the original cloud security

Mandriva Linux Security Advisory 2010-153

Mandriva Linux Security Advisory 2010-153
Posted Aug 17, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-153 - The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service via a request that lacks a path. mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.

tags | advisory, remote, web, denial of service
systems | linux, unix, mandriva
advisories | CVE-2010-1452, CVE-2010-2791
MD5 | 212308e468d40ad73c1e17b0a36f2806

Mandriva Linux Security Advisory 2010-153

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:153
http://www.mandriva.com/security/
_______________________________________________________________________

Package : apache
Date : August 16, 2010
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in apache:

The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x
before 2.2.16 allow remote attackers to cause a denial of service
(process crash) via a request that lacks a path (CVE-2010-1452).

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix,
does not close the backend connection if a timeout occurs when reading
a response from a persistent connection, which allows remote attackers
to obtain a potentially sensitive response intended for a different
client in opportunistic circumstances via a normal HTTP request.
NOTE: this is the same issue as CVE-2010-2068, but for a different
OS and set of affected versions (CVE-2010-2791).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2791
http://httpd.apache.org/security/vulnerabilities_22.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
238de136ebd4ef12d69c2bc8a3e3d3be 2009.0/i586/apache-base-2.2.9-12.10mdv2009.0.i586.rpm
141124279c0755c0299d59587f0eafeb 2009.0/i586/apache-devel-2.2.9-12.10mdv2009.0.i586.rpm
05cf83c379680e3ed51340b42d084b54 2009.0/i586/apache-htcacheclean-2.2.9-12.10mdv2009.0.i586.rpm
9e1f554bb3705dedaddba825f1b56403 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.10mdv2009.0.i586.rpm
9a3655c03604fcd04b4d1e0e34dedffc 2009.0/i586/apache-mod_cache-2.2.9-12.10mdv2009.0.i586.rpm
0a92ae5396ef3bc58481964474fbbb19 2009.0/i586/apache-mod_dav-2.2.9-12.10mdv2009.0.i586.rpm
63df221d5cf990cd347466419a8b0377 2009.0/i586/apache-mod_dbd-2.2.9-12.10mdv2009.0.i586.rpm
1b2dbf225749350a9bb7dcdf20b92227 2009.0/i586/apache-mod_deflate-2.2.9-12.10mdv2009.0.i586.rpm
5ecc8f17635dd7e7428292628daeda79 2009.0/i586/apache-mod_disk_cache-2.2.9-12.10mdv2009.0.i586.rpm
8fab3607fe02e1564939f8c20f0d207b 2009.0/i586/apache-mod_file_cache-2.2.9-12.10mdv2009.0.i586.rpm
88cd61a082b42899bda94777ab7e62aa 2009.0/i586/apache-mod_ldap-2.2.9-12.10mdv2009.0.i586.rpm
1ff181c8481cda668fcb129052ab094c 2009.0/i586/apache-mod_mem_cache-2.2.9-12.10mdv2009.0.i586.rpm
6eedc6c5d7727f408882a07d0408bbdd 2009.0/i586/apache-mod_proxy-2.2.9-12.10mdv2009.0.i586.rpm
ba21753018cb8fb4aa4750e8fe77e022 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.10mdv2009.0.i586.rpm
2a90910cff8efc4dd4c61db469548bf5 2009.0/i586/apache-mod_ssl-2.2.9-12.10mdv2009.0.i586.rpm
35e3bca53a5880a07b24ad72f6dd6d07 2009.0/i586/apache-modules-2.2.9-12.10mdv2009.0.i586.rpm
