MDKSA-2006:007

Package name

apache2

Date

2006-01-05

Advisory ID

MDKSA-2006:007

Affected versions

2006.0 i586 , 10.2 i586 , 10.1 i586 , 10.2 x86_64 , 2006.0 x86_64 , 10.1 x86_64

Problem description

A flaw was discovered in mod_imap when using the Referer directive with
image maps that could be used by a remote attacker to perform a cross-
site scripting attack, in certain site configurations, if a victim
could be forced to visit a malicious URL using certain web browsers
(CVE-2005-3352).

Also, a NULL pointer dereference flaw was found in mod_ssl that affects
server configurations where an SSL virtual host was configured with
access controls and a custom 400 error document. This could allow a
remote attacker to send a carefully crafted request to trigger the
issue and cause a crash, but only with the non-default worker MPM
(CVE-2005-3357).

The provided packages have been patched to prevent these problems.

Updated packages

2006.0 i586

 698cc58241479ed3420b7ea05e004caf  2006.0/RPMS/apache-base-2.0.54-13.2.20060mdk.i586.rpm
 50b24b5c0b57d8855b12b1df63907a55  2006.0/RPMS/apache-devel-2.0.54-13.2.20060mdk.i586.rpm
 d45773a5afbd7e95b8fbf4a5742d7421  2006.0/RPMS/apache-mod_cache-2.0.54-13.2.20060mdk.i586.rpm
 1ed0c6065f7ff959fff70886994db98c  2006.0/RPMS/apache-mod_dav-2.0.54-13.2.20060mdk.i586.rpm
 11cdcc4a223fdd3d451c17394a4ab19f  2006.0/RPMS/apache-mod_deflate-2.0.54-13.2.20060mdk.i586.rpm
 77554cf3457a32465a9977b51f0f8089  2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.2.20060mdk.i586.rpm
 d39cefb6075e3de9c459aa97774cd1c0  2006.0/RPMS/apache-mod_file_cache-2.0.54-13.2.20060mdk.i586.rpm
 46246bc1f89e93a8cd317079052cad8b  2006.0/RPMS/apache-mod_ldap-2.0.54-13.2.20060mdk.i586.rpm
 6059a50db5752ade252619303d179ac9  2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.2.20060mdk.i586.rpm
 52eb38740e1753591a2efe1f165c9a52  2006.0/RPMS/apache-mod_proxy-2.0.54-13.2.20060mdk.i586.rpm
 c58f95e19b34e5fffaacec10e999c614  2006.0/RPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.i586.rpm
 08d836daa888cd101f00c562931d1d96  2006.0/RPMS/apache-modules-2.0.54-13.2.20060mdk.i586.rpm
 fcbf7783e8a0959b78308bc0fcb28c66  2006.0/RPMS/apache-mod_userdir-2.0.54-13.2.20060mdk.i586.rpm
 44577d0be1ea6dd781310dc6d82b8357  2006.0/RPMS/apache-mpm-peruser-2.0.54-13.2.20060mdk.i586.rpm
 2c7c4b9e077fa21d3be5379feb4a1bf5  2006.0/RPMS/apache-mpm-prefork-2.0.54-13.2.20060mdk.i586.rpm
 b5194b3fdc57e710f671695a003d7a86  2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.i586.rpm
 c15e6970096ec90359fb5f950838c361  2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.i586.rpm
 f55dcf60da3a4e0bc6a9c7c22f153e32  2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm
 377a0a4c5813cca0cfd1ec6c1be57964  2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm

