rpm 003e00107c451e5c2da62adc3bd2971e mes5/x86_64/apr-util-dbd-sqlite3-1.4.1-0.1mdvmes5.2.x86_64.rpm 993f84d050b8b1af8530de866cd4ca8e mes5/x86_64/apr-util-dbm-db-1.4.1-0.1mdvmes5.2.x86_64.rpm 345523c3452cab759bb3b6b629141576 mes5/x86_64/apr-util-nss-1.4.1-0.1mdvmes5.2.x86_64.rpm be50803d53b0cc610e20bac95a792b5f mes5/x86_64/apr-util-openssl-1.4.1-0.1mdvmes5.2.x86_64.rpm d319161fb5d3e9268201320ad05cf551 mes5/x86_64/lib64apr1-1.4.5-0.1mdvmes5.2.x86_64.rpm 91c225bd071d58b480dcce5b7825266b mes5/x86_64/lib64apr-devel-1.4.5-0.1mdvmes5.2.x86_64.rpm f42d10be19813906ed6ccb337e2857db mes5/x86_64/lib64apr-util1-1.4.1-0.1mdvmes5.2.x86_64.rpm 6010806220723eb80ac211623b68babe mes5/x86_64/lib64apr-util-devel-1.4.1-0.1mdvmes5.2.x86_64.rpm cce5b0b3b7e15779d239a836aab30898 mes5/SRPMS/apache-2.2.22-0.1mdvmes5.2.src.rpm 298bc647e0641ae7b71994c6b3b81062 mes5/SRPMS/apache-conf-2.2.22-0.1mdvmes5.2.src.rpm 8a9ce7c2d212ca88265d58f87db3f25b mes5/SRPMS/apache-mod_suexec-2.2.22-0.1mdvmes5.2.src.rpm 196bf16ed50a322ca5280b33c9fe6e57 mes5/SRPMS/apr-1.4.5-0.1mdvmes5.2.src.rpm e7a36ae2cf9f2ef47204f8c01991c2c7 mes5/SRPMS/apr-util-1.4.1-0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPKoIMmqjQ0CJFipgRApUPAKDybXSBuVY2HxRpnqQnFpCmVw9TjACgjD7S qoOiBUIAc3k8YDXisM5t9Gc= =3aR8 -----END PGP SIGNATURE-----

AFFECTED PRODUCTS