Mandriva Linux Security Advisory 2009-124-1 - Multiple vulnerabilities have been found and corrected in apache. These include a cross site scripting vulnerability in proxy_ftp.c in the mod_proxy_ftp module, a memory leak relating to OpenSSL, and a local privilege escalation issue.
56ee9412c82555f204ae170fef4f805a84fed41592ffff62069451dc7851f636
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:124-1
https://www.mandriva.com/security/
_______________________________________________________________________
Package : apache
Date : July 8, 2009
Affected: 2008.1
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm (CVE-2008-1678). Note
that this security issue does not really apply as zlib compression
is not enabled in the openssl build provided by Mandriva, but apache
is patched to address this issue anyway (conserns 2008.1 only).
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the
mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c
in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,
allows remote attackers to inject arbitrary web script or HTML via
wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this
security issue was initially addressed with MDVSA-2008:195 but the
patch fixing the issue was added but not applied in 2009.0.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not
properly handle Options=IncludesNOEXEC in the AllowOverride directive,
which allows local users to gain privileges by configuring (1) Options
Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a
.htaccess file, and then inserting an exec element in a .shtml file
(CVE-2009-1195).
This update provides fixes for these vulnerabilities.
Update:
The patch for fixing CVE-2009-1195 for Mandriva Linux 2008.1 was
incomplete, this update addresses the problem.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
d7522600c193783ccb5f41447175a331 2008.1/i586/apache-base-2.2.8-6.4mdv2008.1.i586.rpm
9ca131724b9fd905f7ac864d4511b459 2008.1/i586/apache-devel-2.2.8-6.4mdv2008.1.i586.rpm
e7750b82d83fdd68225f663679ac4460 2008.1/i586/apache-htcacheclean-2.2.8-6.4mdv2008.1.i586.rpm
e28b73346363d5183bf43b9a894703eb 2008.1/i586/apache-mod_authn_dbd-2.2.8-6.4mdv2008.1.i586.rpm
03d7b234afa3a83f04fd2dd951359961 2008.1/i586/apache-mod_cache-2.2.8-6.4mdv2008.1.i586.rpm
506e31a2a592818cb6b9ca9417902562 2008.1/i586/apache-mod_dav-2.2.8-6.4mdv2008.1.i586.rpm
1f79c942c9f477eb7af43fa0bbf7f75d 2008.1/i586/apache-mod_dbd-2.2.8-6.4mdv2008.1.i586.rpm
942abf88d6fa0b73b587c3cf2920c55b 2008.1/i586/apache-mod_deflate-2.2.8-6.4mdv2008.1.i586.rpm
d3b92574868f79d02a5189fdcd6df425 2008.1/i586/apache-mod_disk_cache-2.2.8-6.4mdv2008.1.i586.rpm
cf6ce38ae0f100a35e39fb3b09be7507 2008.1/i586/apache-mod_file_cache-2.2.8-6.4mdv2008.1.i586.rpm
c5ed7754beb38dd51b68bbd6604a0ca9 2008.1/i586/apache-mod_ldap-2.2.8-6.4mdv2008.1.i586.rpm
9d29c79f0b889aeca78c7b426073cd3e 2008.1/i586/apache-mod_mem_cache-2.2.8-6.4mdv2008.1.i586.rpm
84a1b51f4d8be06ab763bb95b572909f 2008.1/i586/apache-mod_proxy-2.2.8-6.4mdv2008.1.i586.rpm
78723bd3586753bcb37ac83a9f8449f7 2008.1/i586/apache-mod_proxy_ajp-2.2.8-6.4mdv2008.1.i586.rpm