10.2 i586

 a333c0076408d381172729a3931b17a3  10.2/RPMS/apache2-2.0.53-9.4.102mdk.i586.rpm
 7e566b7644bfe3bbb1303f0e37cb628f  10.2/RPMS/apache2-common-2.0.53-9.4.102mdk.i586.rpm
 ccd22632bbf16a56a84da384b5305129  10.2/RPMS/apache2-devel-2.0.53-9.4.102mdk.i586.rpm
 70a1d15adde5528d7b0f665a3ff417fa  10.2/RPMS/apache2-manual-2.0.53-9.4.102mdk.i586.rpm
 493f14509e35e304ddac110c3cddf35e  10.2/RPMS/apache2-mod_cache-2.0.53-9.4.102mdk.i586.rpm
 794dddbfe413f7164404a2796c563af6  10.2/RPMS/apache2-mod_dav-2.0.53-9.4.102mdk.i586.rpm
 9e99b957feb9c25266783d73a6cead4e  10.2/RPMS/apache2-mod_deflate-2.0.53-9.4.102mdk.i586.rpm
 bbea1ff737de001b9e8824ade6464c66  10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.4.102mdk.i586.rpm
 df8f7bc21c3c093004af7d6e64d83353  10.2/RPMS/apache2-mod_file_cache-2.0.53-9.4.102mdk.i586.rpm
 e206646de8e097a4ddc077592eec6ac2  10.2/RPMS/apache2-mod_ldap-2.0.53-9.4.102mdk.i586.rpm
 264d47c6eaae58b7b919926571f0813b  10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.4.102mdk.i586.rpm
 5bbdc04926add1d2e0ee25cd84b08416  10.2/RPMS/apache2-mod_proxy-2.0.53-9.4.102mdk.i586.rpm
 9812f26d7fc8a7f78fadb5d8d2e4dc76  10.2/RPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.i586.rpm
 c944feb9397c469b029a047aca7fe907  10.2/RPMS/apache2-modules-2.0.53-9.4.102mdk.i586.rpm
 dc00d356dad2e8859e526b10435376e8  10.2/RPMS/apache2-peruser-2.0.53-9.4.102mdk.i586.rpm
 364990940ed6e5c3db23fc8fc1cb88e1  10.2/RPMS/apache2-source-2.0.53-9.4.102mdk.i586.rpm
 ed7da603004ed00a9c31c7b2e5740de8  10.2/RPMS/apache2-worker-2.0.53-9.4.102mdk.i586.rpm
 c27d53f234ab8c96a69c9c275c6f1f0a  10.2/SRPMS/apache2-2.0.53-9.4.102mdk.src.rpm
 2c26a3a648da8cfd2e4bde1c9bc750f0  10.2/SRPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.src.rpm

10.1 i586

 99d7e03e08f46bb8d2c6246cccc7f03a  10.1/RPMS/apache2-2.0.50-7.6.101mdk.i586.rpm
 7338a879c51aad4c89484443c2b806ce  10.1/RPMS/apache2-common-2.0.50-7.6.101mdk.i586.rpm
 e016511ca52a8afe34438d8262207768  10.1/RPMS/apache2-devel-2.0.50-7.6.101mdk.i586.rpm
 bdebdafd3768e26c0d58ad1fc6cae9ff  10.1/RPMS/apache2-manual-2.0.50-7.6.101mdk.i586.rpm
 b9f4c1a36d9e89f41de503b0f8428719  10.1/RPMS/apache2-mod_cache-2.0.50-7.6.101mdk.i586.rpm
 7b6411056d388050ef4c98d3c1de3e24  10.1/RPMS/apache2-mod_dav-2.0.50-7.6.101mdk.i586.rpm
 fd87e01a054073ab1a1ef9de5bb3ac54  10.1/RPMS/apache2-mod_deflate-2.0.50-7.6.101mdk.i586.rpm
 ecf73bf07822403bbae9c453adad28b3  10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.6.101mdk.i586.rpm
 7174d7461248d61ae8294406937482f3  10.1/RPMS/apache2-mod_file_cache-2.0.50-7.6.101mdk.i586.rpm
 daa7a98f93d00a64bb0a7a52324471cd  10.1/RPMS/apache2-mod_ldap-2.0.50-7.6.101mdk.i586.rpm
 68ee307aedbe6af498d87fe112f835dc  10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.6.101mdk.i586.rpm
 610525fcf03a696c50192991d0a28c9b  10.1/RPMS/apache2-mod_proxy-2.0.50-7.6.101mdk.i586.rpm
 5a2d76582859bc52306c6f22725f2ab7  10.1/RPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.i586.rpm
 1749b95a9ad45825cb085f82144794df  10.1/RPMS/apache2-modules-2.0.50-7.6.101mdk.i586.rpm
 55a3abf1039dfb0c4d547685b3605fd4  10.1/RPMS/apache2-source-2.0.50-7.6.101mdk.i586.rpm
 e7e0c2080af16bc3215ff67a841f6323  10.1/RPMS/apache2-worker-2.0.50-7.6.101mdk.i586.rpm
 50bb5f9723f0146fe82d312f7fbeb2cf  10.1/SRPMS/apache2-2.0.50-7.6.101mdk.src.rpm
 21c1f068fe82b86e3396b37f7ec96782  10.1/SRPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.src.rpm

