VARIoT IoT vulnerabilities database
| VAR-200909-0321 | CVE-2009-2797 | Apple iPhone OS of WebKit Information disclosure vulnerability in components |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. Apple iPhone and iPod touch are prone to an information-disclosure vulnerability in the Safari browser.
Successful exploits may allow attackers to obtain username and password data from URI referer headers on linked sites. Information harvested may aid in launching further attacks.
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it.
This issue affects the following:
iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:039
http://www.mandriva.com/security/
_______________________________________________________________________
Package : webkit
Date : March 2, 2011
Affected: 2010.1
_______________________________________________________________________
Problem Description:
Multiple cross-site scripting, denial of service and arbitrary code
execution security flaws were discovered in webkit.
Please consult the CVE web links for further information.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm
054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm
bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm
a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm
3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm
50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm
625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm
690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm
7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm
2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm
475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm
b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm
97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL
Yv/ButpYAcXsmnJWUG4ayxQ=
=GRM6
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
Ubuntu update for webkit
SECUNIA ADVISORY ID:
SA41856
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41856/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41856
RELEASE DATE:
2010-10-21
DISCUSS ADVISORY:
http://secunia.com/advisories/41856/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41856/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41856
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Ubuntu has issued an update for webkit.
For more information:
SA36677
SA37346
SA37769
SA37931
SA38545
SA38932
SA39091
SA39651
SA40105
SA40196
SA40479
SA40664
SA41014
SA41085
SA41242
SA41328
SOLUTION:
Apply updated packages. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search. This can be exploited by malicious
people with physical access to the device to disclose potentially
sensitive information.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)
| VAR-200909-0310 | CVE-2009-2206 | Apple iPhone OS of CoreAudio Component buffer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table. Apple iPhone and iPod touch are prone to a heap-based buffer-overflow vulnerability.
Successful exploits may allow an attacker to execute arbitrary code on a vulnerable device. Failed attacks will cause denial-of-service conditions.
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it.
This issue affects the following:
iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0. Apple iPhone is a smart phone of Apple (Apple). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: Apple iPhone OS AudioCodecs Heap Buffer Overflow
Advisory ID: TKADV2009-007
Revision: 1.0
Release Date: 2009/09/09
Last Modified: 2009/09/09
Date Reported: 2009/04/05
Author: Tobias Klein (tk at trapkit.de)
Affected Software: iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0
Remotely Exploitable: Yes
Locally Exploitable: No
Vendor URL: http://www.apple.com/
Vendor Status: Vendor has released an updated version
CVE-ID: CVE-2009-2206
Patch development time: 158 days
======================
Vulnerability Details:
======================
The iPhone OS AudioCodecs library contains a heap buffer overflow
vulnerability while parsing maliciously crafted AAC or MP3 files.
One attack vector are iPhone ringtones with malformed sample size table
entries. It was successfully tested that iTunes uploads such malformed
ringtones to the phone.
==================
Technical Details:
==================
Vulnerable library:
/System/Library/Frameworks/AudioToolbox.framework/AudioCodecs
Vulnerable function:
ACTransformerCodec::AppendInputData()
Disassembly of the vulnerable function:
[..]
__text:3314443C LDR R3, [R5,#0xA8]
__text:33144440 LDR R2, [R5,#0xA4]
__text:33144444 ADD R3, R3, #1
__text:33144448 ADD R2, fp, R2
__text:3314444C STR R3, [R5,#0xA8]
__text:33144450 MOV R3, #0
__text:33144454 STMIA IP, {R2,R3} [1]
__text:33144458 MOV R3, #0
__text:3314445C STR R3, [IP,#8] [2]
__text:33144460 LDR R3, [SP,#0x4C+sample_size] [3]
__text:33144464 STR R3, [IP,#0xC] [4]
__text:33144468 ADD IP, IP, #0x10 [5]
[..]
[1] The values of R2 and R3 are stored into the heap buffer pointed to by
IP (R12). R2 contains user controlled data.
[2] The value of R3 gets copied into the heap buffer.
[3] R3 is filled with user controlled data from the audio file.
[4] The user controlled data of R3 gets copied into the heap buffer.
[5] The index into the heap buffer (pointed to by IP) gets incremented.
This code snippet gets executed in a loop. As there is no bounds checking
of the heap buffer pointed to by IP (R12) it is possible to cause an out of
bounds write (heap buffer overflow).
====================
Disclosure Timeline:
====================
2009/04/05 - Apple Product Security Team notified
2009/04/05 - Received an automated response message
2009/04/07 - Reply from Apple
2009/06/05 - Status update request sent to Apple
2009/06/05 - Apple confirms the vulnerability
2009/08/17 - Status update by Apple
2009/09/05 - Status update by Apple
2009/09/09 - New iPhone OS released by Apple
2009/09/09 - Release date of this security advisory
========
Credits:
========
Vulnerability found and advisory written by Tobias Klein.
===========
References:
===========
[REF1] http://support.apple.com/kb/HT3860
[REF2] http://www.trapkit.de/advisories/TKADV2009-007.txt
========
Changes:
========
Revision 0.1 - Initial draft release to the vendor
Revision 1.0 - Public release
===========
Disclaimer:
===========
The information within this advisory may change without notice. Use
of this information constitutes acceptance for use in an AS IS
condition. There are no warranties, implied or express, with regard
to this information. In no event shall the author be liable for any
direct or indirect damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this
information is at the user's own risk.
==================
PGP Signature Key:
==================
http://www.trapkit.de/advisories/tk-advisories-signature-key.asc
Copyright 2009 Tobias Klein. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP
Charset: utf-8
wj8DBQFKqB4rkXxgcAIbhEERAik4AKD5gWG/GvB9bLQojJpaLhTVlfpj4gCfSJ9i
nVSlzUd5NozllFGeI5rCboc=
=B2cm
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search. This can be exploited by malicious
people with physical access to the device to disclose potentially
sensitive information.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0581 | No CVE | Novell eDirectory HTTP GET Request Unicode String Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Novell eDirectory is a cross-platform directory server. If a remote attacker submits a specially crafted HTTP request containing a large number of Unicode strings to the port 8028 of the eDirectory server (the default port of the Dhost Http Server), it will exhaust 100% of the CPU resources. Novell eDirectory is prone to a denial-of-service vulnerability.
Remote attackers can exploit this issue to consume an excessive amount of resources, denying service to legitimate users.
Novell eDirectory 8.8 SP5 is vulnerable; other versions may also be affected
| VAR-200909-0395 | CVE-2009-3091 | ASUS WL-330gE Vulnerabilities in unknown details |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes
| VAR-201004-0085 | CVE-2009-4775 | Ipswitch WS_FTP Professional HTTP Server Response Format String Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. Ipswitch WS_FTP Professional client is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.
WS_FTP Professional 12 is vulnerable; other versions may also be affected. Ipswitch WS_FTP is a widely used FTP server program that can be used under Microsoft NT/2000/XP operating system
| VAR-200909-0403 | CVE-2009-3099 |
Windows Server 2003 SP2 upper HP OpenView Operations Manager Vulnerability in
Related entries in the VARIoT exploits database: VAR-E-200909-0857 |
CVSS V2: 10.0 CVSS V3: - Severity: High |
Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. This vulnerability CVE-2007-3872 Is a different vulnerability.A third party may be affected unspecified. HP OpenView is prone to a remote security vulnerability. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
HP Operations Manager Unspecified Vulnerability
SECUNIA ADVISORY ID:
SA36541
VERIFY ADVISORY:
http://secunia.com/advisories/36541/
DESCRIPTION:
A vulnerability has been reported in HP Operations, which can be
exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error and may allow
execution of arbitrary code. No more information is currently
available.
The vulnerability is reported in version 8.1. Other versions may also
be affected.
SOLUTION:
Due to the very limited available information, it is not possible to
suggest an effective workaround.
PROVIDED AND/OR DISCOVERED BY:
Reportedly a module for VulnDisco Pack.
ORIGINAL ADVISORY:
http://intevydis.com/vd-list.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0138 | CVE-2009-3345 | SAP Crystal Reports Server Heap-based buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Crystal Reports Server 2008 is prone to a remote security vulnerability.
An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Crystal Reports Server Unspecified Vulnerabilities
SECUNIA ADVISORY ID:
SA36583
VERIFY ADVISORY:
http://secunia.com/advisories/36583/
DESCRIPTION:
Some vulnerabilities have been reported in Crystal Reports Server,
which can be exploited to cause a DoS (Denial of Service) or
compromise a vulnerable system.
1) An unspecified error can be exploited to cause a service to enter
an infinite loop.
The vulnerabilities are reported in version 2008. Other versions may
also be affected.
SOLUTION:
Due to the very limited available information, it is not possible to
suggest an effective workaround.
PROVIDED AND/OR DISCOVERED BY:
Reportedly modules for VulnDisco Pack.
ORIGINAL ADVISORY:
http://intevydis.com/vd-list.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0139 | CVE-2009-3346 | SAP Crystal Reports Server Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Crystal Reports Server Unspecified Vulnerabilities
SECUNIA ADVISORY ID:
SA36583
VERIFY ADVISORY:
http://secunia.com/advisories/36583/
DESCRIPTION:
Some vulnerabilities have been reported in Crystal Reports Server,
which can be exploited to cause a DoS (Denial of Service) or
compromise a vulnerable system.
1) An unspecified error can be exploited to cause a service to enter
an infinite loop.
3) An unspecified error can be exploited to cause a heap-based buffer
overflow.
The vulnerabilities are reported in version 2008. Other versions may
also be affected.
SOLUTION:
Due to the very limited available information, it is not possible to
suggest an effective workaround.
PROVIDED AND/OR DISCOVERED BY:
Reportedly modules for VulnDisco Pack.
ORIGINAL ADVISORY:
http://intevydis.com/vd-list.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0134 | CVE-2009-3341 | Linksys WRT54GL Wireless router buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. WRT54GL is prone to a remote security vulnerability. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Linksys WRT54GL Unspecified Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA36571
VERIFY ADVISORY:
http://secunia.com/advisories/36571/
DESCRIPTION:
A vulnerability has been reported in Linksys WRT54GL, which can be
exploited by malicious people to compromise a vulnerable device.
The vulnerability is caused due to an unspecified error and can be
exploited to cause a buffer overflow. No further information is
currently available.
SOLUTION:
Due to the very limited available information, it is not possible to
suggest an effective workaround.
PROVIDED AND/OR DISCOVERED BY:
Reportedly a module for VulnDisco Pack.
ORIGINAL ADVISORY:
http://intevydis.com/vd-list.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0696 | No CVE | HP Operations Manager Default Manager Account Remote Security Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
HP Operations Manager is prone to a remote security vulnerability.
Operations Manager 8.1 for Windows is vulnerable; other versions may also be vulnerable.
NOTE: This issue may be related to the issue documented in BID 37086 (HP Operations Manager Remote Unauthorized Access Vulnerability), but this has not been confirmed.
| VAR-200909-0698 | No CVE | SAP NetWeaver Multiple Unspecified Remote Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: - |
SAP NetWeaver is prone to multiple unspecified remote vulnerabilities, including:
- Multiple information-disclosure vulnerabilities.
- A NULL-pointer dereference vulnerability.
- Multiple heap-overflow vulnerabilities.
- A denial-of-service vulnerability.
Attackers can exploit these issues to execute code within the context of the affected server, cause denial-of-service conditions, and obtain potentially sensitive information.
| VAR-200912-0357 | CVE-2009-4480 | AzeoTech DAQFactory of Web Service buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. AzeoTech DAQFactory is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed attacks will cause denial-of-service conditions.
DAQFactory 5.77 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
DAQFactory Web Service Unspecified Buffer Overflow
SECUNIA ADVISORY ID:
SA36504
VERIFY ADVISORY:
http://secunia.com/advisories/36504/
DESCRIPTION:
A vulnerability has been reported in DAQFactory, which can be
exploited by malicious people to compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 5.77.
SOLUTION:
Disable the web service if not required or restrict access to it.
PROVIDED AND/OR DISCOVERED BY:
Reportedly a module for VulnDisco Pack.
ORIGINAL ADVISORY:
http://intevydis.com/vd-list.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0137 | CVE-2009-3344 |
Windows Run on Crystal Reports Server Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200909-0247 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
- A heap-based buffer-overflow vulnerability.
- An unspecified remote code-execution vulnerability.
Attackers can exploit these issues to execute code within the context of the affected server and cause denial-of-service conditions. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Crystal Reports Server Unspecified Vulnerabilities
SECUNIA ADVISORY ID:
SA36583
VERIFY ADVISORY:
http://secunia.com/advisories/36583/
DESCRIPTION:
Some vulnerabilities have been reported in Crystal Reports Server,
which can be exploited to cause a DoS (Denial of Service) or
compromise a vulnerable system.
2) An unspecified error may be exploited to execute arbitrary code.
3) An unspecified error can be exploited to cause a heap-based buffer
overflow.
The vulnerabilities are reported in version 2008. Other versions may
also be affected.
SOLUTION:
Due to the very limited available information, it is not possible to
suggest an effective workaround.
PROVIDED AND/OR DISCOVERED BY:
Reportedly modules for VulnDisco Pack.
ORIGINAL ADVISORY:
http://intevydis.com/vd-list.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0789 | CVE-2009-3767 | OpenLDAP In any SSL Vulnerability impersonating a server |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SSL A vulnerability that impersonates a server exists. This vulnerability CVE-2009-2408 And is related.By crafted certificate, any SSL There is a possibility of impersonating a server. OpenLDAP is prone to a security-bypass vulnerability.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Summary:
JBoss Enterprise Web Server 1.0.2 is now available from the Red Hat
Customer Portal for Red Hat Enterprise Linux 4, 5 and 6, Solaris, and
Microsoft Windows.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section. Description:
JBoss Enterprise Web Server is a fully-integrated and certified set of
components for hosting Java web applications.
This is the first release of JBoss Enterprise Web Server for Red Hat
Enterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, Solaris, and
Microsoft Windows, this release serves as a replacement for JBoss
Enterprise Web Server 1.0.1, and includes a number of bug fixes. Refer to
the Release Notes, linked in the References, for more information.
This update corrects security flaws in the following components:
tomcat6:
A cross-site scripting (XSS) flaw was found in the Manager application,
used for managing web applications on Apache Tomcat. If a remote attacker
could trick a user who is logged into the Manager application into visiting
a specially-crafted URL, the attacker could perform Manager application
tasks with the privileges of the logged in user. (CVE-2010-4172)
tomcat5 and tomcat6:
It was found that web applications could modify the location of the Apache
Tomcat host's work directory. As web applications deployed on Tomcat have
read and write access to this directory, a malicious web application could
use this flaw to trick Tomcat into giving it read and write access to an
arbitrary directory on the file system. (CVE-2010-3718)
A second cross-site scripting (XSS) flaw was found in the Manager
application. A malicious web application could use this flaw to conduct an
XSS attack, leading to arbitrary web script execution with the privileges
of victims who are logged into and viewing Manager application web pages.
(CVE-2011-0013)
A possible minor information leak was found in the way Apache Tomcat
generated HTTP BASIC and DIGEST authentication requests. For configurations
where a realm name was not specified and Tomcat was accessed via a proxy,
the default generated realm contained the hostname and port used by the
proxy to send requests to the Tomcat server. (CVE-2010-1157)
httpd:
A flaw was found in the way the mod_dav module of the Apache HTTP Server
handled certain requests. If a remote attacker were to send a carefully
crafted request to the server, it could cause the httpd child process to
crash. (CVE-2010-1452)
A flaw was discovered in the way the mod_proxy_http module of the Apache
HTTP Server handled the timeouts of requests forwarded by a reverse proxy
to the back-end server. In some configurations, the proxy could return
a response intended for another user under certain timeout conditions,
possibly leading to information disclosure. Note: This issue only affected
httpd running on the Windows operating system. (CVE-2010-2068)
apr:
It was found that the apr_fnmatch() function used an unconstrained
recursion when processing patterns with the '*' wildcard. An attacker could
use this flaw to cause an application using this function, which also
accepted untrusted input as a pattern for matching (such as an httpd server
using the mod_autoindex module), to exhaust all stack memory or use an
excessive amount of CPU time when performing matching. (CVE-2011-0419)
apr-util:
It was found that certain input could cause the apr-util library to
allocate more memory than intended in the apr_brigade_split_line()
function. An attacker able to provide input in small chunks to an
application using the apr-util library (such as httpd) could possibly use
this flaw to trigger high memory consumption. (CVE-2010-1623)
The following flaws were corrected in the packages for Solaris and Windows.