5418461f01217d6567ce4cc27e8b95bf 2008.1/i586/apache-mod_ssl-2.2.8-6.4mdv2008.1.i586.rpm
439787696a120705c0b79ac7f8a5c538 2008.1/i586/apache-modules-2.2.8-6.4mdv2008.1.i586.rpm
8275595502f0ad78166b8d060e2d9b3c 2008.1/i586/apache-mod_userdir-2.2.8-6.4mdv2008.1.i586.rpm
0b3edd8559484552cdad948faef19203 2008.1/i586/apache-mpm-event-2.2.8-6.4mdv2008.1.i586.rpm
1fa2b3101a3b34c2d0f9fc817bc1a1df 2008.1/i586/apache-mpm-itk-2.2.8-6.4mdv2008.1.i586.rpm
2b6e72b32712a335b1678f492842d2fc 2008.1/i586/apache-mpm-prefork-2.2.8-6.4mdv2008.1.i586.rpm
3c1e840a0fa813e1057effba641959b7 2008.1/i586/apache-mpm-worker-2.2.8-6.4mdv2008.1.i586.rpm
043d5127cea48a3eeab8faa4875cf084 2008.1/i586/apache-source-2.2.8-6.4mdv2008.1.i586.rpm
da999274b381e43a575829d178c8bf6d 2008.1/SRPMS/apache-2.2.8-6.4mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
30fbbec5b54767fb1163d24a85caa017 2008.1/x86_64/apache-base-2.2.8-6.4mdv2008.1.x86_64.rpm
8998a37f170228812f7335a6d1c137ed 2008.1/x86_64/apache-devel-2.2.8-6.4mdv2008.1.x86_64.rpm
e0a8fbfe76fa2c8cb16ef4726155bf0b 2008.1/x86_64/apache-htcacheclean-2.2.8-6.4mdv2008.1.x86_64.rpm
a8bfb98f0354d15b1e5b33df2a06079a 2008.1/x86_64/apache-mod_authn_dbd-2.2.8-6.4mdv2008.1.x86_64.rpm
97ce6d10fea3d251f0a1a6038dcc04e3 2008.1/x86_64/apache-mod_cache-2.2.8-6.4mdv2008.1.x86_64.rpm
efe82f8b6e60ab89bb6a043bebd47973 2008.1/x86_64/apache-mod_dav-2.2.8-6.4mdv2008.1.x86_64.rpm
7acf0e9e13cd0a442c32dc33427569e5 2008.1/x86_64/apache-mod_dbd-2.2.8-6.4mdv2008.1.x86_64.rpm
71a503f117bebfda8db53b929499b6d8 2008.1/x86_64/apache-mod_deflate-2.2.8-6.4mdv2008.1.x86_64.rpm
098266a9b737c0aa974e9818bc843531 2008.1/x86_64/apache-mod_disk_cache-2.2.8-6.4mdv2008.1.x86_64.rpm
2d90465f7a75a794bf333129b8e105c7 2008.1/x86_64/apache-mod_file_cache-2.2.8-6.4mdv2008.1.x86_64.rpm
6778a8746ba0b543dc3aebdab9fc6f08 2008.1/x86_64/apache-mod_ldap-2.2.8-6.4mdv2008.1.x86_64.rpm
2a9d64c016f1beb2ccbbd5c5b9e0b8df 2008.1/x86_64/apache-mod_mem_cache-2.2.8-6.4mdv2008.1.x86_64.rpm
3777616f0f0771c96921b83af29c9fa8 2008.1/x86_64/apache-mod_proxy-2.2.8-6.4mdv2008.1.x86_64.rpm
657dfd4b249cb59834957373acca4f89 2008.1/x86_64/apache-mod_proxy_ajp-2.2.8-6.4mdv2008.1.x86_64.rpm
e05f1450a507379bd4f394f739e0fc60 2008.1/x86_64/apache-mod_ssl-2.2.8-6.4mdv2008.1.x86_64.rpm
1832c96d6d0a1bff8bc84f7463f92ccf 2008.1/x86_64/apache-modules-2.2.8-6.4mdv2008.1.x86_64.rpm
ef96e999154ac771c47e760a7a978460 2008.1/x86_64/apache-mod_userdir-2.2.8-6.4mdv2008.1.x86_64.rpm
0312ba63abb5816f8077a14b201ee989 2008.1/x86_64/apache-mpm-event-2.2.8-6.4mdv2008.1.x86_64.rpm
0fc10dbdcc127018954280312e6ddd2b 2008.1/x86_64/apache-mpm-itk-2.2.8-6.4mdv2008.1.x86_64.rpm
1178cf5ee9c13d0320f8d334707240f7 2008.1/x86_64/apache-mpm-prefork-2.2.8-6.4mdv2008.1.x86_64.rpm
b52a6d91a14cfda1080af5fe16cbb479 2008.1/x86_64/apache-mpm-worker-2.2.8-6.4mdv2008.1.x86_64.rpm
909f1aeafcf101c0af655c13809731d6 2008.1/x86_64/apache-source-2.2.8-6.4mdv2008.1.x86_64.rpm
da999274b381e43a575829d178c8bf6d 2008.1/SRPMS/apache-2.2.8-6.4mdv2008.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKU9d5mqjQ0CJFipgRAlzsAJ0Zpu0rH8JBOfgOJFqA9Tl3H1eJTwCfeA+M
+JKiXIAM+zbCDRymCVguXjo=
=66R9
-----END PGP SIGNATURE-----