62e5846e1811ba312d6bb8f049493788 2009.0/i586/apache-mod_userdir-2.2.9-12.10mdv2009.0.i586.rpm
0f15da6722a641d7d5e5b911e8c0cece 2009.0/i586/apache-mpm-event-2.2.9-12.10mdv2009.0.i586.rpm
9b9f2d505afcc686c7d7fd1fb80615f7 2009.0/i586/apache-mpm-itk-2.2.9-12.10mdv2009.0.i586.rpm
d839ec4ccd71e89115f9f62cd6ceee36 2009.0/i586/apache-mpm-peruser-2.2.9-12.10mdv2009.0.i586.rpm
e4ae2a88b622053fe3b319343fadaf1e 2009.0/i586/apache-mpm-prefork-2.2.9-12.10mdv2009.0.i586.rpm
797172063095f4f48199e0f5c6df34df 2009.0/i586/apache-mpm-worker-2.2.9-12.10mdv2009.0.i586.rpm
56a686181dec3713a922e2beb1b74515 2009.0/i586/apache-source-2.2.9-12.10mdv2009.0.i586.rpm
ffc80b53691b9200454d986e66728aa2 2009.0/SRPMS/apache-2.2.9-12.10mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
c578a6e9a29e81df145a388e8696e8f0 2009.0/x86_64/apache-base-2.2.9-12.10mdv2009.0.x86_64.rpm
168df22318ae9ea5be0f265b9aaa486a 2009.0/x86_64/apache-devel-2.2.9-12.10mdv2009.0.x86_64.rpm
3fd73c32becdc0c7ea67283c3a056e52 2009.0/x86_64/apache-htcacheclean-2.2.9-12.10mdv2009.0.x86_64.rpm
875d0e01dd140f65da24a14eb57ae484 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.10mdv2009.0.x86_64.rpm
3247dcd354558d0fe035feda4416c8a0 2009.0/x86_64/apache-mod_cache-2.2.9-12.10mdv2009.0.x86_64.rpm
101c210907cd0e5d289081d80f83892e 2009.0/x86_64/apache-mod_dav-2.2.9-12.10mdv2009.0.x86_64.rpm
10b7a5d979b99bcbf38fdbe0e036a1cf 2009.0/x86_64/apache-mod_dbd-2.2.9-12.10mdv2009.0.x86_64.rpm
82c0a9a58e60d6018447052ad22b4507 2009.0/x86_64/apache-mod_deflate-2.2.9-12.10mdv2009.0.x86_64.rpm
fae88ae076de0bc2528f6b01f96c0608 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.10mdv2009.0.x86_64.rpm
a506f22a169f2de5a2705eeb6742fc69 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.10mdv2009.0.x86_64.rpm
069155f234c22f55c30d20bda33dd40a 2009.0/x86_64/apache-mod_ldap-2.2.9-12.10mdv2009.0.x86_64.rpm
c4a56e07aabaac67a5fb491b72cbdd5e 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.10mdv2009.0.x86_64.rpm
842ce796a5ce358267588e62dc6c1d84 2009.0/x86_64/apache-mod_proxy-2.2.9-12.10mdv2009.0.x86_64.rpm
de2dfcf5017e07456237ebaebb94b63a 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.10mdv2009.0.x86_64.rpm
e7424124fd455d338fe7807085a465f8 2009.0/x86_64/apache-mod_ssl-2.2.9-12.10mdv2009.0.x86_64.rpm
cc51ff1bc2bb86fa375c64a83cbe5669 2009.0/x86_64/apache-modules-2.2.9-12.10mdv2009.0.x86_64.rpm
bd9169da6ee818841c99f893d97758ab 2009.0/x86_64/apache-mod_userdir-2.2.9-12.10mdv2009.0.x86_64.rpm
d786b5b3e993f6b762984939a59188ac 2009.0/x86_64/apache-mpm-event-2.2.9-12.10mdv2009.0.x86_64.rpm
3663a04f5b3bece171140300beca60a6 2009.0/x86_64/apache-mpm-itk-2.2.9-12.10mdv2009.0.x86_64.rpm
1893fd3799e3914f79b4e99435f7f28d 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.10mdv2009.0.x86_64.rpm
08cf47881f23b2f6423c7c0243369468 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.10mdv2009.0.x86_64.rpm
b79fc5815401552c1ee4dd411ea60e9e 2009.0/x86_64/apache-mpm-worker-2.2.9-12.10mdv2009.0.x86_64.rpm
d03ac2690298a61b630ec151fef1110b 2009.0/x86_64/apache-source-2.2.9-12.10mdv2009.0.x86_64.rpm
ffc80b53691b9200454d986e66728aa2 2009.0/SRPMS/apache-2.2.9-12.10mdv2009.0.src.rpm