Updates for Red Hat Enterprise Linux can be downloaded from the Red Hat
Network.
Multiple flaws in OpenSSL, which could possibly cause a crash, code
execution, or a change of session parameters, have been corrected.
(CVE-2009-3245, CVE-2010-4180, CVE-2008-7270)
Two denial of service flaws were corrected in Expat. (CVE-2009-3560,
CVE-2009-3720)
An X.509 certificate verification flaw was corrected in OpenLDAP.
(CVE-2009-3767)
More information about these flaws is available from the CVE links in the
References. Solution:
All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Enterprise Web Server
1.0.2, which corrects these issues.
The References section of this erratum contains a download link (you must
log in to download the update). Before installing the update, backup your
existing JBoss Enterprise Web Server installation (including all
applications and configuration files). Apache Tomcat and the Apache HTTP
Server must be restarted for the update to take effect. Bugs fixed (http://bugzilla.redhat.com/):
530715 - CVE-2009-3767 OpenLDAP: Doesn't properly handle NULL character in subject Common Name
531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences
533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences
570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks
585331 - CVE-2010-1157 tomcat: information disclosure in authentication headers
618189 - CVE-2010-1452 httpd mod_cache, mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments
632994 - CVE-2010-2068 httpd (mod_proxy): Sensitive response disclosure due improper handling of timeouts
640281 - CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line()
656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application
659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack
660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack
675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface
675792 - CVE-2010-3718 tomcat: file permission bypass flaw
703390 - CVE-2011-0419 apr: unconstrained recursion in apr_fnmatch
5. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc.
For the oldstable distribution (etch), this problem has been fixed in version
2.3.30-5+etch3 for openldap2.3.
For the stable distribution (lenny), this problem has been fixed in version
2.4.11-1+lenny1 for openldap.
For the testing distribution (squeeze), and the unstable distribution (sid),
this problem has been fixed in version 2.4.17-2.1 for openldap.
We recommend that you upgrade your openldap2.3/openldap packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips,
mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz
Size/MD5 checksum: 2971126 c40bcc23fa65908b8d7a86a4a6061251
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.dsc
Size/MD5 checksum: 1214 36efc1cf2a98c54d4b1da0910e273843
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.diff.gz
Size/MD5 checksum: 315058 310ce752b78ff3227d78dcd8c1bd60a5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_alpha.deb
Size/MD5 checksum: 293108 2172048d5f8b8b7f379b3414fc5c2e37
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_alpha.deb
Size/MD5 checksum: 1280772 ab65f162a40607c1787f9b03783a7563
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_alpha.deb
Size/MD5 checksum: 193768 602a6da790648dd8b0af7d9f386b5c6e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_amd64.deb
Size/MD5 checksum: 285554 42480b47018eb1d70b9e62d05b925a5b
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_amd64.deb
Size/MD5 checksum: 1244570 b88256f8259516b09c51f166ff6b4aea
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_amd64.deb
Size/MD5 checksum: 184652 716cc53985a031d1fe03fede778d6ae5
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_arm.deb
Size/MD5 checksum: 1190314 8686c6a9a9240e6113f92c8bb20d7e1a
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_arm.deb
Size/MD5 checksum: 254828 49d9c9a250fb4a5a828de5791ee92380
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_arm.deb
Size/MD5 checksum: 155876 bb45d3104fe4b9811fdb3063da42d3b1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_hppa.deb
Size/MD5 checksum: 1307146 698d7416e4cc544522ce2e25ac9c0fce
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_hppa.deb
Size/MD5 checksum: 292798 eb9d6d19560a1153cc58ccae3f354a4e
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_hppa.deb
Size/MD5 checksum: 182568 caade74265ee9d7b8ac77c844c23b413
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_i386.deb
Size/MD5 checksum: 1177552 f3ccf11b82474593af5e30a272f9edb9
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_i386.deb
Size/MD5 checksum: 148744 168e58797e74f9b3b6d3c337b6369ca7
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_i386.deb
Size/MD5 checksum: 266538 3be52b8402d06913624a3e808be58ecb
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_ia64.deb
Size/MD5 checksum: 239248 78d1537b3a106824ff5d076e828a0312
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_ia64.deb
Size/MD5 checksum: 379904 dbc96e1a44dce4bb5f79b9c043823293
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_ia64.deb
Size/MD5 checksum: 1660854 fcc2873ffd50e45c956d9bcc81d83c51
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mips.deb
Size/MD5 checksum: 258210 298f5a83a1efd8c035644fd58df21f2c
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mips.deb
Size/MD5 checksum: 185598 b6c67ee072f2de03820e7ce11edb39c3
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mips.deb
Size/MD5 checksum: 1205768 3f312958af5ea129384513e5fab72208
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mipsel.deb
Size/MD5 checksum: 258852 d7ba57787989e3fb5035fce34b04965d
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mipsel.deb
Size/MD5 checksum: 187100 46910e3923926ac060c13a7a53f8cac4
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mipsel.deb
Size/MD5 checksum: 1188878 5698884b42d7206c2b0c134602861354
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_powerpc.deb
Size/MD5 checksum: 188914 e03855167b8e13bdb72e47baa9644f86
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_powerpc.deb
Size/MD5 checksum: 272378 f5741b7ac8f4172e7481f5c2e699231b
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_powerpc.deb
Size/MD5 checksum: 1243754 2a8b933e956e5ac4bc29028688bb09ec
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_s390.deb
Size/MD5 checksum: 291822 6b47ac5b7fbc269c1973c494d5dadbc2
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_s390.deb
Size/MD5 checksum: 168716 f72b023d98d61565c624f7acbf953baf
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_s390.deb
Size/MD5 checksum: 1241532 0167eb506b063de5435181f40c6cf809
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_sparc.deb
Size/MD5 checksum: 1177712 770a58d0c60ad11e5ca4cf25159fe2c7
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_sparc.deb
Size/MD5 checksum: 153682 d8bf20f2a94456451d4ea29d3237d280
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_sparc.deb
Size/MD5 checksum: 258560 4bfd77d56852608813f158ecfd91b42b
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.diff.gz
Size/MD5 checksum: 148075 024b717169f42734ee5650ebe2978631
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.dsc
Size/MD5 checksum: 1831 ca4cb86b4847a59f95275ff2f4d0e173
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11.orig.tar.gz
Size/MD5 checksum: 4193523 d4e8669e2c9b8d981e371e97e3cf92d9
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_alpha.deb
Size/MD5 checksum: 3624752 5b4e467360ecd8cc897b03b5aca57dad
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_alpha.deb
Size/MD5 checksum: 205526 3b083869976ab4d8d8df69d27fe9480e
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_alpha.deb
Size/MD5 checksum: 280526 4ed333757fef7e98d89c5edda6589b04
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_alpha.deb
Size/MD5 checksum: 1537448 98d6aeab748560a491e0b526d930fc0c
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_alpha.deb
Size/MD5 checksum: 1013148 cc656603f7ae0eacc2b3c22dd1fae967
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_alpha.deb
Size/MD5 checksum: 285128 e526e547a4af2c13bf3ae90dfdf023a2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_amd64.deb
Size/MD5 checksum: 1493300 31c077d63cc2ff159927939cadb29808
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_amd64.deb
Size/MD5 checksum: 299612 e148216f77a9136adb19acd8df026d6d
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_amd64.deb
Size/MD5 checksum: 267470 f903f46433faa1d2b6b203e50aaed3d8
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_amd64.deb
Size/MD5 checksum: 881074 de337737dd93af0b81bd90e3c6f23377
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_amd64.deb
Size/MD5 checksum: 3664994 8ad4581bd54e1ed7a8f3c1c8bf210c17
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_amd64.deb
Size/MD5 checksum: 204896 c0dba3b62aa14392d29f831d6c87206d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_arm.deb
Size/MD5 checksum: 280140 ccaed923684d35304f50f27fc6b868b3
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_arm.deb
Size/MD5 checksum: 248918 a08cf9fd18ce8806be437c364179c2b3
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_arm.deb
Size/MD5 checksum: 877400 614df898211cc5311a62159f6ee21b93
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_arm.deb
Size/MD5 checksum: 1405962 5e1e62d6f0a5984486fa2eaa478eab38
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_arm.deb
Size/MD5 checksum: 180520 96b5fe5d50b9a1d59eb5ab03489a1b90
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_arm.deb
Size/MD5 checksum: 3572646 a8e804a9e966a57306a9229acd11ff80
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_hppa.deb
Size/MD5 checksum: 1533292 8d5c2d83596b10c9d3ee7a4dcb692026
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_hppa.deb
Size/MD5 checksum: 3619256 2ad8452962291b553fadc8bb6398f834
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_hppa.deb
Size/MD5 checksum: 200874 27205d8a86701cb133f7507eeef5e76a
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_hppa.deb
Size/MD5 checksum: 283816 1163f67e39b08c10cf492b24bd526f24
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_hppa.deb
Size/MD5 checksum: 264158 905749f1e385f9d93c2358b05dc42dfb
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_hppa.deb
Size/MD5 checksum: 999386 6a071952604a9c30483fca7f3a3754ec
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_i386.deb
Size/MD5 checksum: 189442 879dac84b581979646c49bde9743c630
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_i386.deb
Size/MD5 checksum: 286808 2dcb4f8e5514d9e4d9072b4853da322d
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_i386.deb
Size/MD5 checksum: 892068 449ba5d6037617e4e93dfd6bcb093549
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_i386.deb
Size/MD5 checksum: 3560322 c6a6fbc66944bd05585c1065ab012c93
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_i386.deb
Size/MD5 checksum: 244952 5a5b31ebb9098059e62eb57d209a6846
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_i386.deb
Size/MD5 checksum: 1404266 a3bffb93ec3b0d0d130a6a7e29091a9b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_ia64.deb
Size/MD5 checksum: 3589108 d34afb06a3b21ad7267ef5d31b6ad322
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_ia64.deb
Size/MD5 checksum: 932026 1194a002673f8a73cf382c2333c7882b
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_ia64.deb
Size/MD5 checksum: 352020 e40c570396514fee0c6eee3920be2607
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_ia64.deb
Size/MD5 checksum: 269084 1720388cc8102f33122375034a703a05
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_ia64.deb
Size/MD5 checksum: 259018 658248f4329555e81896800709302575
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_ia64.deb
Size/MD5 checksum: 2006532 6ad20563d8999759f32445576fd69856
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_mips.deb
Size/MD5 checksum: 3712752 8d48a2797c1f4e6b5dea203698e4b31c
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_mips.deb
Size/MD5 checksum: 180956 88613b463fcdba79539048ce681d4f5e
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_mips.deb
Size/MD5 checksum: 260240 f6fa5402a6fc03aef4b87735030969c5
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_mips.deb
Size/MD5 checksum: 854756 76ad64ab6fe85c5bfc654266101e024a
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_mips.deb
Size/MD5 checksum: 1394436 4930b2b56c642182c8ccd69d5bc53685
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_mips.deb
Size/MD5 checksum: 302106 3672bab4d2c0c037a1d9c0a61fa16139
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_powerpc.deb
Size/MD5 checksum: 3718584 7b120292ce66e7ea85b3ad623da0bb4e
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_powerpc.deb
Size/MD5 checksum: 295146 f131ea5cdbab25c2416ff06f6697bc08
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_powerpc.deb
Size/MD5 checksum: 199248 c683d506deb5fadabea906c9dec36c9f
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_powerpc.deb
Size/MD5 checksum: 1536614 b5c37ae6f72127bdf6910100edeb06e5
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_powerpc.deb
Size/MD5 checksum: 907106 6af4614c092e6ccda8580e6a73cb8728
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_powerpc.deb
Size/MD5 checksum: 284952 b75e2ddab46ddab036ef40b21cec63ee
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_sparc.deb
Size/MD5 checksum: 872178 a7739e034d0df26a69e0cb569802d594
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_sparc.deb
Size/MD5 checksum: 249022 334ecf73608e20ec6cff79716cf10fde
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_sparc.deb
Size/MD5 checksum: 1387990 4935db487abd61e04adb3a846ed7aadc
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_sparc.deb
Size/MD5 checksum: 260980 006fdd6b90293fdf1331442ccabde568
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_sparc.deb
Size/MD5 checksum: 182822 73c3edfab6b52e772ed36c990c13f210
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_sparc.deb
Size/MD5 checksum: 3502906 c19b8875ae915cec344bb74a5e462e44
These files will probably be moved into the stable distribution on
its next update. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201406-36
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenLDAP: Multiple vulnerabilities
Date: June 30, 2014
Bugs: #290345, #323777, #355333, #388605, #407941, #424167
ID: 201406-36
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities were found in OpenLDAP, allowing for Denial of
Service or a man-in-the-middle attack.
Background
==========
OpenLDAP is an LDAP suite of application and development tools.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-nds/openldap < 2.4.35 >= 2.4.35
Description
===========
Multiple vulnerabilities have been discovered in OpenLDAP. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker might employ a specially crafted certificate to
conduct man-in-the-middle attacks on SSL connections made using
OpenLDAP, bypass security restrictions or cause a Denial of Service
condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenLDAP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-nds/openldap-2.4.35"
References
==========
[ 1 ] CVE-2009-3767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3767
[ 2 ] CVE-2010-0211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0211
[ 3 ] CVE-2010-0212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0212
[ 4 ] CVE-2011-1024
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1024
[ 5 ] CVE-2011-1025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1025
[ 6 ] CVE-2011-1081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1081
[ 7 ] CVE-2011-4079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4079
[ 8 ] CVE-2012-1164
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1164
[ 9 ] CVE-2012-2668
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2668
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-36.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0015
Synopsis: VMware ESX third party updates for Service Console
Issue date: 2010-09-30
Updated on: 2010-09-30 (initial release of advisory)
CVE numbers: CVE-2010-0826 CVE-2009-3767 CVE-2010-0734
CVE-2010-1646 CVE-2009-3555 CVE-2009-2409
CVE-2009-3245 CVE-2010-0433
- ------------------------------------------------------------------------
1. Summary
ESX 4.0 Console OS (COS) updates for NSS_db, OpenLDAP, cURL, sudo
OpenSSL, GnuTLS, NSS and NSPR packages.
2. Relevant releases
VMware ESX 4.0 without patches ESX400-201009407-SG,
ESX400-201009408-SG, ESX400-201009409-SG, ESX400-201009410-SG,
ESX400-201009401-SG
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan
to upgrade to at least ESX 3.5 and preferably to the newest release
available.
3. Problem Description
a. Service Console update for NSS_db
The service console package NSS_db is updated to version
nss_db-2.2-35.4.el5_5.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0826 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009407-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Service Console update for OpenLDAP
The service console package OpenLDAP updated to version
2.3.43-12.el5.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-3767 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009408-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
c. Service Console update for cURL
The service console packages for cURL updated to version
7.15.5-9.el5.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0734 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009409-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
d. Service Console update for sudo
The service console package sudo updated to version 1.7.2p1-7.el5_5.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1646 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009410-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
e. Service Console update for OpenSSL, GnuTLS, NSS and NSPR
Service Console updates for OpenSSL to version 097a-0.9.7a-9.el5_4.2
and version 0.9.8e-12.el5_4.6, GnuTLS to version 1.4.1-3.el5_4.8,
and NSS to version 3.12.6-1.3235.vmw and NSPR to version
4.8.4-1.3235.vmw. These four updates are bundled together due to
their mutual dependencies.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-3555, CVE-2009-2409, CVE-2009-3245
and CVE-2010-0433 to the issues addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009401-SG **
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** Note: This patch also addresses non-security issues. See KB article
1023759 for details.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX 4.0
-------
ESX400-201009001
Download link: http://bit.ly/adhjEu
md5sum: 988c593b7a7abf0be5b72970ac64a369
sha1sum: 26d875955b01c19f4e56703216e135257c08836f
http://kb.vmware.com/kb/1025321
ESX400-201009001 contains the following security bulletins:
ESX400-201009407-SG (NSS_db) | http://kb.vmware.com/kb/1023763
ESX400-201009408-SG (OpenLDAP) | http://kb.vmware.com/kb/1023764
ESX400-201009409-SG (cURL) | http://kb.vmware.com/kb/1023765
ESX400-201009410-SG (sudo) | http://kb.vmware.com/kb/1023766
ESX400-201009401-SG (OpenSSL, GnuTLS, NSS)
| http://kb.vmware.com/kb/1023759
And contains the following security bundles from VMSA-2010-0013.1:
ESX400-201009402-SG (cpio) | http://kb.vmware.com/kb/1023760
ESX400-201009406-SG (tar) | http://kb.vmware.com/kb/1023762
ESX400-201009403-SG (krb5) | http://kb.vmware.com/kb/1023761
ESX400-201009411-SG (perl) | http://kb.vmware.com/kb/1023767
And also contains ESX400-201009412-BG a non-security critical update.
