- Advisory ID
- Betroffene Versionen
- 6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586
The Apache web server comes with a module called mod_rewrite which is used to rewrite URLs presented by the client prior to further processing. There is a flaw in the mod_rewrite logic that allows an attacker to view arbitrary files on the server system if they contain regular expression references. All Linux-Mandrake users using Apache are encouraged to upgrade to these updated versions that fix this flaw. The Apache package for 7.1 had a problem with improper permissions on the suexec wrapper which prevented it from running if the apache-suexec package was installed. As well, the uninstall script would exit with errors. Both issues are fixed. The new md5 checksums are listed below. Update: The permissions on the -14mdk apache-suexec package were still incorrect. While some CGI scripts would perform, others would not due to the permissions being 4700 and not 4711. The -15mdk RPMs for 7.1 fix this issue.
890f342e3d33a73978b9ec60d53f3c54 6.1/RPMS/apache-1.3.9-8mdk.i586.rpm 4308ebc3b5c496b74173d0af0cb43de9 6.1/RPMS/apache-devel-1.3.9-8mdk.i586.rpm 6fea96bb3c5e6696a2322134d6245937 6.1/SRPMS/apache-1.3.9-8mdk.src.rpm
77fa37ac213493d94f5817f93710cbb8 6.0/RPMS/apache-1.3.6-29mdk.i586.rpm 8c51afd87ab8be5b08bc2d02fdc37298 6.0/RPMS/apache-devel-1.3.6-29mdk.i586.rpm ec94ecd38c6a33dc5c77f7cf323d4791 6.0/SRPMS/apache-1.3.6-29mdk.src.rpm
094ae1b8764bd6c71519fe051b735e21 7.0/RPMS/apache-1.3.9-18mdk.i586.rpm dc298d04f25fe4f5a895e898606b8551 7.0/RPMS/apache-devel-1.3.9-18mdk.i586.rpm 7fe54f76cf8f5b46d35ba44944783811 7.0/RPMS/apache-suexec-1.3.9-18mdk.i586.rpm c0eeda6da43ac82e2625950738287183 7.0/SRPMS/apache-1.3.9-18mdk.src.rpm
6733773bb495b2095eae6670dc40c1a8 7.1/RPMS/apache-1.3.12-15mdk.i586.rpm 6de0327248be26c363bb5bb32a8d7530 7.1/RPMS/apache-devel-1.3.12-15mdk.i586.rpm 1bdbee39947ed25e99af77486eadeee0 7.1/RPMS/apache-suexec-1.3.12-15mdk.i586.rpm 971578db71afb0474a7c41ccdc2b5d2c 7.1/SRPMS/apache-1.3.12-15mdk.src.rpm