Mandriva Enterprise Server 5:
cae43472379d49f78134e2058709677a mes5/i586/apache-base-2.2.9-12.10mdvmes5.1.i586.rpm
a71d55063dc1c638e2dfeed6379405e7 mes5/i586/apache-devel-2.2.9-12.10mdvmes5.1.i586.rpm
96c5a3f3408f16608e4aa0eae921eadc mes5/i586/apache-htcacheclean-2.2.9-12.10mdvmes5.1.i586.rpm
d91c5806b0647c7de4a7ae5a7acb5901 mes5/i586/apache-mod_authn_dbd-2.2.9-12.10mdvmes5.1.i586.rpm
51709df2ae1d1bbbb80161d17823ed54 mes5/i586/apache-mod_cache-2.2.9-12.10mdvmes5.1.i586.rpm
76d66f1632147a1db2a66ec8449676a7 mes5/i586/apache-mod_dav-2.2.9-12.10mdvmes5.1.i586.rpm
c8fc9d26366cf23cb4e02e0ba7c40ab1 mes5/i586/apache-mod_dbd-2.2.9-12.10mdvmes5.1.i586.rpm
f407cb9d289d4df8f395b7469221af83 mes5/i586/apache-mod_deflate-2.2.9-12.10mdvmes5.1.i586.rpm
870246ffc86e5453bebc0adeff740f23 mes5/i586/apache-mod_disk_cache-2.2.9-12.10mdvmes5.1.i586.rpm
c373b7252a58575f8b100cc9a77897d6 mes5/i586/apache-mod_file_cache-2.2.9-12.10mdvmes5.1.i586.rpm
72b7c2d21a4aa038d384bb15f1171acd mes5/i586/apache-mod_ldap-2.2.9-12.10mdvmes5.1.i586.rpm
7c4d510bdaa58bb13b4281283462d4e8 mes5/i586/apache-mod_mem_cache-2.2.9-12.10mdvmes5.1.i586.rpm
e88f86183f1edab93caf98a98496237d mes5/i586/apache-mod_proxy-2.2.9-12.10mdvmes5.1.i586.rpm
5c6f9547a6ff4faad90cf8f4fa6ad841 mes5/i586/apache-mod_proxy_ajp-2.2.9-12.10mdvmes5.1.i586.rpm
ebb11a941f84db7fbc28ce274f9e8ba6 mes5/i586/apache-mod_ssl-2.2.9-12.10mdvmes5.1.i586.rpm
9854699e46d9dfdfcabc5cd034c00b96 mes5/i586/apache-modules-2.2.9-12.10mdvmes5.1.i586.rpm
51323be198089431321036224db67d03 mes5/i586/apache-mod_userdir-2.2.9-12.10mdvmes5.1.i586.rpm
c046c955c1c506c03197d392df79c748 mes5/i586/apache-mpm-event-2.2.9-12.10mdvmes5.1.i586.rpm
704649a20a5017f880eb36f2759fa835 mes5/i586/apache-mpm-itk-2.2.9-12.10mdvmes5.1.i586.rpm
91003a47a1b7a5be432db522d40c00f8 mes5/i586/apache-mpm-peruser-2.2.9-12.10mdvmes5.1.i586.rpm
adb996091556269761169421570ca809 mes5/i586/apache-mpm-prefork-2.2.9-12.10mdvmes5.1.i586.rpm
28d84353ee16bb7945fcfcf8cafd8c66 mes5/i586/apache-mpm-worker-2.2.9-12.10mdvmes5.1.i586.rpm
f4ebb8202d84b91e93c79f65188ca23e mes5/i586/apache-source-2.2.9-12.10mdvmes5.1.i586.rpm
da98e1bb9ad5504b54849dc44dd0c405 mes5/SRPMS/apache-2.2.9-12.10mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64:
94082a462cbbedc8c26aab5b6573bf82 mes5/x86_64/apache-base-2.2.9-12.10mdvmes5.1.x86_64.rpm