To install an individual bulletin use esxupdate with the -b option.
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433
- ------------------------------------------------------------------------
6. Change log
2010-09-30 VMSA-2010-0015
Initial security advisory after release of patches for ESX 4.0
on 2010-09-30
- -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware Security Advisories
http://www.vmware.com/security/advisoiries
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
iEYEARECAAYFAkykSsUACgkQS2KysvBH1xn89gCcCMcHvt1LDG9pNh5lbRmxphDg
R2UAmQHIUDg4mWUStJolvh98eiTS140I
=bM3K
-----END PGP SIGNATURE-----
.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLXwOHmqjQ0CJFipgRAp7yAJ40umReJDo1Asg6BoihvuXXShK+vACeP+Vx
9jUkR+Zs9Nl7nEVuZXdjAvw=
=Fkxu
-----END PGP SIGNATURE-----
. ===========================================================
Ubuntu Security Notice USN-858-1 November 12, 2009
openldap2.2 vulnerability
CVE-2009-3767
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libldap-2.2-7 2.2.26-5ubuntu2.9
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that OpenLDAP did not correctly handle SSL certificates
with zero bytes in the Common Name. A remote attacker could exploit this to
perform a man in the middle attack to view sensitive information or alter
encrypted communications.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.diff.gz
Size/MD5: 516098 098a03b4f7d511ce730e9647deca2072
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.dsc
Size/MD5: 1028 5a95dae94a1016fbcf41c1c1992ea8e6
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_amd64.deb
Size/MD5: 130854 1f1b40b12adcb557a810194d0c4f7993
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_amd64.deb
Size/MD5: 166444 500528d10502361c075a08578c1586f5
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_amd64.deb
Size/MD5: 961974 f56eef919306d6ca7f4a7a090d2ae6ba
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_i386.deb
Size/MD5: 118638 0558a833fb6eadf4d87bd9fd6e687838
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_i386.deb
Size/MD5: 146444 fc85d5259c97622324047bbda153937d
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_i386.deb
Size/MD5: 873424 358c78f76ee16010c1fb81e89adfe849
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_powerpc.deb
Size/MD5: 133012 92d9de435a795261e6bf4143f2bf59c7
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_powerpc.deb
Size/MD5: 157480 099b1ee5e158f77be109a7972587f596
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_powerpc.deb
Size/MD5: 960052 850fb56995224edd6ae329af1b8236ef
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_sparc.deb
Size/MD5: 120932 4fa0f7accd968ba71dff1f7c5b2ef811
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_sparc.deb
Size/MD5: 148546 2d1af209a8b53a8315fbd4bd86573d70
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_sparc.deb
Size/MD5: 903928 4aa6b0478821e803c80a020b031aafed
| VAR-200909-0397 | CVE-2009-3093 | ASUS WL-500W Unknown vulnerabilities in wireless routers |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Attackers can exploit these issues to completely compromise the vulnerable device; other attacks may also be possible. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
ASUS WL-500W Wireless Router Two Vulnerabilities
SECUNIA ADVISORY ID:
SA36439
VERIFY ADVISORY:
http://secunia.com/advisories/36439/
DESCRIPTION:
Two vulnerabilities have been reported in ASUS WL-500W wireless
router.
1) An unspecified error can be exploited to cause a buffer overflow.
2) An unspecified error has an unknown impact.
SOLUTION:
Due to the very limited available information, it is not possible to
suggest an effective workaround.
PROVIDED AND/OR DISCOVERED BY:
Reported as modules included in VulnDisco Pack.
ORIGINAL ADVISORY:
http://intevydis.com/vd-list.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0396 | CVE-2009-3092 | ASUS WL-500W Wireless router buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. ASUS WL-500W router is prone to multiple remote vulnerabilities.
Attackers can exploit these issues to completely compromise the vulnerable device; other attacks may also be possible. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
ASUS WL-500W Wireless Router Two Vulnerabilities
SECUNIA ADVISORY ID:
SA36439
VERIFY ADVISORY:
http://secunia.com/advisories/36439/
DESCRIPTION:
Two vulnerabilities have been reported in ASUS WL-500W wireless
router.
1) An unspecified error can be exploited to cause a buffer overflow.
2) An unspecified error has an unknown impact.
SOLUTION:
Due to the very limited available information, it is not possible to
suggest an effective workaround.
PROVIDED AND/OR DISCOVERED BY:
Reported as modules included in VulnDisco Pack.
ORIGINAL ADVISORY:
http://intevydis.com/vd-list.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0140 | CVE-2009-3347 | D-Link DIR-400 Wireless router buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. D-Link DIR-400 is prone to an unspecified remote buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
D-Link DIR-400 Wireless Router Unspecified Buffer Overflow
SECUNIA ADVISORY ID:
SA36454
VERIFY ADVISORY:
http://secunia.com/advisories/36454/
DESCRIPTION:
A vulnerability has been reported in D-Link DIR-400 wireless router,
which can be exploited to compromise a vulnerable device.
The vulnerability is caused due to an unspecified error and can be
exploited to cause a buffer overflow.
SOLUTION:
Due to the very limited available information, it is not possible to
suggest an effective workaround.
PROVIDED AND/OR DISCOVERED BY:
Reportedly a module for VulnDisco Pack.
ORIGINAL ADVISORY:
http://intevydis.com/vd-list.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0399 | CVE-2009-3095 | Apache mod_proxy_ftp remote command injection vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. Apache HTTP Server is an open source web server from the American Apache Software (Apache) Foundation. The server is fast, reliable and scalable via a simple API. The Apache mod_proxy_ftp module is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Attackers can exploit this issue to execute arbitrary commands within the context of the affected application. one. ===========================================================
Ubuntu Security Notice USN-860-1 November 19, 2009
apache2 vulnerabilities
CVE-2009-3094, CVE-2009-3095, CVE-2009-3555
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
apache2-common 2.0.55-4ubuntu2.9
Ubuntu 8.04 LTS:
apache2.2-common 2.2.8-1ubuntu0.14
Ubuntu 8.10:
apache2.2-common 2.2.9-7ubuntu3.5
Ubuntu 9.04:
apache2.2-common 2.2.11-2ubuntu2.5
Ubuntu 9.10:
apache2.2-common 2.2.12-1ubuntu2.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. The flaw is with TLS renegotiation and
potentially affects any software that supports this feature. Attacks
against the HTTPS protocol are known, with the severity of the issue
depending on the safeguards used in the web application. Until the TLS
protocol and underlying libraries are adjusted to defend against this
vulnerability, a partial, temporary workaround has been applied to Apache
that disables client initiated TLS renegotiation. This update does not
protect against server initiated TLS renegotiation when using
SSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. (CVE-2009-3555)
It was discovered that mod_proxy_ftp in Apache did not properly sanitize
its input when processing replies to EPASV and PASV commands.
(CVE-2009-3094)
Another flaw was discovered in mod_proxy_ftp.
(CVE-2009-3095)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz
Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc
Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb
Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 834492 818915da9848657833480b1ead6b4a12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 224594 85a4480344a072868758c466f6a98747
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229128 446b52088b9744fb776e53155403a474
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 142730 d43356422176ca29440f3e0572678093
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 269070 bf585dec777b0306cd80663c11b020df
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz
Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc
Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 141660 958585d6391847cd5a618464054f7d37
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 206386 06402188459de8dab5279b5bfef768fa
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 233152 1165607c64c57c84212b6b106254e885
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 143838 28e9c3811feeac70b846279e82c23430
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz
Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc
Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz
Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 209550 496d387e315370c0cd83489db663a356
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 778564 ffd7752394933004094c13b00113b263
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 208528 6672fb116e108687669c89197732fbb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 261510 d3e1155682726cc28859156e647d97b3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 84558 68452b686e89320007e9c5367ce36345
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 926240 8282583e86e84bd256959540f39a515d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 241280 1eea25472875056e34cd2c3283c60171
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246024 5709e7421814ecfb83fff5804d429971
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz
Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc
Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz
Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 258414 8ef063026de9790bac1965427ce1b584
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 213294 09701d434bd102e4205e551b4525afd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 87818 670c62615e107920c45893b3377ab2a0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 244914 955bb5121da808d44aa994386d90723f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 214286 a378e2e0418631cec0f398379a446172
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz
Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc
Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz
Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2336 009d381342b0be5280835a46c91f01d9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2314 17719223d92d46821098ce178b5947d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 155166 4347806710edff47fc051b4a68d5b448
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 90316 add7f446f6b524343c0066a486dd299a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1934-1 security@debian.org
http://www.debian.org/security/ Stefan Fritsch
November 16, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : apache2
Vulnerability : multiple issues
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-3094 CVE-2009-3095 CVE-2009-3555
A design flaw has been found in the TLS and SSL protocol that allows
an attacker to inject arbitrary content at the beginning of a TLS/SSL
connection. The attack is related to the way how TLS and SSL handle
session renegotiations. CVE-2009-3555 has been assigned to this
vulnerability.
As a partial mitigation against this attack, this apache2 update
disables client-initiated renegotiations. This should fix the
vulnerability for the majority of Apache configurations in use.
NOTE: This is not a complete fix for the problem. The attack is
still possible in configurations where the server initiates the
renegotiation. This is the case for the following configurations
(the information in the changelog of the updated packages is
slightly inaccurate):
- - The "SSLVerifyClient" directive is used in a Directory or Location
context.
- - The "SSLCipherSuite" directive is used in a Directory or Location
context.
As a workaround, you may rearrange your configuration in a way that
SSLVerifyClient and SSLCipherSuite are only used on the server or
virtual host level.
A complete fix for the problem will require a protocol change. Further
information will be included in a separate announcement about this
issue.
In addition, this update fixes the following issues in Apache's
mod_proxy_ftp:
CVE-2009-3094: Insufficient input validation in the mod_proxy_ftp
module allowed remote FTP servers to cause a denial of service (NULL
pointer dereference and child process crash) via a malformed reply to
an EPSV command.
For the stable distribution (lenny), these problems have been fixed in
version 2.2.9-10+lenny6. This version also includes some non-security
bug fixes that were scheduled for inclusion in the next stable point
release (Debian 5.0.4).
The oldstable distribution (etch), these problems have been fixed in
version 2.2.3-4+etch11.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed in version 2.2.14-2.
This advisory also provides updated apache2-mpm-itk packages which
have been recompiled against the new apache2 packages.
Updated apache2-mpm-itk packages for the armel architecture are not
included yet. They will be released as soon as they become available.
