Paketname
apache2-mod_auth_pgsql
Datum
2006-01-06
Advisory ID
MDKSA-2006:009
Betroffene Versionen
2006.0 i586 , 10.2 i586 , 10.1 i586 , 10.2 x86_64 , 2006.0 x86_64 , 10.1 x86_64

Problembeschreibung

iDefense discovered several format string vulnerabilities in the way
that mod_auth_pgsql logs information which could potentially be used
by a remote attacker to execute arbitrary code as the apache user if
mod_auth_pgsql is used for user authentication.

The provided packages have been patched to prevent this problem.

Aktualisierte Pakete

2006.0 i586

 abe116d3afce2e1dd6c29a4a922ecf0a  2006.0/RPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.i586.rpm
 c6755d865f6de4cf51a9f6918798aafc  2006.0/SRPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.src.rpm

10.2 i586

 477fd516e48926f13a66cc0a92366598  10.2/RPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.i586.rpm
 12baf2fcd6739141f29c4f6000f83e28  10.2/SRPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.src.rpm

10.1 i586

 5fd1e2329146f2c03845fe516acaa123  10.1/RPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.i586.rpm
 c7cfefd7de46d13ee74f25e35f2fd76a  10.1/SRPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm

10.2 x86_64

 7d5ba837da8f1681587c431fe219f9fa  x86_64/10.2/RPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.x86_64.rpm
 12baf2fcd6739141f29c4f6000f83e28  x86_64/10.2/SRPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.src.rpm

2006.0 x86_64

 a8e95a35a1eda50cc392193496c15721  x86_64/2006.0/RPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.x86_64.rpm
 c6755d865f6de4cf51a9f6918798aafc  x86_64/2006.0/SRPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.src.rpm

10.1 x86_64

 631ed3b26fddd6f5198d4a33aa31326c  x86_64/10.1/RPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.x86_64.rpm
 c7cfefd7de46d13ee74f25e35f2fd76a  x86_64/10.1/SRPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm

Referenzen