315b539457792bc6e30b59564d6c1aa5 mes5/x86_64/apache-devel-2.2.9-12.10mdvmes5.1.x86_64.rpm
defdf4efb19dfbd2efe8f799957dba00 mes5/x86_64/apache-htcacheclean-2.2.9-12.10mdvmes5.1.x86_64.rpm
46b8507c6df22032fb25df9f1057d473 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.10mdvmes5.1.x86_64.rpm
08732297da7d96414a6e66d0b5fe4f72 mes5/x86_64/apache-mod_cache-2.2.9-12.10mdvmes5.1.x86_64.rpm
6d059d9fc62ec59c93afb20fe2b1e134 mes5/x86_64/apache-mod_dav-2.2.9-12.10mdvmes5.1.x86_64.rpm
7a6a0e7b8086db5bfde394f0bbff7299 mes5/x86_64/apache-mod_dbd-2.2.9-12.10mdvmes5.1.x86_64.rpm
8977f6e2b5b6bb21f456752a215019b0 mes5/x86_64/apache-mod_deflate-2.2.9-12.10mdvmes5.1.x86_64.rpm
a642f9d74eed23992905d4ca26570b1a mes5/x86_64/apache-mod_disk_cache-2.2.9-12.10mdvmes5.1.x86_64.rpm
6c583416f58264f0e6be8a8dfd426715 mes5/x86_64/apache-mod_file_cache-2.2.9-12.10mdvmes5.1.x86_64.rpm
40092f4dd75fdb25506c136c6ae1cd87 mes5/x86_64/apache-mod_ldap-2.2.9-12.10mdvmes5.1.x86_64.rpm
c4323601dc144cb51e024cf178dfe414 mes5/x86_64/apache-mod_mem_cache-2.2.9-12.10mdvmes5.1.x86_64.rpm
584fff4d5eb4b4c55da1d298468fab68 mes5/x86_64/apache-mod_proxy-2.2.9-12.10mdvmes5.1.x86_64.rpm
cd69b1c53233a546f26ac1a06a56b76f mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.10mdvmes5.1.x86_64.rpm
68d9fcdd47f4767dfb4e58f210c31d97 mes5/x86_64/apache-mod_ssl-2.2.9-12.10mdvmes5.1.x86_64.rpm
86c8a0a66627ad73123a7a8f19442c08 mes5/x86_64/apache-modules-2.2.9-12.10mdvmes5.1.x86_64.rpm
de0d632919fc6edfd091f3b1871c0ca9 mes5/x86_64/apache-mod_userdir-2.2.9-12.10mdvmes5.1.x86_64.rpm
0e4d84870327be57163579b66c3ac104 mes5/x86_64/apache-mpm-event-2.2.9-12.10mdvmes5.1.x86_64.rpm
0959bfed96992d16c58f9ee22c04af07 mes5/x86_64/apache-mpm-itk-2.2.9-12.10mdvmes5.1.x86_64.rpm
43eb9f6c352bbbe049628bbd41756b9b mes5/x86_64/apache-mpm-peruser-2.2.9-12.10mdvmes5.1.x86_64.rpm
919a363ca56831f04f2e622cc1a192f3 mes5/x86_64/apache-mpm-prefork-2.2.9-12.10mdvmes5.1.x86_64.rpm
ec1d3e1ae8c2bc3e547fd8f095fcfe23 mes5/x86_64/apache-mpm-worker-2.2.9-12.10mdvmes5.1.x86_64.rpm
7637fb712b7b08cffda967a66c3c47aa mes5/x86_64/apache-source-2.2.9-12.10mdvmes5.1.x86_64.rpm
da98e1bb9ad5504b54849dc44dd0c405 mes5/SRPMS/apache-2.2.9-12.10mdvmes5.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMaTSHmqjQ0CJFipgRAtoCAJ9BGN6CAncvlMzNDaRADUpkjPp7uACg7Mpx
rElFxWU84znmOrOERj6iHh8=
=oTXe
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close