We recommend that you upgrade your apache2 and apache2-mpm-itk packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch (oldstable)
- -------------------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc
Size/MD5 checksum: 1071 dff8f31d88ede35bb87f92743d2db202
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz
Size/MD5 checksum: 124890 c9b197b2a4bade4e92f3c65b88eea614
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb
Size/MD5 checksum: 2247064 357f2daba8360eaf00b0157326c4d258
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb
Size/MD5 checksum: 6668542 043a6a14dc48aae5fa8101715f4ddf81
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb
Size/MD5 checksum: 41626 27661a99c55641d534a5ffe4ea828c4b
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb
Size/MD5 checksum: 275872 8ff0ac120a46e235a9253df6be09e4d5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 346016 02b337e48ef627e13d79ad3919bc380d
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 407682 f01d7e23f206baed1e42c60e15fe240f
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 1017408 1c8dccbed0a309ed0b74b83667f1d587
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 449704 b227ff8c9bceaa81488fec48b81f18f6
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 450266 766ba095925ee31c175716084f41b3cf
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 444898 3b1d9a9531c82872d36ce295d6cba581
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 407030 eedabbc4930b3c14012f57ec7956847b
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb
Size/MD5 checksum: 184920 2d152290678598aeacd32564c2ec37c2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 409010 15d5dda7eb1e9e8d406cd9ff4b25e60f
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 408330 0bf271280295146f4ded8c02335e8fc1
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 1000068 f92b3deafb9ce263d0d66b753231a003
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 436268 9ef6b02f0ecf9905c14114a464c86f80
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 432320 b734b0c2f1d2177a828cff7d8e34d17c
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 342152 ef061f914027b41b788a31758d7c4e96
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 436766 deb97a3637ae8be3e016e37c038bc470
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb
Size/MD5 checksum: 172802 0550f661c804ef0c0ec31e1928f5f97d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 421056 b55b215aee8398e6388a73b421229db7
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 408940 8782732ef6487ef268abf2856ec5e2c0
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 408140 f3627e52eaf7a011a5a624ea25fa058b
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 968448 ac1354c562e7969e47561f4cba3a859b
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 346166 a8729d03737330075908c2b8b2f5ce0b
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb
Size/MD5 checksum: 157634 53c277ca7e52e7e60a523183e87beec3
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 421782 b17f7ce0bfd6fee4877d9bccaf82770e
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 417026 03b845039bf49fba64f064acda350f43
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 444058 16fb9ac5807fcf161321ffc8467e963d
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb
Size/MD5 checksum: 179532 b1f7b89ac1e830b72e30c9476b813263
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 352116 f34f19a1bf40a37695ac0aeb3f5b6d10
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 443324 e7106e9195fcd9f34ced7bccb009cbb7
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 1078948 29a60062b3f7676f768dda1d4cdb78fd
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 439968 6ff5b95ba06596c04f2fc7dc3adac7ac
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 410880 28ce1d24c4e152624c38330d34781636
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 409994 2ce21d9fc51fbbeb5e05ac7c418d7e11
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 409776 04bafa059e90c14851f290c02fc7a29e
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 963818 f2755fd250837dd878a24ffc8527855d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 425034 fc0b075a77853494886719b1bf4d7092
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 421206 d2758678dc6dcfb2298a5e69dbd199d0
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 425510 5df035120241567d62ba4154a7ade25f
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb
Size/MD5 checksum: 161256 614f006996e6309829bf7c80bb95e3ed
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 410518 833b5256083de5f76d83354f63916af2
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 343876 435638e472ccb187c7713f96840cf156
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 407664 9929d570df08ea81c10235d8cfad8cec
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb
Size/MD5 checksum: 231808 505ed0109a851680126951f228f4ed40
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 491120 d1ef23e9bbd457b1c30d50234050b112
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 498202 f430c9b4231122f996799b45d68596a3
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 407018 f721b04b90b8b2b5ec76916488395bdd
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 360664 08763e41786b3c5b28cf3e27d234419d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 497388 6ef80d442fbf5046e78b9b2a0637adb9
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 1204566 d1cc5f38e5683c539db6673611585b67
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 430112 01c3cf5fc888bff3967c95736b3caf40
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 407674 688656128f0f46e8b35da61d731e244f
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 434122 791a223b58a6a3a00fdd5517decc6ff2
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 951736 68a93c433a24dd42b461907c2b61c6d2
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 407022 10cf7a6fa3ad60183a80b7fddc08ed98
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 350066 ab3498abf9ddc41f0665be9c2912beab
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 434784 2d07f9376a7c7eb6229e0c5238e604fc
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb
Size/MD5 checksum: 169932 db0ecd6b89594ecbff3bacd9d184f808
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 428958 3c7b9e69ccbeb0db17d437ece3717b65
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 407040 61a67a76dd0acfaeb747d5ee745cb3fa
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 433736 74adf126949edfd4b1af734b3a8255f8
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 951730 3c9d5a12163e7d1c939d26829a4454f1
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 407694 0297490b8b4aff5e1a4527a9c897fbee
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 350302 843a3c227ba43dc4b882c96cad62a6eb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 434220 b18b6688a18a11d7bfa20d486c13ae64
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb
Size/MD5 checksum: 168814 6eedc4fb9e8027cf6d11c427a1cc4f8c
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 1061292 0a43b7054755c361229d5e14db9c3156
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 432806 ebe9b3113da3361dabf67acd291f9d93
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb
Size/MD5 checksum: 168374 ab7eb4de4a4c224a94698ebb67f627ea
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 433416 0c53941e7e8765780e4e4a71f81a592b
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 354920 0682a419e0d59ff5a2af1f322991b157
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 410150 69ddc8b0b8ec235e65eabde0adbc1db7
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 428826 f556fd9726b4c66bbe6fdc05b84d9918
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 409396 d4b779470977873916bff7353829f172
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 437364 0d844765789f2fcc4cf0c24e755b4c3d
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 994710 63d476187cc9eed384ff792ce8b6f471
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 443278 114375b6439d8a9cf344dd4829c7b6d2
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 407682 e0db3031b4bb381a0f3178569d4c514a
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 442268 219d9f7f67d2a53a3c3e700c68a6d682
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 348624 ac97c9840e0cb11a1cf1e44fd1875015
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 407026 6233c65e8860b416d7a6265ae2c2eda4
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb
Size/MD5 checksum: 177986 634687237fd58d539bc9492415a94b77
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 418896 96bdf44ad9d8c1d86ee3aaf383c9dcce
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 412078 c9aab17ccba1846ea02df78f636a28a6
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 342696 7dd353d553f6a495c506b22f60ff2a0d
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb
Size/MD5 checksum: 158054 60de9a240c905bdb6ffa0ab6c032096d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 422966 edb7194c73d08c0bdb1eed6bd19ceb53
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 422444 ad0a85ada33d687e1fc67b0fa3c40244
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 960150 0dae013a3e07502409918ff649cb1375
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 411290 88e769a08329b6728c6fd0770d241874
Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz
Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc
Size/MD5 checksum: 1673 f6846ac2d9cbd7887629a9c503154310
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz
Size/MD5 checksum: 145719 fd456ef168b7f1ca1055ffbca1df53db
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb
Size/MD5 checksum: 2060318 c2499fa1040a9ace89c1a969de4db870
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb
Size/MD5 checksum: 6736558 e09131a305cf2e51d3c14ed7c1beaf5d
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb
Size/MD5 checksum: 45238 922ce7e9d14885bab9c9cbbfab99fbd3
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 209720 29861b61a3ae0912a7eb1ba2096b0421
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 84444 af60f321516a06fc9588433ba2c1a88e
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 256598 730d50c0f57ba7aad84e6897217bf42d
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 2402082 b932e642a152e30f948437d7313d2dcf
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 82728 bb04bbeae7865acad1ae89e943702623
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb
Size/MD5 checksum: 198236 61b2f1529a056145d9ea8a87c5c5e8c0
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 208690 f6d15e0b6fa15a3738e9130b4044ce37
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 849014 dddd323a55b010c29a8626194b71a7a1
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 147844 40f11b60e0f5154680f16c1c67943101
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 261662 7b88269d9ce2877809a0f47daa4e756d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 262336 eced46181f89a7f8ee636c0dce4789f7
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 210246 bb629f54f383bfcce66a6bf0bc1a2b6d
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 825462 051201fb8baa9a7a961961dd5082929a
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 257694 3b8c5bff06a870ccd062ce53771a43a4
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 211268 5e07756440fecd3a3ee3815a6cff3ff5
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 258424 92c5467fbef1d4da6803507b679df099
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 82532 40718aa8ebb6532404fad4b5ee2a1e09
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 84140 743b1e0fd988539a7346bddbcd573767
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 253708 bcc5c9f767c1e62913af45827f04b83f
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb
Size/MD5 checksum: 195214 42f4650b895a51b853c253bbbd1e2cc0
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 2455308 9b8792a5defa5193d825d31dc47b43f2
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 144980 240232c2f4932579c60ecee786c0af26
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 224760 9615e8207a01d2759de57b58cd885286
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 83230 c840cb7342a3a83e0587fd3baacce760
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 2327178 39819fd5f56728620aaefdbe10887c2b
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 147202 f7ebf064272389cf2dd7db7bfe3ff267
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb
Size/MD5 checksum: 161596 b7a2763998f12394ecae68df6ec73fbb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 223898 fbd3f6bc3340643f55862e5b14947345
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 786918 a142a6fbee216aaa87378bdc53773eb2
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 209812 2e4b61b494abdd8e52b219456a82e499
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 219946 4ac3564788d25b492a833e2df463b41e
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 81412 abe1efff8619aac89534c3f4d57c5356
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 211008 865b518f1a18de1020feb2212b137a6c
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 212612 2b8654bdda7346a2a7804800e9a11d8e
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 802766 535b466511548a5264b0da3a3a348381
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 226068 8921ab3294cf45178f3b90fd51fbafc3
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 213694 38498cbd15341da4279e4193a4708c6c
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 226354 57f22f55c3ca485b5974e1f2a4ef1414
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 83934 6a6a2de840f638874d8ae05611f142b9
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 82284 b225eb7806650013baccae619ad08f2b
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 2340926 83bb45aa97542f6f796780c8a2d24c8b
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 221894 872e3f1df2080a84cca36f48e6c8e575
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 151226 3172e8ba667991da2881ea6a7b2781cc
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 84022 f603a1c369bbc7d05efe1ad99325e020
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 153048 0568fcb47c9cad398c7fd7abe2276828
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 82214 f27d31e710ba6640471c47a6fc240aad
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 246406 f18257777ba62d65ceb3aa4842415c74
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 241578 e71e710d7889e79b85e4c20b539a4d26
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 211730 a9913999aac5559db1e75835d87a2efd
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 896810 e8e2d9459750e5d9be76c00923a25696
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 245816 6a876fb502903c7bfcb5a4b8dad71a7a
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 213028 f072f0ca44edc122c1b3e1da847f1c8c
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb
Size/MD5 checksum: 183316 41a32b0fd061c4f2afbd740af5e8325a
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 2385020 366e6e9bd1dec0ba6a784813785f13d3
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 82366 ab10d1ab26c914777c5296fe9ccfe027
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 241326 2ee9101bf92fcac69249094b3ca11e2a
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 240776 43a654cf0439fc97997a57baec5e2995
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 84104 f73a1bff0a8a4426e63803c4e5c67c60
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 783440 053ba7ef4fbb56547200c32c35ac8a0e
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 143414 c20c10a3eadac1c494a5750888875800
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 237396 06841f14531fab0adb92177af849c8be
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 211420 69c67bd0052c70322924b901ba5f5428
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 2324892 87c51cc1fb8ae2532adcfa601a7b5af4
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 212726 11b86a68880fa98a130e449dec0fbbcc
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb
Size/MD5 checksum: 179396 4ae5716372fe19991b0d8a4cc751d45f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 162732 0a9a153e3703f9dbd33e325d67373bce
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb
Size/MD5 checksum: 247068 39445ee73d2076bfa589a5840a3d6024
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 1036624 80b366704dc888c2bea8d84c316faf33
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 208668 c2b06d3c767fa737fbf5e1c3d50d001c
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 311692 77ff8879c2853c4b33903299ec3120c8
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 312616 1c20b667ebbd43b0ee1b01cd1cdd991d
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 83920 a383c7aef1758f963c019793af7b5f92
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 2317952 803f0b941814cbbc49f4e37bc3b9ca95
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 209700 59ab45d2c7c2168a941ff2fc842268e1
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 304670 067ece69f8b9518f9b18cd948c4df971
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 85802 9294d252435e8026d6135bf8efdfaf46
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 2465158 a36366e07810785cd1f2dc3b020d3486
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 780460 a5daeb91029f3b027a810ee22456ebd3
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 233408 ec9001ee4c996d0b14a9e67d9ce380ec
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 82082 1fc55f0526e3bf90c2156364055a1627
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb
Size/MD5 checksum: 171444 789208a77578e49ebca9be904c99aff3
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 83688 8612d0c31dee19c557723b08354c20d7
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 149712 ac8ddf3ab4a3b0fb255adbc588e57305
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 209718 8af3815f7794f4e60d72ba52d3bd19c4
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 229494 c2ef345862009f2a2b979205fec22567
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 208698 246c0001aaa98be577f6c5f004330285
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 233980 ce7b3760443a98b0ddc0607a7a9842bf
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 228110 e45b1c3294102e26eee671b860f4aabc
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 208710 1403636fff03ab43353cdffdef62ffd7
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 83708 9b1c257025920f6dd0a7a2b231c97141
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 209740 546504d6f0a2a449e9bcd618f4700ce5
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 82128 31209b35ecb423f2d88347df6c08eddb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 2420074 b57ff2a01ee7f29d0dcba4214dc7fc21
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 232140 3dfff4c54077cb221e19533f19538834
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 778974 d9d0084ea48aaa56d2f99c632711d084
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb
Size/MD5 checksum: 169470 f04a239ba4f1d6ae4ff8ce0960f784fd
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 232796 8ced513dc28d7165fd76076803b98188
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 150024 c2a66c2c63eeb66df98b136cceadc780
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 84570 b43f074242385089dda2aae2e9ae1595
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 915976 723f3349b829894595b913099f06ecc2
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 257408 c4bab781417526a0dfdb2240ab2fef07
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 2495210 6fb817120bcb095006fd09d2318f28ee
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb
Size/MD5 checksum: 195192 6b4d950e48c6cdfd00d403e42b719b40
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 208684 ece82cc979cff6832d51a6caf51f38b5
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 82908 c54a24103b503b5de1b27993ee33610f
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 160960 361e2bae65d5f1303073d8e4d88ccdb7
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 209714 81fbc6671b2d4137dc52232e9d572ea9
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 258234 6dbd57dc907e93b5e9dcd3058e99b30f
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 253294 696e2e9219d6e029c0c6f024045a4d5f
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 82544 4e332ccedffd13b1e7b866fe71cf8a9b
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb
Size/MD5 checksum: 197642 e32a924a47b90452356956e3fe39d34e
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 255970 197eea5c422ecf37ec592bf9612c3b2f
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 208694 33dddaec24eb4475411eb55abb5d5e71
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 150912 2aa00b2fb3b84a536030f5b5635115bc
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 209726 cf54089c8a33087820f8c9359e461625
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 2409108 1b6e40f5d2772a0a1f26424f4b470136
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 824586 ff52926d953f8b5cbde82ac31176dedb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 259924 655aca8f56383ebd106ded50d8f557ea
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 260610 12751082d3f1466735d1b3d395d63690
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 84310 9aa451ccb1513c05f4ccc0319124181e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 2231018 fcdbb08c45ff474592590fac0aa78dac
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 84568 6dcf4195e216a22ef2919806d55d5098
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 237224 9bf96cc5f932643b1c55c6a9fa238af1
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 241474 ed8557af547d9d55a075fca5cf88488d
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 82888 bde0baf83e2e972b398be6a500f77125
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb
Size/MD5 checksum: 177562 09cbb49296407c83ef1575b003dfb129
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 241014 2c10b920cdfec918af3eb148e29fca0f
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 212798 28edff7612bb824fc20d88c29b8b7e1f
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 781748 63e7003956d73b1a04e544c00eaa7728
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 213976 b7e758d0a2e6574944d27e2d6e40f60c
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 146596 c37cea33bed94a68326b511a66bf050e
These files will probably be moved into the stable distribution on
its next update. NOTE: as of 20090903,
this disclosure has no actionable information. However, because the
VulnDisco Pack author is a reliable researcher, the issue is being
assigned a CVE identifier for tracking purposes (CVE-2009-3095).
