-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:127 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache Date : June 19, 2007 Affected: 2007.1 _______________________________________________________________________ Problem Description: The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users. Updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: df215cfeb60037cfa93256a75127b65a 2007.1/i586/apache-base-2.2.4-6.1mdv2007.1.i586.rpm 6cd861555039d06cd807b376b39650ad 2007.1/i586/apache-devel-2.2.4-6.1mdv2007.1.i586.rpm 9479c5f3735db0cc7f9c66e7ccd1a206 2007.1/i586/apache-htcacheclean-2.2.4-6.1mdv2007.1.i586.rpm dc12e7ca2fd3733dcd3efb012acad4cc 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.1mdv2007.1.i586.rpm 4535f149502f37cab65aacebd7581471 2007.1/i586/apache-mod_cache-2.2.4-6.1mdv2007.1.i586.rpm 5085f9e8d2aa6e38766efb4a9154d306 2007.1/i586/apache-mod_dav-2.2.4-6.1mdv2007.1.i586.rpm 5ee61567d1288d16ed2307893554b1b7 2007.1/i586/apache-mod_dbd-2.2.4-6.1mdv2007.1.i586.rpm af13cd68fc98ffbc9e87cb0d65a5cd5b 2007.1/i586/apache-mod_deflate-2.2.4-6.1mdv2007.1.i586.rpm 1e57f2992f30eb325896c5e8782ae2ea 2007.1/i586/apache-mod_disk_cache-2.2.4-6.1mdv2007.1.i586.rpm 1c42fbe45621eaf9ac3feb6f49180340 2007.1/i586/apache-mod_file_cache-2.2.4-6.1mdv2007.1.i586.rpm 84e50eb41ff1ceb96c967220073c245e 2007.1/i586/apache-mod_ldap-2.2.4-6.1mdv2007.1.i586.rpm d9180cbce5786167ea09c1ec95b6fc7d 2007.1/i586/apache-mod_mem_cache-2.2.4-6.1mdv2007.1.i586.rpm b4e17906ac249e5b02d31c7ec52cb49d 2007.1/i586/apache-mod_proxy-2.2.4-6.1mdv2007.1.i586.rpm dfb17e965b455ce2eac1c484364e1471 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.1mdv2007.1.i586.rpm f9853d6370b283ef32279200770fd13b 2007.1/i586/apache-mod_ssl-2.2.4-6.1mdv2007.1.i586.rpm 27b683c0dbc1ad12c05948d152b551ec 2007.1/i586/apache-mod_userdir-2.2.4-6.1mdv2007.1.i586.rpm 6ecbb209db716ce8ae0f8668f132cf26 2007.1/i586/apache-modules-2.2.4-6.1mdv2007.1.i586.rpm 5946ff0a4c99c9be909c4540cd971c76 2007.1/i586/apache-mpm-event-2.2.4-6.1mdv2007.1.i586.rpm bfc5894f8f209d4a3acc1b18ede81e4c 2007.1/i586/apache-mpm-itk-2.2.4-6.1mdv2007.1.i586.rpm c8a70a6a37ad584804399fd5af0b090c 2007.1/i586/apache-mpm-prefork-2.2.4-6.1mdv2007.1.i586.rpm b59dc391e2e9d696328497c9291784f4 2007.1/i586/apache-mpm-worker-2.2.4-6.1mdv2007.1.i586.rpm b05a56d0ab3ca75c55fd3f420a716c42 2007.1/i586/apache-source-2.2.4-6.1mdv2007.1.i586.rpm 24487530b467d8135e6ce36fc8cacb99 2007.1/SRPMS/apache-2.2.4-6.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 548305181ded6a4071662fdbbd610e0b 2007.1/x86_64/apache-base-2.2.4-6.1mdv2007.1.x86_64.rpm ec465046db3e57e2a06904816faa8e2d 2007.1/x86_64/apache-devel-2.2.4-6.1mdv2007.1.x86_64.rpm 791eb1195bd01c52702e6310f032316e 2007.1/x86_64/apache-htcacheclean-2.2.4-6.1mdv2007.1.x86_64.rpm a0fe2302b171a519255687bf85601ddb 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.1mdv2007.1.x86_64.rpm 9c96d9f32465d62c4404061e4d0012d0 2007.1/x86_64/apache-mod_cache-2.2.4-6.1mdv2007.1.x86_64.rpm 95884e90d15554745bf62c760101994b 2007.1/x86_64/apache-mod_dav-2.2.4-6.1mdv2007.1.x86_64.rpm 7c152275d08a67fb28f4a975fc33c5b4 2007.1/x86_64/apache-mod_dbd-2.2.4-6.1mdv2007.1.x86_64.rpm 490d50a3dc85cffef3a433138620f9c2 2007.1/x86_64/apache-mod_deflate-2.2.4-6.1mdv2007.1.x86_64.rpm c9a3cc01541535f9bbd02efdd433e81b 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.1mdv2007.1.x86_64.rpm 4e11d73fe34c4686a9e3c7ef2558097e 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.1mdv2007.1.x86_64.rpm b38388ee91ccbdd853c57619e5320e77 2007.1/x86_64/apache-mod_ldap-2.2.4-6.1mdv2007.1.x86_64.rpm da76a4efd01613ef08521bcd5be12530 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.1mdv2007.1.x86_64.rpm 9d96a768da7e259fc11a0910eaef928b 2007.1/x86_64/apache-mod_proxy-2.2.4-6.1mdv2007.1.x86_64.rpm c4f13735ac30fc9f1b25c35c4c94a249 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.1mdv2007.1.x86_64.rpm 8ebbd94f20f1a128ea991b9ead983842 2007.1/x86_64/apache-mod_ssl-2.2.4-6.1mdv2007.1.x86_64.rpm 245e8ce6f31412f7b42add83f0420f83 2007.1/x86_64/apache-mod_userdir-2.2.4-6.1mdv2007.1.x86_64.rpm 45ab84161e1db80129d9ad240893e694 2007.1/x86_64/apache-modules-2.2.4-6.1mdv2007.1.x86_64.rpm 5441fda9615d1fa5b222557ee721988a 2007.1/x86_64/apache-mpm-event-2.2.4-6.1mdv2007.1.x86_64.rpm dad68718c59d2634e5d5bfa492f46784 2007.1/x86_64/apache-mpm-itk-2.2.4-6.1mdv2007.1.x86_64.rpm 59b064d4490d0996db8aeb1f25a3add9 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.1mdv2007.1.x86_64.rpm e36d1a4b62f64c4a07027e4ec219e5c4 2007.1/x86_64/apache-mpm-worker-2.2.4-6.1mdv2007.1.x86_64.rpm bfc9e51db070106e3b0aaa90e7ab3afe 2007.1/x86_64/apache-source-2.2.4-6.1mdv2007.1.x86_64.rpm 24487530b467d8135e6ce36fc8cacb99 2007.1/SRPMS/apache-2.2.4-6.1mdv2007.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGeEF1mqjQ0CJFipgRAk70AKCVARB8sDsHXzyCteiUrQNB4C6HfACgsedy uzvbMIjWDoMk04wQB/HLLmM= =4Juv -----END PGP SIGNATURE-----