what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-102

Mandriva Linux Security Advisory 2009-102
Posted May 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-102 - mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request. This update provides fixes for that vulnerability.

tags | advisory, remote, web
systems | linux, mandriva
advisories | CVE-2009-1191
SHA-256 | a5a7b231c6a42221cdc1fa8fdcce4e43a477bfbdca5eb1e881627cce83031126

Mandriva Linux Security Advisory 2009-102

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:102
http://www.mandriva.com/security/
_______________________________________________________________________

Package : apache
Date : April 30, 2009
Affected: 2009.1
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in apache:

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server
2.2.11 allows remote attackers to obtain sensitive response data,
intended for a client that sent an earlier POST request with no
request body, via an HTTP request (CVE-2009-1191).

This update provides fixes for that vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.1:
84173d7808395e9764cf8a6bf73518b1 2009.1/i586/apache-base-2.2.11-10.1mdv2009.1.i586.rpm
cf5436765525b3adc826daa5bc210ab5 2009.1/i586/apache-devel-2.2.11-10.1mdv2009.1.i586.rpm
05da7f68e46c4314dccf1391f3e575d6 2009.1/i586/apache-htcacheclean-2.2.11-10.1mdv2009.1.i586.rpm
a78717a71f2aeffc488b4a79e0f13a5c 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.1mdv2009.1.i586.rpm
d82c899d917a0432093a95a7994f3212 2009.1/i586/apache-mod_cache-2.2.11-10.1mdv2009.1.i586.rpm
6286f9a46a5cf1c69389020f2b8f1ba9 2009.1/i586/apache-mod_dav-2.2.11-10.1mdv2009.1.i586.rpm
f84e50430736a059f89036436cf093d0 2009.1/i586/apache-mod_dbd-2.2.11-10.1mdv2009.1.i586.rpm
aa900c2245dda03318a50d1950466e70 2009.1/i586/apache-mod_deflate-2.2.11-10.1mdv2009.1.i586.rpm
d7613d9f701996918b2e612b2f9945ce 2009.1/i586/apache-mod_disk_cache-2.2.11-10.1mdv2009.1.i586.rpm
1584026aec3bb46e5a277d8c239d5cc4 2009.1/i586/apache-mod_file_cache-2.2.11-10.1mdv2009.1.i586.rpm
85c01c35c9a10050d03c83fab0cc7b07 2009.1/i586/apache-mod_ldap-2.2.11-10.1mdv2009.1.i586.rpm
dd3fe1449025622ee3bde812643c60cd 2009.1/i586/apache-mod_mem_cache-2.2.11-10.1mdv2009.1.i586.rpm
3786880d703cea5a5a5e035318b63918 2009.1/i586/apache-mod_proxy-2.2.11-10.1mdv2009.1.i586.rpm
b56fc78a2da3de576c685b641f8d620a 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.1mdv2009.1.i586.rpm
9cffd8c0587a34aa2d513aed57bccf07 2009.1/i586/apache-mod_ssl-2.2.11-10.1mdv2009.1.i586.rpm
47891fcaefd8f5b22ab707353f3b8192 2009.1/i586/apache-modules-2.2.11-10.1mdv2009.1.i586.rpm
0c3dcb4931fe01468275ec0e05a30595 2009.1/i586/apache-mod_userdir-2.2.11-10.1mdv2009.1.i586.rpm
7eb07e1ae40b4d790275a96da9c0c40b 2009.1/i586/apache-mpm-event-2.2.11-10.1mdv2009.1.i586.rpm
58b7e5edbee5510b2269ddbe051ea72a 2009.1/i586/apache-mpm-itk-2.2.11-10.1mdv2009.1.i586.rpm
4bfbe7ff2ee129eb7acceff9ae92223d 2009.1/i586/apache-mpm-peruser-2.2.11-10.1mdv2009.1.i586.rpm