This update provides a solution to these vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
b865917ec5804c1068f4dae3b4deadee 2008.1/i586/apache-base-2.2.8-6.6mdv2008.1.i586.rpm
3382a16cb01ca1179537eff6f899f1fb 2008.1/i586/apache-devel-2.2.8-6.6mdv2008.1.i586.rpm
26ea118658dc23c1359b1d50bc1e6dfa 2008.1/i586/apache-htcacheclean-2.2.8-6.6mdv2008.1.i586.rpm
cc1746c6c5799a0459ae7010af4ce08d 2008.1/i586/apache-mod_authn_dbd-2.2.8-6.6mdv2008.1.i586.rpm
07b5578585ea4752a17d569d67fda061 2008.1/i586/apache-mod_cache-2.2.8-6.6mdv2008.1.i586.rpm
12b156fdfabcbb10e1a2ceea944091ac 2008.1/i586/apache-mod_dav-2.2.8-6.6mdv2008.1.i586.rpm
16c16076bfff7177b77adf64fa1d2eed 2008.1/i586/apache-mod_dbd-2.2.8-6.6mdv2008.1.i586.rpm
2dd909dc679716203abac0c7a7d1077f 2008.1/i586/apache-mod_deflate-2.2.8-6.6mdv2008.1.i586.rpm
8f88aadc7044c98c78c905c486f3180f 2008.1/i586/apache-mod_disk_cache-2.2.8-6.6mdv2008.1.i586.rpm
d5e12af24d9777d5acdf08dd4a118dec 2008.1/i586/apache-mod_file_cache-2.2.8-6.6mdv2008.1.i586.rpm
291104b1e3a05b3a0e2141882227c052 2008.1/i586/apache-mod_ldap-2.2.8-6.6mdv2008.1.i586.rpm
6b54c193c0c5064529178d6be2f81f43 2008.1/i586/apache-mod_mem_cache-2.2.8-6.6mdv2008.1.i586.rpm
7ddc212cbbffd2dee292f7512de90e86 2008.1/i586/apache-mod_proxy-2.2.8-6.6mdv2008.1.i586.rpm
ae84af9783875618fd1848b781d2222f 2008.1/i586/apache-mod_proxy_ajp-2.2.8-6.6mdv2008.1.i586.rpm
a2f6d0316000ed257556a0c4540acd8d 2008.1/i586/apache-mod_ssl-2.2.8-6.6mdv2008.1.i586.rpm
669cb5889e73dad16a7fcfd4a191fa43 2008.1/i586/apache-modules-2.2.8-6.6mdv2008.1.i586.rpm
970ba0052d2c2bb39a432ef3d8ae76c0 2008.1/i586/apache-mod_userdir-2.2.8-6.6mdv2008.1.i586.rpm
bb4472e86064306427c4b0b6b851949a 2008.1/i586/apache-mpm-event-2.2.8-6.6mdv2008.1.i586.rpm
2a99c27d18868a53ccccd7396c8ae0ed 2008.1/i586/apache-mpm-itk-2.2.8-6.6mdv2008.1.i586.rpm
7058d988f0970c2d3495a7b8f62cd739 2008.1/i586/apache-mpm-prefork-2.2.8-6.6mdv2008.1.i586.rpm
dc62eb33b90415f984771b8ae51de344 2008.1/i586/apache-mpm-worker-2.2.8-6.6mdv2008.1.i586.rpm
fac3c9f3236ca19275d72b6bc2ac0ea5 2008.1/i586/apache-source-2.2.8-6.6mdv2008.1.i586.rpm
513f1af23221c8306184f9217e4e9d77 2008.1/SRPMS/apache-2.2.8-6.6mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
0de99050ec101a7019c620afe7751c3e 2008.1/x86_64/apache-base-2.2.8-6.6mdv2008.1.x86_64.rpm
fda1307cbaa8e9d365c7478c58c61f36 2008.1/x86_64/apache-devel-2.2.8-6.6mdv2008.1.x86_64.rpm
389ca4d669e5808ce749ac7686d835e1 2008.1/x86_64/apache-htcacheclean-2.2.8-6.6mdv2008.1.x86_64.rpm
5f7c25a2215c28725a26efd9cbe56ac5 2008.1/x86_64/apache-mod_authn_dbd-2.2.8-6.6mdv2008.1.x86_64.rpm
db926bb9454a9736700eb60c345ebc4a 2008.1/x86_64/apache-mod_cache-2.2.8-6.6mdv2008.1.x86_64.rpm
89cd5d9845b920e31998e8fdc01dad8b 2008.1/x86_64/apache-mod_dav-2.2.8-6.6mdv2008.1.x86_64.rpm
7ee6279b21c81c02b18873ec3b72bcf9 2008.1/x86_64/apache-mod_dbd-2.2.8-6.6mdv2008.1.x86_64.rpm
e5c01948994078fab2ea68f78879d880 2008.1/x86_64/apache-mod_deflate-2.2.8-6.6mdv2008.1.x86_64.rpm
a2a354631fc1e99a9f0ae64484801da0 2008.1/x86_64/apache-mod_disk_cache-2.2.8-6.6mdv2008.1.x86_64.rpm
cd2037caa04f8be83ad5790e97dc88b4 2008.1/x86_64/apache-mod_file_cache-2.2.8-6.6mdv2008.1.x86_64.rpm
cdaa255d59324e3b9822b8b903b8d177 2008.1/x86_64/apache-mod_ldap-2.2.8-6.6mdv2008.1.x86_64.rpm
1166e9088128fdc1e589275bf6f2b679 2008.1/x86_64/apache-mod_mem_cache-2.2.8-6.6mdv2008.1.x86_64.rpm
e091c0bdd8bdb97b1cd913a1368950e1 2008.1/x86_64/apache-mod_proxy-2.2.8-6.6mdv2008.1.x86_64.rpm
60dab3cd770a69cccae57a5aac6445f4 2008.1/x86_64/apache-mod_proxy_ajp-2.2.8-6.6mdv2008.1.x86_64.rpm
07e1a2e62e8c5df8467c8addfdbb2f2c 2008.1/x86_64/apache-mod_ssl-2.2.8-6.6mdv2008.1.x86_64.rpm
3e15d9b5d0f40124284fa0d73aff058e 2008.1/x86_64/apache-modules-2.2.8-6.6mdv2008.1.x86_64.rpm
ecf1f44a996a839c3051ed867491a2c7 2008.1/x86_64/apache-mod_userdir-2.2.8-6.6mdv2008.1.x86_64.rpm
ae4bc09512071a3c9ab7d2ab6d788781 2008.1/x86_64/apache-mpm-event-2.2.8-6.6mdv2008.1.x86_64.rpm
8a4193781137f85102049fb0a47822cf 2008.1/x86_64/apache-mpm-itk-2.2.8-6.6mdv2008.1.x86_64.rpm
c61fd3ec337f89fe5d9d5196baa83e22 2008.1/x86_64/apache-mpm-prefork-2.2.8-6.6mdv2008.1.x86_64.rpm
bc7c9a2b44fcc7284b444537a45dd3c5 2008.1/x86_64/apache-mpm-worker-2.2.8-6.6mdv2008.1.x86_64.rpm
85d48e525b1afbbd49911dd9a7cc9a40 2008.1/x86_64/apache-source-2.2.8-6.6mdv2008.1.x86_64.rpm
513f1af23221c8306184f9217e4e9d77 2008.1/SRPMS/apache-2.2.8-6.6mdv2008.1.src.rpm
Mandriva Linux 2009.0:
c5ec34722ee57597667234c405db75d7 2009.0/i586/apache-base-2.2.9-12.4mdv2009.0.i586.rpm
b9ae1557345814d3a1280e0ed46b2638 2009.0/i586/apache-devel-2.2.9-12.4mdv2009.0.i586.rpm
2138965af1405d56ea4bb876584b2298 2009.0/i586/apache-htcacheclean-2.2.9-12.4mdv2009.0.i586.rpm
54407b257de190d12c3f59f1c5e139ba 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.4mdv2009.0.i586.rpm
171efeacf9e54e73d8de109810d826b7 2009.0/i586/apache-mod_cache-2.2.9-12.4mdv2009.0.i586.rpm
b940e3f6e15a832f575e4a376308b1ab 2009.0/i586/apache-mod_dav-2.2.9-12.4mdv2009.0.i586.rpm
48b467b5f508b442873fc6f597a43537 2009.0/i586/apache-mod_dbd-2.2.9-12.4mdv2009.0.i586.rpm
afbd9b0c070d3bf6e18ee977251b2a99 2009.0/i586/apache-mod_deflate-2.2.9-12.4mdv2009.0.i586.rpm
dee2c05491983591ce1b9e09d99eb943 2009.0/i586/apache-mod_disk_cache-2.2.9-12.4mdv2009.0.i586.rpm
26d2629085d634d5475887a8b01eebfc 2009.0/i586/apache-mod_file_cache-2.2.9-12.4mdv2009.0.i586.rpm
32fd45b392c99dc54b133868371be783 2009.0/i586/apache-mod_ldap-2.2.9-12.4mdv2009.0.i586.rpm
2451b2d7e870856d4a5c53e0ecef597a 2009.0/i586/apache-mod_mem_cache-2.2.9-12.4mdv2009.0.i586.rpm
6a30e6cacd2f1064108355819c4fbf99 2009.0/i586/apache-mod_proxy-2.2.9-12.4mdv2009.0.i586.rpm
076cc7b78371ac7430cbe367ec2241b6 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.4mdv2009.0.i586.rpm
fd22f6fdc989c7b2770cae52b47573b1 2009.0/i586/apache-mod_ssl-2.2.9-12.4mdv2009.0.i586.rpm
fd91432d688e84493e29df5f1b94254c 2009.0/i586/apache-modules-2.2.9-12.4mdv2009.0.i586.rpm
ad930e78ebd7eb479a55fc2412007538 2009.0/i586/apache-mod_userdir-2.2.9-12.4mdv2009.0.i586.rpm
a655e1867342c72c06cda1a3785403d6 2009.0/i586/apache-mpm-event-2.2.9-12.4mdv2009.0.i586.rpm
06a11aac0338ce71201fe18c9114fbfd 2009.0/i586/apache-mpm-itk-2.2.9-12.4mdv2009.0.i586.rpm
08433823cce331430b901444d8ffcf1e 2009.0/i586/apache-mpm-peruser-2.2.9-12.4mdv2009.0.i586.rpm
72e2a271210ba47c5a130369954353c6 2009.0/i586/apache-mpm-prefork-2.2.9-12.4mdv2009.0.i586.rpm
e4cbaf9d9b732f4ff2825b0b27e48769 2009.0/i586/apache-mpm-worker-2.2.9-12.4mdv2009.0.i586.rpm
b0497cf8c8b0476c41b937c27851023f 2009.0/i586/apache-source-2.2.9-12.4mdv2009.0.i586.rpm
594368092d58bc6c415fcb1649efd94b 2009.0/SRPMS/apache-2.2.9-12.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
e2b71f87bba1151e83ed453309a47144 2009.0/x86_64/apache-base-2.2.9-12.4mdv2009.0.x86_64.rpm
de5e1e92cf5b5482ddd5f942f8f9c1ff 2009.0/x86_64/apache-devel-2.2.9-12.4mdv2009.0.x86_64.rpm
6c042004a8f470d63ce86d6a34bd44a6 2009.0/x86_64/apache-htcacheclean-2.2.9-12.4mdv2009.0.x86_64.rpm
d4d34a97667c30cf83670530305d62c9 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.4mdv2009.0.x86_64.rpm
fc504152858b0425bc563621764eeaa4 2009.0/x86_64/apache-mod_cache-2.2.9-12.4mdv2009.0.x86_64.rpm
e4055bdb142db9c45dfa7f547ec3ba6d 2009.0/x86_64/apache-mod_dav-2.2.9-12.4mdv2009.0.x86_64.rpm
4359443f93a0dc002cf1ec15d9eac5db 2009.0/x86_64/apache-mod_dbd-2.2.9-12.4mdv2009.0.x86_64.rpm
35d5c7970829d90afdf282947ca0e960 2009.0/x86_64/apache-mod_deflate-2.2.9-12.4mdv2009.0.x86_64.rpm
72d7421a725210fd802d3acaff9b3035 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.4mdv2009.0.x86_64.rpm
8ba18a3ee4d15ae23f23a7e9a9701224 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.4mdv2009.0.x86_64.rpm
1b5be60d31202e729202bd67dc8f9f0b 2009.0/x86_64/apache-mod_ldap-2.2.9-12.4mdv2009.0.x86_64.rpm
e4a3227242c4c1bb302545d600884f2a 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.4mdv2009.0.x86_64.rpm
1cbad3e8328a562ddb086344588c0e6e 2009.0/x86_64/apache-mod_proxy-2.2.9-12.4mdv2009.0.x86_64.rpm
083d83719b885315888f29f8a6670223 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.4mdv2009.0.x86_64.rpm
704236873487b8d7e6b0729756a4b666 2009.0/x86_64/apache-mod_ssl-2.2.9-12.4mdv2009.0.x86_64.rpm
dc5c26dd044ecce36d17daa14598039a 2009.0/x86_64/apache-modules-2.2.9-12.4mdv2009.0.x86_64.rpm
80bc7faf459930cbc4de0b97cb63cffc 2009.0/x86_64/apache-mod_userdir-2.2.9-12.4mdv2009.0.x86_64.rpm
5761a428043515b5ae452117ca5ac360 2009.0/x86_64/apache-mpm-event-2.2.9-12.4mdv2009.0.x86_64.rpm
7b48917bbc9cc5d3705f277ac1365af8 2009.0/x86_64/apache-mpm-itk-2.2.9-12.4mdv2009.0.x86_64.rpm
5612e49a5a0387e8e97f1a0b2afd9f62 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.4mdv2009.0.x86_64.rpm
5f5e79a45aeb74f25f8325578bdbdd39 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.4mdv2009.0.x86_64.rpm
80eb4d8d9cf08a047367fc1398ac469b 2009.0/x86_64/apache-mpm-worker-2.2.9-12.4mdv2009.0.x86_64.rpm
626672c4b9c8ddd62feb17f566a6bf6f 2009.0/x86_64/apache-source-2.2.9-12.4mdv2009.0.x86_64.rpm
594368092d58bc6c415fcb1649efd94b 2009.0/SRPMS/apache-2.2.9-12.4mdv2009.0.src.rpm
Mandriva Linux 2009.1:
c17cd8ab669a17cba9760e77142bf60b 2009.1/i586/apache-base-2.2.11-10.5mdv2009.1.i586.rpm
98a61b074f88b7580403c5c0afb1b219 2009.1/i586/apache-devel-2.2.11-10.5mdv2009.1.i586.rpm
2b640acdac11ffdc4856b64cc7a0acef 2009.1/i586/apache-htcacheclean-2.2.11-10.5mdv2009.1.i586.rpm
10fc7bf067f58e36a03e288e03f4cdeb 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.5mdv2009.1.i586.rpm
87ae22e6438fe7b9b6c17cb31ca4fc9c 2009.1/i586/apache-mod_cache-2.2.11-10.5mdv2009.1.i586.rpm
9a528c9f15dce1bcec22b20190631417 2009.1/i586/apache-mod_dav-2.2.11-10.5mdv2009.1.i586.rpm
5d4fa1671158b0a8128c647d4411e2d2 2009.1/i586/apache-mod_dbd-2.2.11-10.5mdv2009.1.i586.rpm
75e34f4a669f1bec4977dff0b8457259 2009.1/i586/apache-mod_deflate-2.2.11-10.5mdv2009.1.i586.rpm
3e4b7f9514709326af609c3ead9faf3c 2009.1/i586/apache-mod_disk_cache-2.2.11-10.5mdv2009.1.i586.rpm
43c78675c0af5f76a3341829508a3a17 2009.1/i586/apache-mod_file_cache-2.2.11-10.5mdv2009.1.i586.rpm
aedf5568b44d9b0347a7eaab3cda2e3e 2009.1/i586/apache-mod_ldap-2.2.11-10.5mdv2009.1.i586.rpm
3e226a1347c46480aead1d0fd87ae528 2009.1/i586/apache-mod_mem_cache-2.2.11-10.5mdv2009.1.i586.rpm
f1b78d31c463530ffdc04275feacd1a4 2009.1/i586/apache-mod_proxy-2.2.11-10.5mdv2009.1.i586.rpm
810e850b9e07a075f380d6621b64e1e1 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.5mdv2009.1.i586.rpm
7f67d996b39be35de754b8b9d02d5c83 2009.1/i586/apache-mod_ssl-2.2.11-10.5mdv2009.1.i586.rpm
b2b899571166ca466929c0c94f61f5f9 2009.1/i586/apache-modules-2.2.11-10.5mdv2009.1.i586.rpm
d8c815dcf084c29799cbeeea0e69263c 2009.1/i586/apache-mod_userdir-2.2.11-10.5mdv2009.1.i586.rpm
ee4f3496709230e0c3d83716909f5c2f 2009.1/i586/apache-mpm-event-2.2.11-10.5mdv2009.1.i586.rpm
52f0e6cf82ba463fb4625377d19a76c8 2009.1/i586/apache-mpm-itk-2.2.11-10.5mdv2009.1.i586.rpm
8000508034394610b164bc56355ba1db 2009.1/i586/apache-mpm-peruser-2.2.11-10.5mdv2009.1.i586.rpm
885c8ea06bb212926e2a967fdf761a52 2009.1/i586/apache-mpm-prefork-2.2.11-10.5mdv2009.1.i586.rpm
311d501b46b891192eee47d6fda68ebb 2009.1/i586/apache-mpm-worker-2.2.11-10.5mdv2009.1.i586.rpm
d62c249dcf44955b5339f5360c1284c8 2009.1/i586/apache-source-2.2.11-10.5mdv2009.1.i586.rpm
5b8ad766a28f615d34c3d331b44c9108 2009.1/SRPMS/apache-2.2.11-10.5mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
e2cde6238602ada53dd90fb4f5f55b7a 2009.1/x86_64/apache-base-2.2.11-10.5mdv2009.1.x86_64.rpm
5cc191acac0e3dcecd51f25f6f1909ce 2009.1/x86_64/apache-devel-2.2.11-10.5mdv2009.1.x86_64.rpm
fd30135b78e922425cc1e7f8f701d5db 2009.1/x86_64/apache-htcacheclean-2.2.11-10.5mdv2009.1.x86_64.rpm
f09943e49969847df6995fc4d58da437 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.5mdv2009.1.x86_64.rpm
5e81bc3be767708f6fef6d8cd5b6be6f 2009.1/x86_64/apache-mod_cache-2.2.11-10.5mdv2009.1.x86_64.rpm
03da263aa31d8ebd455db44883a45a64 2009.1/x86_64/apache-mod_dav-2.2.11-10.5mdv2009.1.x86_64.rpm
b472dd0a387772fa8c3ce6439e653643 2009.1/x86_64/apache-mod_dbd-2.2.11-10.5mdv2009.1.x86_64.rpm
acf058e860f2e768514f36bcad3b8091 2009.1/x86_64/apache-mod_deflate-2.2.11-10.5mdv2009.1.x86_64.rpm
53306e73e173ffbe704f1033da19945e 2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.5mdv2009.1.x86_64.rpm
585e195f7221cf27372827b4692dfbcd 2009.1/x86_64/apache-mod_file_cache-2.2.11-10.5mdv2009.1.x86_64.rpm
f212268559a4ffb8bb216924fa4e18f6 2009.1/x86_64/apache-mod_ldap-2.2.11-10.5mdv2009.1.x86_64.rpm
ee9af3babe946e481fbce4a5fc6b5b7d 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.5mdv2009.1.x86_64.rpm
59b85b256025d660cfc5f0bb1c27e566 2009.1/x86_64/apache-mod_proxy-2.2.11-10.5mdv2009.1.x86_64.rpm
0f6b0761688e8f20d8396ea17e96e181 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.5mdv2009.1.x86_64.rpm
194b62d34591b5cfcc72fe149dbe0409 2009.1/x86_64/apache-mod_ssl-2.2.11-10.5mdv2009.1.x86_64.rpm
3d646f88588da11177127b68bb33a4c3 2009.1/x86_64/apache-modules-2.2.11-10.5mdv2009.1.x86_64.rpm
bf73a16e55833a99dee6b470f02b9ca6 2009.1/x86_64/apache-mod_userdir-2.2.11-10.5mdv2009.1.x86_64.rpm
e27ed1fa3691dfd0de0437326187a26d 2009.1/x86_64/apache-mpm-event-2.2.11-10.5mdv2009.1.x86_64.rpm
7a657a71ae711e1b35f78217f231282d 2009.1/x86_64/apache-mpm-itk-2.2.11-10.5mdv2009.1.x86_64.rpm
2e0ec0bbe0596fdd05520cc8fcc61e70 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.5mdv2009.1.x86_64.rpm
f2317c05245721e3c6a9fe66dba08a38 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.5mdv2009.1.x86_64.rpm
3035fe5b5b0152343e2b2fe10d3b55ba 2009.1/x86_64/apache-mpm-worker-2.2.11-10.5mdv2009.1.x86_64.rpm
ec79d7c7dbb2362a07ca38aa0708ce9b 2009.1/x86_64/apache-source-2.2.11-10.5mdv2009.1.x86_64.rpm
5b8ad766a28f615d34c3d331b44c9108 2009.1/SRPMS/apache-2.2.11-10.5mdv2009.1.src.rpm
Corporate 3.0:
5436673d6ab78947465e70d8dee79456 corporate/3.0/i586/apache2-2.0.48-6.23.C30mdk.i586.rpm
b2d4f1241d5bc085e92aad3d7ef26456 corporate/3.0/i586/apache2-common-2.0.48-6.23.C30mdk.i586.rpm
ad0b8bdd7aa0a8b2db824034d6aa5cf8 corporate/3.0/i586/apache2-devel-2.0.48-6.23.C30mdk.i586.rpm
