what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2014-174

Mandriva Linux Security Advisory 2014-174
Posted Sep 4, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-174 - The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states this is not a security issue in httpd as such. The updated packages have been upgraded to the latest 2.2.29 version which is not vulnerable to this issue.

tags | advisory, remote, web
systems | linux, mandriva
advisories | CVE-2013-5704
SHA-256 | fcee1df5464ebe1c1e6cd586ef4fa054f4e6a4553cd41003cf8e0cff62185e2c

Mandriva Linux Security Advisory 2014-174

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:174
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : apache
Date : September 4, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in apache (ASF HTTPD):

The mod_headers module in the Apache HTTP Server 2.2.22 allows
remote attackers to bypass RequestHeader unset directives by placing
a header in the trailer portion of data sent with chunked transfer
coding. NOTE: the vendor states this is not a security issue in httpd
as such. (CVE-2013-5704).

The updated packages have been upgraded to the latest 2.2.29 version
which is not vulnerable to this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704
https://httpd.apache.org/security/vulnerabilities_24.html
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
29750abc525fa1f663282d289152728d mbs1/x86_64/apache-2.2.29-1.mbs1.x86_64.rpm
721035ffb6d7d21074f35717e3f44aaf mbs1/x86_64/apache-devel-2.2.29-1.mbs1.x86_64.rpm
26297afb85c6296c32e00126ac40ea9b mbs1/x86_64/apache-doc-2.2.29-1.mbs1.noarch.rpm
e53712739979bb6a1cd6c85165b1242a mbs1/x86_64/apache-htcacheclean-2.2.29-1.mbs1.x86_64.rpm
7fe720b46b6ebad13e251a9f36bbb28a mbs1/x86_64/apache-mod_authn_dbd-2.2.29-1.mbs1.x86_64.rpm
9f09d825cfd11dc8f8027ac3bd1c261c mbs1/x86_64/apache-mod_cache-2.2.29-1.mbs1.x86_64.rpm
7d1ffd5f5df3200633bbb199b7c1523e mbs1/x86_64/apache-mod_dav-2.2.29-1.mbs1.x86_64.rpm
47ac5b86d4abcf7da0bfbbe9746738f8 mbs1/x86_64/apache-mod_dbd-2.2.29-1.mbs1.x86_64.rpm
30d1f26436b3db46048646ef958efddc mbs1/x86_64/apache-mod_deflate-2.2.29-1.mbs1.x86_64.rpm
ba2f01b8e532bb6d799a400162505199 mbs1/x86_64/apache-mod_disk_cache-2.2.29-1.mbs1.x86_64.rpm
fe40c02ee1cbdd83112356de42a2a626 mbs1/x86_64/apache-mod_file_cache-2.2.29-1.mbs1.x86_64.rpm
496a38cfceda7248fd711545dae76891 mbs1/x86_64/apache-mod_ldap-2.2.29-1.mbs1.x86_64.rpm
7628aa8f44becd4df7e0b3b647970915 mbs1/x86_64/apache-mod_mem_cache-2.2.29-1.mbs1.x86_64.rpm
9e04002218f22396cdfd2cb889da3e5e mbs1/x86_64/apache-mod_proxy-2.2.29-1.mbs1.x86_64.rpm
db545b5ea18345ddf4e4e16b4f0fac06 mbs1/x86_64/apache-mod_proxy_ajp-2.2.29-1.mbs1.x86_64.rpm
95d3fa71a040403e77c943d6923a90eb mbs1/x86_64/apache-mod_proxy_scgi-2.2.29-1.mbs1.x86_64.rpm
388a8240499cec37971a6ce592da4140 mbs1/x86_64/apache-mod_reqtimeout-2.2.29-1.mbs1.x86_64.rpm
d5e371ec472c6a05be68f87225027477 mbs1/x86_64/apache-mod_ssl-2.2.29-1.mbs1.x86_64.rpm
d20e4fd4af86f72b2c73f046d5ae53f8 mbs1/x86_64/apache-mod_suexec-2.2.29-1.mbs1.x86_64.rpm
f045696188805a71bddedbf4fbfc0983 mbs1/x86_64/apache-mod_userdir-2.2.29-1.mbs1.x86_64.rpm
2d3e37248a242d1106ede4d5ab1233f7 mbs1/x86_64/apache-mpm-event-2.2.29-1.mbs1.x86_64.rpm
4bed9538651df001dc99eceec5022f76 mbs1/x86_64/apache-mpm-itk-2.2.29-1.mbs1.x86_64.rpm
2502b612c9679119ea0c106db3c8b344 mbs1/x86_64/apache-mpm-peruser-2.2.29-1.mbs1.x86_64.rpm
a9611bd147a083dbd69bccc2c3dfc230 mbs1/x86_64/apache-mpm-prefork-2.2.29-1.mbs1.x86_64.rpm
a9a25d4cca89ac9941324f5adef736cc mbs1/x86_64/apache-mpm-worker-2.2.29-1.mbs1.x86_64.rpm
1ed209164c99e8430f4265d0c8500706 mbs1/x86_64/apache-source-2.2.29-1.mbs1.noarch.rpm
3e21e977464838c686fc1e07b9a9e6a7 mbs1/SRPMS/apache-2.2.29-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUCGsAmqjQ0CJFipgRAkD6AJ0eiJQ1D34BwBWCXxHIetoukCjAawCgze3z
ztA2F7284689+WB9M+caBLw=
=8+uD
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close