4f282324726b702b83c101c718c6c5ce 2009.1/i586/apache-mpm-prefork-2.2.11-10.1mdv2009.1.i586.rpm
3bfc7be3fc27b1b1c488092c609b31e9 2009.1/i586/apache-mpm-worker-2.2.11-10.1mdv2009.1.i586.rpm
6acf6841d772e23440f83bd89ebf49ea 2009.1/i586/apache-source-2.2.11-10.1mdv2009.1.i586.rpm
1715fdb5dce7fd4b93c47c11e045d5ea 2009.1/SRPMS/apache-2.2.11-10.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
da7e1a2f61449581eb6472909c405554 2009.1/x86_64/apache-base-2.2.11-10.1mdv2009.1.x86_64.rpm
370cd6bc3b5dddbe096c292d6c64b2a8 2009.1/x86_64/apache-devel-2.2.11-10.1mdv2009.1.x86_64.rpm
0d40fd7ad65adf7ec4bce90d70b6cca1 2009.1/x86_64/apache-htcacheclean-2.2.11-10.1mdv2009.1.x86_64.rpm
43b68e253a37cd3c849a5611cafdd3f4 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.1mdv2009.1.x86_64.rpm
fdd3942faeb19f783522485602d02aa5 2009.1/x86_64/apache-mod_cache-2.2.11-10.1mdv2009.1.x86_64.rpm
4b1582292c86fb24d3012b9ec01f6b33 2009.1/x86_64/apache-mod_dav-2.2.11-10.1mdv2009.1.x86_64.rpm
84f82788780a7a2143c47b902918b495 2009.1/x86_64/apache-mod_dbd-2.2.11-10.1mdv2009.1.x86_64.rpm
d8da90b82dad28ffb6d08a37a3801623 2009.1/x86_64/apache-mod_deflate-2.2.11-10.1mdv2009.1.x86_64.rpm
fb760b8890ced968acaae0c97e7ebe29 2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.1mdv2009.1.x86_64.rpm
57508bfeff839917bd2840d88f1e7242 2009.1/x86_64/apache-mod_file_cache-2.2.11-10.1mdv2009.1.x86_64.rpm
ec39a0800645bb3c2e70b6433f3be014 2009.1/x86_64/apache-mod_ldap-2.2.11-10.1mdv2009.1.x86_64.rpm
03b1273fec51287c89eb728320865413 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.1mdv2009.1.x86_64.rpm
a47cd7dafa57ae146f3ef62f152ed652 2009.1/x86_64/apache-mod_proxy-2.2.11-10.1mdv2009.1.x86_64.rpm
4cca6e597f9b42dc8df2d322abfef052 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.1mdv2009.1.x86_64.rpm
54b731a8732163081ef52005720bc10b 2009.1/x86_64/apache-mod_ssl-2.2.11-10.1mdv2009.1.x86_64.rpm
8574d616adb823ab1204b3175a6d187c 2009.1/x86_64/apache-modules-2.2.11-10.1mdv2009.1.x86_64.rpm
8da6f834e5dc5994acb5e21dde9db5ca 2009.1/x86_64/apache-mod_userdir-2.2.11-10.1mdv2009.1.x86_64.rpm
cc7b72ebb9cb262b8650a77e2d231454 2009.1/x86_64/apache-mpm-event-2.2.11-10.1mdv2009.1.x86_64.rpm
d44150c74bf7b5962942ef15b465e99f 2009.1/x86_64/apache-mpm-itk-2.2.11-10.1mdv2009.1.x86_64.rpm
c39db13bb76acb414c2baae91f9a1261 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.1mdv2009.1.x86_64.rpm
b32f61458288390688c852502b6e6a9b 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.1mdv2009.1.x86_64.rpm
a9433a9b6f4b84e9f22e7705e0addf35 2009.1/x86_64/apache-mpm-worker-2.2.11-10.1mdv2009.1.x86_64.rpm
e8546ef348460ceb6e71633621fe203c 2009.1/x86_64/apache-source-2.2.11-10.1mdv2009.1.x86_64.rpm
1715fdb5dce7fd4b93c47c11e045d5ea 2009.1/SRPMS/apache-2.2.11-10.1mdv2009.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ+tDlmqjQ0CJFipgRAq01AJ9Xlvt3Mwp4NAjlsIa8wxqBBDCAEgCg7PVt
lVg6vojqNkzklOdABMiZxLc=
=qVOR
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close