ab8e3ffb79ecabb4c1e450e2107471cd corporate/3.0/i586/apache2-manual-2.0.48-6.23.C30mdk.i586.rpm
c82f4d247a708aa09c93dbcb59609c2f corporate/3.0/i586/apache2-mod_cache-2.0.48-6.23.C30mdk.i586.rpm
44f44019fd5e316ae0f7c8a746c4e66d corporate/3.0/i586/apache2-mod_dav-2.0.48-6.23.C30mdk.i586.rpm
ccfe5e3a10ffbafafcf56e905b7ff908 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.23.C30mdk.i586.rpm
5108507c2742a474da066333415383e2 corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.23.C30mdk.i586.rpm
23cdb3a0356a779453c74d2f4f34e7ed corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.23.C30mdk.i586.rpm
7eefab6e351f0a67dca2437710f97951 corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.23.C30mdk.i586.rpm
47f761caeddd9f904077a1158f3a339c corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.23.C30mdk.i586.rpm
82e72e476bd29339678b3e59c6549ada corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.23.C30mdk.i586.rpm
55ab233eff17c0cb2840966293c52500 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.23.C30mdk.i586.rpm
6db15f4ab39bc40141dafadbdeaf51a3 corporate/3.0/i586/apache2-modules-2.0.48-6.23.C30mdk.i586.rpm
066739074236d4ff4c96cf90f9547964 corporate/3.0/i586/apache2-source-2.0.48-6.23.C30mdk.i586.rpm
c0caae08ad8a1707460708e836cfefd3 corporate/3.0/i586/libapr0-2.0.48-6.23.C30mdk.i586.rpm
6e26bbf1feed3120aac1b93edac0c997 corporate/3.0/SRPMS/apache2-2.0.48-6.23.C30mdk.src.rpm
Corporate 3.0/X86_64:
05e3cdaa803fc010eae66e30b1948a11 corporate/3.0/x86_64/apache2-2.0.48-6.23.C30mdk.x86_64.rpm
ddb9b855ba8cd03a8d6448f3978c3664 corporate/3.0/x86_64/apache2-common-2.0.48-6.23.C30mdk.x86_64.rpm
bd6fbcde21df336f11c90651270d7af6 corporate/3.0/x86_64/apache2-devel-2.0.48-6.23.C30mdk.x86_64.rpm
5b5e718d475a0af1119486400369fc55 corporate/3.0/x86_64/apache2-manual-2.0.48-6.23.C30mdk.x86_64.rpm
b87b7ee3099f380f821ccbee84ec5e82 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.23.C30mdk.x86_64.rpm
9b0bd5e6514f1f94f30e9a5d784fc5b6 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.23.C30mdk.x86_64.rpm
f6956d7d13c8443177e2846b79f0ee60 corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.23.C30mdk.x86_64.rpm
43b66df151d258912227a02d73a8d15d corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.23.C30mdk.x86_64.rpm
3470ef9feb59dc419509cbc366666df2 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.23.C30mdk.x86_64.rpm
1a6deb9ea6c5f0420827cdf40348868e corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.23.C30mdk.x86_64.rpm
6bf18f7da7489a5c761fdec7e1db40de corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.23.C30mdk.x86_64.rpm
57a6ddf1d09fb12d31bf6fad65885905 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.23.C30mdk.x86_64.rpm
379f1bd0d23d97fc2869b09d26ee3b42 corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.23.C30mdk.x86_64.rpm
5597b5d1368c1c0767beb20cebd6cd53 corporate/3.0/x86_64/apache2-modules-2.0.48-6.23.C30mdk.x86_64.rpm
f67447546807715a164ef02a3ddc0bbd corporate/3.0/x86_64/apache2-source-2.0.48-6.23.C30mdk.x86_64.rpm
522307cef83670d8817cbc1b641667a9 corporate/3.0/x86_64/lib64apr0-2.0.48-6.23.C30mdk.x86_64.rpm
6e26bbf1feed3120aac1b93edac0c997 corporate/3.0/SRPMS/apache2-2.0.48-6.23.C30mdk.src.rpm
Corporate 4.0:
20e745dca72c96abe72ae4ba81de5608 corporate/4.0/i586/apache-base-2.2.3-1.8.20060mlcs4.i586.rpm
673955b47dbd6651f0be1fa7304fd6a2 corporate/4.0/i586/apache-devel-2.2.3-1.8.20060mlcs4.i586.rpm
f7d17e8c4b66835c6b245f0920ffa56b corporate/4.0/i586/apache-htcacheclean-2.2.3-1.8.20060mlcs4.i586.rpm
a6e65a2699cbcbde9cad85de73b11963 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.8.20060mlcs4.i586.rpm
fe5f9e938efd0966239707707bbe08e1 corporate/4.0/i586/apache-mod_cache-2.2.3-1.8.20060mlcs4.i586.rpm
024972ede101e93aec60592d191bafa3 corporate/4.0/i586/apache-mod_dav-2.2.3-1.8.20060mlcs4.i586.rpm
2b2529a4bd5da51535b940eead6b09a7 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.8.20060mlcs4.i586.rpm
01d3ee26862c5a9a4eec962c104e67b9 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.8.20060mlcs4.i586.rpm
50d44fc344f94548667f0fb198164b90 corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.8.20060mlcs4.i586.rpm
e520ede7762eaa6ba41eff5cfd633a24 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.8.20060mlcs4.i586.rpm
aef34694fe101b0ceace05b043e3f860 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.8.20060mlcs4.i586.rpm
b049591e73d44230e1bca038760016ce corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.8.20060mlcs4.i586.rpm
0e3fc6a91e46012b10bce51fe7785ce9 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.8.20060mlcs4.i586.rpm
fbb5ef618ed3929432c220d8515d9388 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.8.20060mlcs4.i586.rpm
2d8e093b30e1fce57d6918f067d20be3 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.8.20060mlcs4.i586.rpm
c27ff603d10e00c1d897abfbe212978f corporate/4.0/i586/apache-modules-2.2.3-1.8.20060mlcs4.i586.rpm
9644d734e52275a2fadaf09e5bda64c0 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.8.20060mlcs4.i586.rpm
061d347f0ebe0dbb8e188c1c5435558d corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.8.20060mlcs4.i586.rpm
234ef70549e5b1295d8bd3798524af93 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.8.20060mlcs4.i586.rpm
41acc3313eddb7248ea93b6edc61301d corporate/4.0/i586/apache-source-2.2.3-1.8.20060mlcs4.i586.rpm
c640d98af437f10241c9ed0144bceb7f corporate/4.0/SRPMS/apache-2.2.3-1.8.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
058c2e04fd98b2bab1396291a932373d corporate/4.0/x86_64/apache-base-2.2.3-1.8.20060mlcs4.x86_64.rpm
39e47ec2e8e322540979d134365579cd corporate/4.0/x86_64/apache-devel-2.2.3-1.8.20060mlcs4.x86_64.rpm
08b8e5a5c56edf4f0adc42f11622b655 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.8.20060mlcs4.x86_64.rpm
b33d6272dc669531305279fde5d5dbf8 corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.8.20060mlcs4.x86_64.rpm
47b2c4b4b61fa81cf4a802679a2b0cef corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.8.20060mlcs4.x86_64.rpm
5debe64f59b9f2bc100d643367086fa6 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.8.20060mlcs4.x86_64.rpm
27f4395c2b78ae5ede11c0180ef95f3a corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.8.20060mlcs4.x86_64.rpm
2fc4f0bcb85da63b8356c6e9814dac75 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.8.20060mlcs4.x86_64.rpm
4d7397261b44e9bad569344228c9dd04 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.8.20060mlcs4.x86_64.rpm
8edebcdba0dfc54c98d366a60070fc45 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.8.20060mlcs4.x86_64.rpm
b26d5e12f7f49eea2fb73b3d4d4058a2 corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.8.20060mlcs4.x86_64.rpm
1d2c26b3148d96a73c35ef47079323ca corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.8.20060mlcs4.x86_64.rpm
634b703f53ed0c6678092475c8f345ad corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.8.20060mlcs4.x86_64.rpm
51efeac6a23075f4a653fcca15266c4b corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.8.20060mlcs4.x86_64.rpm
1a8f18e2c88af1ed33e9d7172abdb2bc corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.8.20060mlcs4.x86_64.rpm
0aced397bff2e143c8b02c1b87f2fd1a corporate/4.0/x86_64/apache-modules-2.2.3-1.8.20060mlcs4.x86_64.rpm
fbc238f67995ce61b0259c0388a647e6 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.8.20060mlcs4.x86_64.rpm
d20b66e1316e7637c0e0074a6ce6b4c4 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.8.20060mlcs4.x86_64.rpm
db8b02071fe5143f4306811d972c925f corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.8.20060mlcs4.x86_64.rpm
afb2847e74e518f81e36f54ddb63e040 corporate/4.0/x86_64/apache-source-2.2.3-1.8.20060mlcs4.x86_64.rpm
c640d98af437f10241c9ed0144bceb7f corporate/4.0/SRPMS/apache-2.2.3-1.8.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
0720d52886da662ca681f594d5432e97 mes5/i586/apache-base-2.2.9-12.4mdvmes5.i586.rpm
09f2baab69a8ef0f8f5058cc93c32b17 mes5/i586/apache-devel-2.2.9-12.4mdvmes5.i586.rpm
08fe9b24fb8d70d21d780b2f3e1e2d9c mes5/i586/apache-htcacheclean-2.2.9-12.4mdvmes5.i586.rpm
0f677f022b2825006eafc3ff4bbff60f mes5/i586/apache-mod_authn_dbd-2.2.9-12.4mdvmes5.i586.rpm
7148984a7eb7634fc77bbbf2dea2ab0d mes5/i586/apache-mod_cache-2.2.9-12.4mdvmes5.i586.rpm
30eb0bd1bd242c18792b9cc0f2c22d41 mes5/i586/apache-mod_dav-2.2.9-12.4mdvmes5.i586.rpm
e9692ef0561be7eab574c0d88afa62e5 mes5/i586/apache-mod_dbd-2.2.9-12.4mdvmes5.i586.rpm
a931888077730112c8afc069b9397b19 mes5/i586/apache-mod_deflate-2.2.9-12.4mdvmes5.i586.rpm
a35dc7d675f7435c4c7156d729cdfe3d mes5/i586/apache-mod_disk_cache-2.2.9-12.4mdvmes5.i586.rpm
00ceaa6ad51a1bb35f3952a5f50bf108 mes5/i586/apache-mod_file_cache-2.2.9-12.4mdvmes5.i586.rpm
bb7a6ae92c3a12b61e119bf50aea8cbf mes5/i586/apache-mod_ldap-2.2.9-12.4mdvmes5.i586.rpm
2f5b69bff7004b59cd4e86be4939e2b6 mes5/i586/apache-mod_mem_cache-2.2.9-12.4mdvmes5.i586.rpm
7a9944d41a9b385706cc52ecf45d478c mes5/i586/apache-mod_proxy-2.2.9-12.4mdvmes5.i586.rpm
6eb7ec5a1ec4787d438c1ab369678d73 mes5/i586/apache-mod_proxy_ajp-2.2.9-12.4mdvmes5.i586.rpm
f12c5fef194c977f6116efc7b780bf8f mes5/i586/apache-mod_ssl-2.2.9-12.4mdvmes5.i586.rpm
30e47e4f73d4c2e3974b0a3a4c768a24 mes5/i586/apache-modules-2.2.9-12.4mdvmes5.i586.rpm
980dce78572d7daf3dc9157ee3c05009 mes5/i586/apache-mod_userdir-2.2.9-12.4mdvmes5.i586.rpm
648c218e9027cfd4bbc45e2c8fdb7392 mes5/i586/apache-mpm-event-2.2.9-12.4mdvmes5.i586.rpm
31e54787170b8ef441deb76ceaee8ccf mes5/i586/apache-mpm-itk-2.2.9-12.4mdvmes5.i586.rpm
61c7df40262e198fe932d3a005b82edd mes5/i586/apache-mpm-peruser-2.2.9-12.4mdvmes5.i586.rpm
57f6b2bb547e75a0e942c2adf49ec522 mes5/i586/apache-mpm-prefork-2.2.9-12.4mdvmes5.i586.rpm
13280e3e991725eb755ebe3941a51e47 mes5/i586/apache-mpm-worker-2.2.9-12.4mdvmes5.i586.rpm
a376ad6704541de5cb4480e99f9f9bf2 mes5/i586/apache-source-2.2.9-12.4mdvmes5.i586.rpm
108dd376a6495f075e664539bea08401 mes5/SRPMS/apache-2.2.9-12.4mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
2af1c8c641a8c808b5e2c9f2f1486979 mes5/x86_64/apache-base-2.2.9-12.4mdvmes5.x86_64.rpm
a23a9d8790f8bfbede60a5ee958460ef mes5/x86_64/apache-devel-2.2.9-12.4mdvmes5.x86_64.rpm
625bebee6bd50b9ff92805bbe5147d74 mes5/x86_64/apache-htcacheclean-2.2.9-12.4mdvmes5.x86_64.rpm
ee5e9a46db6bb1f64fe17ab45e44c7bb mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.4mdvmes5.x86_64.rpm
365114ff008ded37bfe0b353c90017a6 mes5/x86_64/apache-mod_cache-2.2.9-12.4mdvmes5.x86_64.rpm
e4496dc5764266a105842509e8cf632a mes5/x86_64/apache-mod_dav-2.2.9-12.4mdvmes5.x86_64.rpm
0bcdd520d83ce42a38ebdc63b28393d2 mes5/x86_64/apache-mod_dbd-2.2.9-12.4mdvmes5.x86_64.rpm
34b63edacf0c2a59b3d4a9313fd5d99d mes5/x86_64/apache-mod_deflate-2.2.9-12.4mdvmes5.x86_64.rpm
5045b337fa36f13bd51d672a65aa38dd mes5/x86_64/apache-mod_disk_cache-2.2.9-12.4mdvmes5.x86_64.rpm
019a3d7b14d8449ab7af4c26236bbef6 mes5/x86_64/apache-mod_file_cache-2.2.9-12.4mdvmes5.x86_64.rpm
ecaefefc656b75cc9e7a695d222f5e5a mes5/x86_64/apache-mod_ldap-2.2.9-12.4mdvmes5.x86_64.rpm
8ef2e717e23924a6954b1eb96d3e8779 mes5/x86_64/apache-mod_mem_cache-2.2.9-12.4mdvmes5.x86_64.rpm
df849dc4778fbb62c9ab4d850f553f0f mes5/x86_64/apache-mod_proxy-2.2.9-12.4mdvmes5.x86_64.rpm
7538a24d1e06a511773ef3f1750d7e1d mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.4mdvmes5.x86_64.rpm
d2425299380d5a64435b5e976d846df6 mes5/x86_64/apache-mod_ssl-2.2.9-12.4mdvmes5.x86_64.rpm
6442cc2a46062d78ff46d63817aee92c mes5/x86_64/apache-modules-2.2.9-12.4mdvmes5.x86_64.rpm
474a329351d0ce6737401774ef0c23e7 mes5/x86_64/apache-mod_userdir-2.2.9-12.4mdvmes5.x86_64.rpm
3cbad2392cf80b153a71be761b339e20 mes5/x86_64/apache-mpm-event-2.2.9-12.4mdvmes5.x86_64.rpm
3c51b23e067e850fa4c355a95b543a5c mes5/x86_64/apache-mpm-itk-2.2.9-12.4mdvmes5.x86_64.rpm
513bd65ad79622f52f008d66c9edb59f mes5/x86_64/apache-mpm-peruser-2.2.9-12.4mdvmes5.x86_64.rpm
83d93304340db71074b0c79cd75de149 mes5/x86_64/apache-mpm-prefork-2.2.9-12.4mdvmes5.x86_64.rpm
3aa8fb7d0980cc489557cee1b0582c6e mes5/x86_64/apache-mpm-worker-2.2.9-12.4mdvmes5.x86_64.rpm
c040a8272364676e40691cd1898ed471 mes5/x86_64/apache-source-2.2.9-12.4mdvmes5.x86_64.rpm
108dd376a6495f075e664539bea08401 mes5/SRPMS/apache-2.2.9-12.4mdvmes5.src.rpm
Multi Network Firewall 2.0:
cbe01aa9d0c9a526211b0e97500d6852 mnf/2.0/i586/apache2-2.0.48-6.23.C30mdk.i586.rpm
e263c09ab7c5c353ad047873f78a8a51 mnf/2.0/i586/apache2-common-2.0.48-6.23.C30mdk.i586.rpm
00b5496e157665222777269fbf985e4e mnf/2.0/i586/apache2-devel-2.0.48-6.23.C30mdk.i586.rpm
9e02cc21f434e763ae061f3c07c4a22e mnf/2.0/i586/apache2-manual-2.0.48-6.23.C30mdk.i586.rpm
f6442c1339326c7d555f7cd2e69bcf8f mnf/2.0/i586/apache2-mod_cache-2.0.48-6.23.C30mdk.i586.rpm
f2e4b39f39eee524aa98375928c30eb3 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.23.C30mdk.i586.rpm
ee0b1f109ea53acdb73b62737fa94680 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.23.C30mdk.i586.rpm
eb349cefc92904164d07b3bdba9d0764 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.23.C30mdk.i586.rpm
c2f2fa3a82b837af9e4beeed5b101041 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.23.C30mdk.i586.rpm
d09a486f3067751befb3be3c9f9f2067 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.23.C30mdk.i586.rpm
4b699d4eb87d5ec8a4f695838885072c mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.23.C30mdk.i586.rpm
32a249c9f325aadfc3f09829c22a2813 mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.23.C30mdk.i586.rpm
b5bb9504566005feef4be2296c9136f7 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.23.C30mdk.i586.rpm
4d399daec8415a824ffcf5b5b02b5a5a mnf/2.0/i586/apache2-modules-2.0.48-6.23.C30mdk.i586.rpm
c329f2fdba0463de9c3b419704e37873 mnf/2.0/i586/apache2-source-2.0.48-6.23.C30mdk.i586.rpm
52d13cb50e7663ced806d5b7147cce84 mnf/2.0/i586/libapr0-2.0.48-6.23.C30mdk.i586.rpm
67c9b7b8627da983f53954d0e976d16e mnf/2.0/SRPMS/apache2-2.0.48-6.23.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKuL2vmqjQ0CJFipgRAnDtAKClCupp8v+YOpt1xtnOFIFjJhYoyACgvA6D
VwdAeokTF9DlAoIgrJeXWdo=
=45LD
-----END PGP SIGNATURE-----
.
Kit Name
Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02160663
Version: 1
HPSBUX02531 SSRT100108 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS), Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-06-02
Last Updated: 2010-06-02
- -----------------------------------------------------------------------------
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access.
References: CVE-2009-3094, CVE-2009-3095, CVE-2010-0408, CVE-2010-0740, CVE-2010-0433, CVE-2010-0434
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.09
HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.15
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-3094 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4
CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2010-0408 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2010-0434 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
Note: CVE-2009-3094, CVE-2009-3095 and 2010-0740 affect only HP-UX Web Server Suite v2.30;
CVE-2010-0408, CVE-2010-0433 and CVE-2010-0434 affect only HP-UX Web Server Suite v3.09.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Web Server Suite before v3.09
HP-UX B.11.23
==================
hpuxws22APACHE.APACHE
hpuxws22APACHE.APACHE2
hpuxws22APACHE.AUTH_LDAP
hpuxws22APACHE.AUTH_LDAP2
hpuxws22APACHE.MOD_JK
hpuxws22APACHE.MOD_JK2
hpuxws22APACHE.MOD_PERL
hpuxws22APACHE.MOD_PERL2
hpuxws22APACHE.PHP
hpuxws22APACHE.PHP2
action: install revision B.2.2.8.09 or subsequent
HP-UX B.11.31
==================
hpuxws22APCH32.APACHE
hpuxws22APCH32.APACHE2
hpuxws22APCH32.AUTH_LDAP
hpuxws22APCH32.AUTH_LDAP2
hpuxws22APCH32.MOD_JK
hpuxws22APCH32.MOD_JK2
hpuxws22APCH32.MOD_PERL
hpuxws22APCH32.MOD_PERL2
hpuxws22APCH32.PHP
hpuxws22APCH32.PHP2
hpuxws22APCH32.WEBPROXY
hpuxws22APCH32.WEBPROXY2
action: install revision B.2.2.8.09 or subsequent
For Web Server Suite before v2.30
HP-UX B.11.11
==================
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.15 or subsequent
HP-UX B.11.23
==================
hpuxwsAPCH32.APACHE
hpuxwsAPCH32.APACHE2
hpuxwsAPCH32.AUTH_LDAP
hpuxwsAPCH32.AUTH_LDAP2
hpuxwsAPCH32.MOD_JK
hpuxwsAPCH32.MOD_JK2
hpuxwsAPCH32.MOD_PERL
hpuxwsAPCH32.MOD_PERL2
hpuxwsAPCH32.PHP
hpuxwsAPCH32.PHP2
hpuxwsAPCH32.WEBPROXY
action: install revision B.2.0.59.15 or subsequent
HP-UX B.11.31
==================
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.15 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 2 June 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwG2+IACgkQ4B86/C0qfVm3LACfZ2twc1MNibwpLscDC7giyJJv
nksAnR0xfycsdI9Z5RyDC/o+Dnt4Q100
=/Gfl
-----END PGP SIGNATURE-----
.
BAC v8.07 supplies Apache 2.2.17. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com
| VAR-200909-0801 | CVE-2009-3094 | Apache HTTP Server of ap_proxy_ftp_handler Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. The Apache 'mod_proxy_ftp' module is prone to a denial-of-service vulnerability because of a NULL-pointer dereference.
Successful exploits may allow remote attackers to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Note
that this security issue does not really apply as zlib compression
is not enabled in the openssl build provided by Mandriva, but apache
is patched to address this issue anyway (conserns 2008.1 only).
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the
mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c
in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,
allows remote attackers to inject arbitrary web script or HTML via
wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this
security issue was initially addressed with MDVSA-2008:195 but the
patch fixing the issue was added but not applied in 2009.0.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not
properly handle Options=IncludesNOEXEC in the AllowOverride directive,
which allows local users to gain privileges by configuring (1) Options
Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a
.htaccess file, and then inserting an exec element in a .shtml file
(CVE-2009-1195).
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects (CVE-2009-1891). NOTE: as of 20090903,
this disclosure has no actionable information. However, because the
VulnDisco Pack author is a reliable researcher, the issue is being
assigned a CVE identifier for tracking purposes (CVE-2009-3095).
Apache is affected by SSL injection or man-in-the-middle attacks
due to a design flaw in the SSL and/or TLS protocols. A short term
solution was released Sat Nov 07 2009 by the ASF team to mitigate
these problems. Apache will now reject in-session renegotiation
(CVE-2009-3555).
Packages for 2008.0 are being provided due to extended support for
Corporate products.
This update provides a solution to these vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm
6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm
ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm
42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm
1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm
b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm
8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm
7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm
19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm
a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm
6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm
3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm
98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm
d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm
4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm
e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm
44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm
d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm
75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm
6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm
331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm
c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm
23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm
37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm
ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm
77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm
ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm
3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm
9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm
05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm
7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm
f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm
fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm
9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm
0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm
dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm
dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm
2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm
f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm
6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm
b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm
62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm
d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm
e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm
23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu
MUj4lK2Wsb+qzbv2V+Ih30U=
=VdZS
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1934-1 security@debian.org
http://www.debian.org/security/ Stefan Fritsch
November 16, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : apache2
Vulnerability : multiple issues
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-3094 CVE-2009-3095 CVE-2009-3555
A design flaw has been found in the TLS and SSL protocol that allows
an attacker to inject arbitrary content at the beginning of a TLS/SSL
connection. The attack is related to the way how TLS and SSL handle
session renegotiations. CVE-2009-3555 has been assigned to this
vulnerability.
As a partial mitigation against this attack, this apache2 update
disables client-initiated renegotiations. This should fix the
vulnerability for the majority of Apache configurations in use.
NOTE: This is not a complete fix for the problem. The attack is
still possible in configurations where the server initiates the
renegotiation. This is the case for the following configurations
(the information in the changelog of the updated packages is
slightly inaccurate):
- - The "SSLVerifyClient" directive is used in a Directory or Location
context.
- - The "SSLCipherSuite" directive is used in a Directory or Location
context.
As a workaround, you may rearrange your configuration in a way that
SSLVerifyClient and SSLCipherSuite are only used on the server or
virtual host level.
A complete fix for the problem will require a protocol change. Further
information will be included in a separate announcement about this
issue.
CVE-2009-3095: Insufficient input validation in the mod_proxy_ftp
module allowed remote authenticated attackers to bypass intended access
restrictions and send arbitrary FTP commands to an FTP server.
For the stable distribution (lenny), these problems have been fixed in
version 2.2.9-10+lenny6. This version also includes some non-security
bug fixes that were scheduled for inclusion in the next stable point
release (Debian 5.0.4).
The oldstable distribution (etch), these problems have been fixed in
version 2.2.3-4+etch11.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed in version 2.2.14-2.
This advisory also provides updated apache2-mpm-itk packages which
have been recompiled against the new apache2 packages.
Updated apache2-mpm-itk packages for the armel architecture are not
included yet. They will be released as soon as they become available.
We recommend that you upgrade your apache2 and apache2-mpm-itk packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch (oldstable)
- -------------------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc
Size/MD5 checksum: 1071 dff8f31d88ede35bb87f92743d2db202
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz
Size/MD5 checksum: 124890 c9b197b2a4bade4e92f3c65b88eea614
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb
Size/MD5 checksum: 2247064 357f2daba8360eaf00b0157326c4d258
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb
Size/MD5 checksum: 6668542 043a6a14dc48aae5fa8101715f4ddf81
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb
Size/MD5 checksum: 41626 27661a99c55641d534a5ffe4ea828c4b
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb
Size/MD5 checksum: 275872 8ff0ac120a46e235a9253df6be09e4d5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 346016 02b337e48ef627e13d79ad3919bc380d
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 407682 f01d7e23f206baed1e42c60e15fe240f
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 1017408 1c8dccbed0a309ed0b74b83667f1d587
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 449704 b227ff8c9bceaa81488fec48b81f18f6
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 450266 766ba095925ee31c175716084f41b3cf
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 444898 3b1d9a9531c82872d36ce295d6cba581
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 407030 eedabbc4930b3c14012f57ec7956847b
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb
Size/MD5 checksum: 184920 2d152290678598aeacd32564c2ec37c2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 409010 15d5dda7eb1e9e8d406cd9ff4b25e60f
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 408330 0bf271280295146f4ded8c02335e8fc1
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 1000068 f92b3deafb9ce263d0d66b753231a003
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 436268 9ef6b02f0ecf9905c14114a464c86f80
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 432320 b734b0c2f1d2177a828cff7d8e34d17c
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 342152 ef061f914027b41b788a31758d7c4e96
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 436766 deb97a3637ae8be3e016e37c038bc470
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb
Size/MD5 checksum: 172802 0550f661c804ef0c0ec31e1928f5f97d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 421056 b55b215aee8398e6388a73b421229db7
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 408940 8782732ef6487ef268abf2856ec5e2c0
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 408140 f3627e52eaf7a011a5a624ea25fa058b
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 968448 ac1354c562e7969e47561f4cba3a859b
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 346166 a8729d03737330075908c2b8b2f5ce0b
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb
Size/MD5 checksum: 157634 53c277ca7e52e7e60a523183e87beec3
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 421782 b17f7ce0bfd6fee4877d9bccaf82770e
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 417026 03b845039bf49fba64f064acda350f43
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 444058 16fb9ac5807fcf161321ffc8467e963d
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb
Size/MD5 checksum: 179532 b1f7b89ac1e830b72e30c9476b813263
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 352116 f34f19a1bf40a37695ac0aeb3f5b6d10
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 443324 e7106e9195fcd9f34ced7bccb009cbb7
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 1078948 29a60062b3f7676f768dda1d4cdb78fd
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 439968 6ff5b95ba06596c04f2fc7dc3adac7ac
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 410880 28ce1d24c4e152624c38330d34781636
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 409994 2ce21d9fc51fbbeb5e05ac7c418d7e11
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 409776 04bafa059e90c14851f290c02fc7a29e
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 963818 f2755fd250837dd878a24ffc8527855d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 425034 fc0b075a77853494886719b1bf4d7092
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 421206 d2758678dc6dcfb2298a5e69dbd199d0
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 425510 5df035120241567d62ba4154a7ade25f
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb
Size/MD5 checksum: 161256 614f006996e6309829bf7c80bb95e3ed
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 410518 833b5256083de5f76d83354f63916af2
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 343876 435638e472ccb187c7713f96840cf156
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 407664 9929d570df08ea81c10235d8cfad8cec
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb
Size/MD5 checksum: 231808 505ed0109a851680126951f228f4ed40
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 491120 d1ef23e9bbd457b1c30d50234050b112
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 498202 f430c9b4231122f996799b45d68596a3
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 407018 f721b04b90b8b2b5ec76916488395bdd
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 360664 08763e41786b3c5b28cf3e27d234419d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 497388 6ef80d442fbf5046e78b9b2a0637adb9
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 1204566 d1cc5f38e5683c539db6673611585b67
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 430112 01c3cf5fc888bff3967c95736b3caf40
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 407674 688656128f0f46e8b35da61d731e244f
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 434122 791a223b58a6a3a00fdd5517decc6ff2
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 951736 68a93c433a24dd42b461907c2b61c6d2
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 407022 10cf7a6fa3ad60183a80b7fddc08ed98
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 350066 ab3498abf9ddc41f0665be9c2912beab
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 434784 2d07f9376a7c7eb6229e0c5238e604fc
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb
Size/MD5 checksum: 169932 db0ecd6b89594ecbff3bacd9d184f808
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 428958 3c7b9e69ccbeb0db17d437ece3717b65
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 407040 61a67a76dd0acfaeb747d5ee745cb3fa
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 433736 74adf126949edfd4b1af734b3a8255f8
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 951730 3c9d5a12163e7d1c939d26829a4454f1
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 407694 0297490b8b4aff5e1a4527a9c897fbee
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 350302 843a3c227ba43dc4b882c96cad62a6eb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 434220 b18b6688a18a11d7bfa20d486c13ae64
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb
Size/MD5 checksum: 168814 6eedc4fb9e8027cf6d11c427a1cc4f8c
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 1061292 0a43b7054755c361229d5e14db9c3156
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 432806 ebe9b3113da3361dabf67acd291f9d93
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb
Size/MD5 checksum: 168374 ab7eb4de4a4c224a94698ebb67f627ea
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 433416 0c53941e7e8765780e4e4a71f81a592b
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 354920 0682a419e0d59ff5a2af1f322991b157
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 410150 69ddc8b0b8ec235e65eabde0adbc1db7
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 428826 f556fd9726b4c66bbe6fdc05b84d9918
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 409396 d4b779470977873916bff7353829f172
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 437364 0d844765789f2fcc4cf0c24e755b4c3d
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 994710 63d476187cc9eed384ff792ce8b6f471
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 443278 114375b6439d8a9cf344dd4829c7b6d2
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 407682 e0db3031b4bb381a0f3178569d4c514a
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 442268 219d9f7f67d2a53a3c3e700c68a6d682
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 348624 ac97c9840e0cb11a1cf1e44fd1875015
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 407026 6233c65e8860b416d7a6265ae2c2eda4
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb
Size/MD5 checksum: 177986 634687237fd58d539bc9492415a94b77
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 418896 96bdf44ad9d8c1d86ee3aaf383c9dcce
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 412078 c9aab17ccba1846ea02df78f636a28a6
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 342696 7dd353d553f6a495c506b22f60ff2a0d
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb
Size/MD5 checksum: 158054 60de9a240c905bdb6ffa0ab6c032096d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 422966 edb7194c73d08c0bdb1eed6bd19ceb53
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 422444 ad0a85ada33d687e1fc67b0fa3c40244
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 960150 0dae013a3e07502409918ff649cb1375
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 411290 88e769a08329b6728c6fd0770d241874
Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz
Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc
Size/MD5 checksum: 1673 f6846ac2d9cbd7887629a9c503154310
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz
Size/MD5 checksum: 145719 fd456ef168b7f1ca1055ffbca1df53db
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb
Size/MD5 checksum: 2060318 c2499fa1040a9ace89c1a969de4db870
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb
Size/MD5 checksum: 6736558 e09131a305cf2e51d3c14ed7c1beaf5d
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb
Size/MD5 checksum: 45238 922ce7e9d14885bab9c9cbbfab99fbd3
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 209720 29861b61a3ae0912a7eb1ba2096b0421
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 84444 af60f321516a06fc9588433ba2c1a88e
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 256598 730d50c0f57ba7aad84e6897217bf42d
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 2402082 b932e642a152e30f948437d7313d2dcf
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 82728 bb04bbeae7865acad1ae89e943702623
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb
Size/MD5 checksum: 198236 61b2f1529a056145d9ea8a87c5c5e8c0
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 208690 f6d15e0b6fa15a3738e9130b4044ce37
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 849014 dddd323a55b010c29a8626194b71a7a1
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 147844 40f11b60e0f5154680f16c1c67943101
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 261662 7b88269d9ce2877809a0f47daa4e756d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 262336 eced46181f89a7f8ee636c0dce4789f7
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 210246 bb629f54f383bfcce66a6bf0bc1a2b6d
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 825462 051201fb8baa9a7a961961dd5082929a
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 257694 3b8c5bff06a870ccd062ce53771a43a4
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 211268 5e07756440fecd3a3ee3815a6cff3ff5
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 258424 92c5467fbef1d4da6803507b679df099
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 82532 40718aa8ebb6532404fad4b5ee2a1e09
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 84140 743b1e0fd988539a7346bddbcd573767
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 253708 bcc5c9f767c1e62913af45827f04b83f
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb
Size/MD5 checksum: 195214 42f4650b895a51b853c253bbbd1e2cc0
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 2455308 9b8792a5defa5193d825d31dc47b43f2
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 144980 240232c2f4932579c60ecee786c0af26
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 224760 9615e8207a01d2759de57b58cd885286
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 83230 c840cb7342a3a83e0587fd3baacce760
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 2327178 39819fd5f56728620aaefdbe10887c2b
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 147202 f7ebf064272389cf2dd7db7bfe3ff267
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb
Size/MD5 checksum: 161596 b7a2763998f12394ecae68df6ec73fbb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 223898 fbd3f6bc3340643f55862e5b14947345
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 786918 a142a6fbee216aaa87378bdc53773eb2
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 209812 2e4b61b494abdd8e52b219456a82e499
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 219946 4ac3564788d25b492a833e2df463b41e
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 81412 abe1efff8619aac89534c3f4d57c5356
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 211008 865b518f1a18de1020feb2212b137a6c
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 212612 2b8654bdda7346a2a7804800e9a11d8e
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 802766 535b466511548a5264b0da3a3a348381
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 226068 8921ab3294cf45178f3b90fd51fbafc3
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 213694 38498cbd15341da4279e4193a4708c6c
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 226354 57f22f55c3ca485b5974e1f2a4ef1414
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 83934 6a6a2de840f638874d8ae05611f142b9
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 82284 b225eb7806650013baccae619ad08f2b
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 2340926 83bb45aa97542f6f796780c8a2d24c8b
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 221894 872e3f1df2080a84cca36f48e6c8e575
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 151226 3172e8ba667991da2881ea6a7b2781cc
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 84022 f603a1c369bbc7d05efe1ad99325e020
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 153048 0568fcb47c9cad398c7fd7abe2276828
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 82214 f27d31e710ba6640471c47a6fc240aad
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 246406 f18257777ba62d65ceb3aa4842415c74
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 241578 e71e710d7889e79b85e4c20b539a4d26
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 211730 a9913999aac5559db1e75835d87a2efd
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 896810 e8e2d9459750e5d9be76c00923a25696
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 245816 6a876fb502903c7bfcb5a4b8dad71a7a
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 213028 f072f0ca44edc122c1b3e1da847f1c8c
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb
Size/MD5 checksum: 183316 41a32b0fd061c4f2afbd740af5e8325a
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 2385020 366e6e9bd1dec0ba6a784813785f13d3
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 82366 ab10d1ab26c914777c5296fe9ccfe027
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 241326 2ee9101bf92fcac69249094b3ca11e2a
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 240776 43a654cf0439fc97997a57baec5e2995
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 84104 f73a1bff0a8a4426e63803c4e5c67c60
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 783440 053ba7ef4fbb56547200c32c35ac8a0e
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 143414 c20c10a3eadac1c494a5750888875800
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 237396 06841f14531fab0adb92177af849c8be
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 211420 69c67bd0052c70322924b901ba5f5428
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 2324892 87c51cc1fb8ae2532adcfa601a7b5af4
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 212726 11b86a68880fa98a130e449dec0fbbcc
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb
Size/MD5 checksum: 179396 4ae5716372fe19991b0d8a4cc751d45f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 162732 0a9a153e3703f9dbd33e325d67373bce
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb
Size/MD5 checksum: 247068 39445ee73d2076bfa589a5840a3d6024
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 1036624 80b366704dc888c2bea8d84c316faf33
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 208668 c2b06d3c767fa737fbf5e1c3d50d001c
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 311692 77ff8879c2853c4b33903299ec3120c8
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 312616 1c20b667ebbd43b0ee1b01cd1cdd991d
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 83920 a383c7aef1758f963c019793af7b5f92
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 2317952 803f0b941814cbbc49f4e37bc3b9ca95
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 209700 59ab45d2c7c2168a941ff2fc842268e1
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 304670 067ece69f8b9518f9b18cd948c4df971
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 85802 9294d252435e8026d6135bf8efdfaf46
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 2465158 a36366e07810785cd1f2dc3b020d3486
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 780460 a5daeb91029f3b027a810ee22456ebd3
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 233408 ec9001ee4c996d0b14a9e67d9ce380ec
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 82082 1fc55f0526e3bf90c2156364055a1627
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb
Size/MD5 checksum: 171444 789208a77578e49ebca9be904c99aff3
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 83688 8612d0c31dee19c557723b08354c20d7
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 149712 ac8ddf3ab4a3b0fb255adbc588e57305
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 209718 8af3815f7794f4e60d72ba52d3bd19c4
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 229494 c2ef345862009f2a2b979205fec22567
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 208698 246c0001aaa98be577f6c5f004330285
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 233980 ce7b3760443a98b0ddc0607a7a9842bf
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 228110 e45b1c3294102e26eee671b860f4aabc
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 208710 1403636fff03ab43353cdffdef62ffd7
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 83708 9b1c257025920f6dd0a7a2b231c97141
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 209740 546504d6f0a2a449e9bcd618f4700ce5
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 82128 31209b35ecb423f2d88347df6c08eddb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 2420074 b57ff2a01ee7f29d0dcba4214dc7fc21
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 232140 3dfff4c54077cb221e19533f19538834
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 778974 d9d0084ea48aaa56d2f99c632711d084
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb
Size/MD5 checksum: 169470 f04a239ba4f1d6ae4ff8ce0960f784fd
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 232796 8ced513dc28d7165fd76076803b98188
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 150024 c2a66c2c63eeb66df98b136cceadc780
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 84570 b43f074242385089dda2aae2e9ae1595
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 915976 723f3349b829894595b913099f06ecc2
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 257408 c4bab781417526a0dfdb2240ab2fef07
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 2495210 6fb817120bcb095006fd09d2318f28ee
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb
Size/MD5 checksum: 195192 6b4d950e48c6cdfd00d403e42b719b40
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 208684 ece82cc979cff6832d51a6caf51f38b5
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 82908 c54a24103b503b5de1b27993ee33610f
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 160960 361e2bae65d5f1303073d8e4d88ccdb7
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 209714 81fbc6671b2d4137dc52232e9d572ea9
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 258234 6dbd57dc907e93b5e9dcd3058e99b30f
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 253294 696e2e9219d6e029c0c6f024045a4d5f
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 82544 4e332ccedffd13b1e7b866fe71cf8a9b
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb
Size/MD5 checksum: 197642 e32a924a47b90452356956e3fe39d34e
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 255970 197eea5c422ecf37ec592bf9612c3b2f
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 208694 33dddaec24eb4475411eb55abb5d5e71
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 150912 2aa00b2fb3b84a536030f5b5635115bc
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 209726 cf54089c8a33087820f8c9359e461625
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 2409108 1b6e40f5d2772a0a1f26424f4b470136
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 824586 ff52926d953f8b5cbde82ac31176dedb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 259924 655aca8f56383ebd106ded50d8f557ea
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 260610 12751082d3f1466735d1b3d395d63690
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 84310 9aa451ccb1513c05f4ccc0319124181e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 2231018 fcdbb08c45ff474592590fac0aa78dac
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 84568 6dcf4195e216a22ef2919806d55d5098
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 237224 9bf96cc5f932643b1c55c6a9fa238af1
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 241474 ed8557af547d9d55a075fca5cf88488d
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 82888 bde0baf83e2e972b398be6a500f77125
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb
Size/MD5 checksum: 177562 09cbb49296407c83ef1575b003dfb129
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 241014 2c10b920cdfec918af3eb148e29fca0f
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 212798 28edff7612bb824fc20d88c29b8b7e1f
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 781748 63e7003956d73b1a04e544c00eaa7728
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 213976 b7e758d0a2e6574944d27e2d6e40f60c
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 146596 c37cea33bed94a68326b511a66bf050e
These files will probably be moved into the stable distribution on
its next update.
Patch kit installation instructions are provided in the file SSRT090244 Apache CVE-2009-3094, CVE-2009-3095.txt .
The patch kits and installation instructions are available from the following location using ftp:
Host Account Password
ftp.usa.hp.com ewt01 Welcome1
CSWS version 2.1-1 patch kits are available for both ALPHA and ITANIUM platforms.
Itanium Images
mod_proxy.exe_ia64
mod_proxy_ftp.exe_ia64
Alpha Images
mod_proxy.exe_axp
mod_proxy_ftp.exe_axp
The patch images will be provided in the next regularly scheduled update of CSWS 2.1-1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02160663
Version: 1
HPSBUX02531 SSRT100108 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS), Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-06-02
Last Updated: 2010-06-02
- -----------------------------------------------------------------------------
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.
References: CVE-2009-3094, CVE-2009-3095, CVE-2010-0408, CVE-2010-0740, CVE-2010-0433, CVE-2010-0434
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.09
HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.15
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-3094 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4
CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2010-0408 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2010-0434 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
Note: CVE-2009-3094, CVE-2009-3095 and 2010-0740 affect only HP-UX Web Server Suite v2.30;
CVE-2010-0408, CVE-2010-0433 and CVE-2010-0434 affect only HP-UX Web Server Suite v3.09.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities.
The upgrades are available from the following location:
URL http://software.hp.com
Note: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09
Note: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15
Web Server Suite Version / HP-UX Release / Depot name
Web Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot
Web Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot
Web Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot
Web Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot
Web Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot
Web Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot
Web Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent
or
Install Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Web Server Suite before v3.09
HP-UX B.11.23
==================
hpuxws22APACHE.APACHE
hpuxws22APACHE.APACHE2
hpuxws22APACHE.AUTH_LDAP
hpuxws22APACHE.AUTH_LDAP2
hpuxws22APACHE.MOD_JK
hpuxws22APACHE.MOD_JK2
hpuxws22APACHE.MOD_PERL
hpuxws22APACHE.MOD_PERL2
hpuxws22APACHE.PHP
hpuxws22APACHE.PHP2
action: install revision B.2.2.8.09 or subsequent
HP-UX B.11.31
==================
hpuxws22APCH32.APACHE
hpuxws22APCH32.APACHE2
hpuxws22APCH32.AUTH_LDAP
hpuxws22APCH32.AUTH_LDAP2
hpuxws22APCH32.MOD_JK
hpuxws22APCH32.MOD_JK2
hpuxws22APCH32.MOD_PERL
hpuxws22APCH32.MOD_PERL2
hpuxws22APCH32.PHP
hpuxws22APCH32.PHP2
hpuxws22APCH32.WEBPROXY
hpuxws22APCH32.WEBPROXY2
action: install revision B.2.2.8.09 or subsequent
For Web Server Suite before v2.30
HP-UX B.11.11
==================
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.15 or subsequent
HP-UX B.11.23
==================
hpuxwsAPCH32.APACHE
hpuxwsAPCH32.APACHE2
hpuxwsAPCH32.AUTH_LDAP
hpuxwsAPCH32.AUTH_LDAP2
hpuxwsAPCH32.MOD_JK
hpuxwsAPCH32.MOD_JK2
hpuxwsAPCH32.MOD_PERL
hpuxwsAPCH32.MOD_PERL2
hpuxwsAPCH32.PHP
hpuxwsAPCH32.PHP2
hpuxwsAPCH32.WEBPROXY
action: install revision B.2.0.59.15 or subsequent
HP-UX B.11.31
==================
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.15 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 2 June 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwG2+IACgkQ4B86/C0qfVm3LACfZ2twc1MNibwpLscDC7giyJJv
nksAnR0xfycsdI9Z5RyDC/o+Dnt4Q100
=/Gfl
-----END PGP SIGNATURE-----
.
BAC v8.07 supplies Apache 2.2.17. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com
| VAR-200908-0535 | No CVE | Issue of Access Control Failure in Hitachi Device Manager Server |
CVSS V2: 6.8 CVSS V3: - Severity: Medium |
Hitachi Device Manager servers contain a vulnerability in which access control settings would be rendered invalid in the following cases: - IPv6 format is used for communications between a Hitachi Device Manager server and its clients. - Access controls for Hitachi Device Manager clients are set by the range of IP addresses written in the CIDR format.An unauthorized client may gain access to the Hitachi Device Manager server.
Very few technical details are available. We will update this BID when more information emerges. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Hitachi Device Manager Server IPv6 Security Bypass Vulnerability
SECUNIA ADVISORY ID:
SA36526
VERIFY ADVISORY:
http://secunia.com/advisories/36526/
DESCRIPTION:
A vulnerability has been reported in multiple Hitachi products, which
can be exploited by malicious people to bypass certain security
restrictions.
Successful exploitation requires that the application is running in
an IPv6 environment and that the CIDR format is used in rules
restricting network access.
SOLUTION:
Apply vendor patches (please see vendor advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Hitachi:
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-013/index.html
OTHER REFERENCES:
JVN:
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001931.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------