10.2 x86_64

 0fcbb0c7eb9cef2036620ed5c11fbf6f  x86_64/10.2/RPMS/apache2-2.0.53-9.4.102mdk.x86_64.rpm
 3d102f0fa1141027d29630ea6411ce5a  x86_64/10.2/RPMS/apache2-common-2.0.53-9.4.102mdk.x86_64.rpm
 ccaa8d4880ea65e7719eee95aa7b90c9  x86_64/10.2/RPMS/apache2-devel-2.0.53-9.4.102mdk.x86_64.rpm
 fafc80a0e194e93bd953dcdee0720818  x86_64/10.2/RPMS/apache2-manual-2.0.53-9.4.102mdk.x86_64.rpm
 26687c7bfe86b91b42dc07613df73fee  x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.4.102mdk.x86_64.rpm
 077b06db86a6ab2196438b15aaa31759  x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.4.102mdk.x86_64.rpm
 ae41f94f76bff884bd2486de55458baf  x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.4.102mdk.x86_64.rpm
 6a8189940aa47a10818d9bd719fcc692  x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.4.102mdk.x86_64.rpm
 6621cd9d22659033024dcdb02c7e52ba  x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.4.102mdk.x86_64.rpm
 1fb8e1694f110fd3d1c6dccf876bf41c  x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.4.102mdk.x86_64.rpm
 91d3a68b8b932631b29476a7a146abfe  x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.4.102mdk.x86_64.rpm
 adb92885445936c836bc7f13361a90a5  x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.4.102mdk.x86_64.rpm
 15e330d09dacde2f4fe20416bc7ecff4  x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.x86_64.rpm
 ee60914821883fdbca75ec50b9536929  x86_64/10.2/RPMS/apache2-modules-2.0.53-9.4.102mdk.x86_64.rpm
 67ef23ffa11a16c85677d00f92bfec5e  x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.4.102mdk.x86_64.rpm
 b0a16af065114c3a0331c7e3e992153a  x86_64/10.2/RPMS/apache2-source-2.0.53-9.4.102mdk.x86_64.rpm
 aa7123321a5aef41c57d9669fa600909  x86_64/10.2/RPMS/apache2-worker-2.0.53-9.4.102mdk.x86_64.rpm
 c27d53f234ab8c96a69c9c275c6f1f0a  x86_64/10.2/SRPMS/apache2-2.0.53-9.4.102mdk.src.rpm
 2c26a3a648da8cfd2e4bde1c9bc750f0  x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.src.rpm

2006.0 x86_64

 19f2682c0c8ea82d5d053057ebbea331  x86_64/2006.0/RPMS/apache-base-2.0.54-13.2.20060mdk.x86_64.rpm
 3b74fc5aef89568e65f512a52056d98c  x86_64/2006.0/RPMS/apache-devel-2.0.54-13.2.20060mdk.x86_64.rpm
 0573fef90fc16c5507371b57b78b8163  x86_64/2006.0/RPMS/apache-mod_cache-2.0.54-13.2.20060mdk.x86_64.rpm
 2322bbe1b74c5ff49d54cc68839e86ce  x86_64/2006.0/RPMS/apache-mod_dav-2.0.54-13.2.20060mdk.x86_64.rpm
 e318276c19d2d08fafe6f838b459f214  x86_64/2006.0/RPMS/apache-mod_deflate-2.0.54-13.2.20060mdk.x86_64.rpm
 109e024c0fc738fd04336f9fe640a704  x86_64/2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.2.20060mdk.x86_64.rpm
 bec4ad366bf9a556387f36bd4586ee1f  x86_64/2006.0/RPMS/apache-mod_file_cache-2.0.54-13.2.20060mdk.x86_64.rpm
 aa3de6fb4e051150b8c7afee465ac079  x86_64/2006.0/RPMS/apache-mod_ldap-2.0.54-13.2.20060mdk.x86_64.rpm
 7ee80c338ffee9b2e4bcf942a5b4684a  x86_64/2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.2.20060mdk.x86_64.rpm
 65da37880faf3811a35ba596fab84245  x86_64/2006.0/RPMS/apache-mod_proxy-2.0.54-13.2.20060mdk.x86_64.rpm
 17be071c0d39a17f0f6d4c9ddf051c42  x86_64/2006.0/RPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.x86_64.rpm
 b913963f3ffafce4ddf9d87187f5ccf8  x86_64/2006.0/RPMS/apache-modules-2.0.54-13.2.20060mdk.x86_64.rpm
 faf591ab4124eedd3b7121595035087a  x86_64/2006.0/RPMS/apache-mod_userdir-2.0.54-13.2.20060mdk.x86_64.rpm
 533dff0067505fc71673a112719a3891  x86_64/2006.0/RPMS/apache-mpm-peruser-2.0.54-13.2.20060mdk.x86_64.rpm
 3ea58408fb222e88d7b819967ec5ecf7  x86_64/2006.0/RPMS/apache-mpm-prefork-2.0.54-13.2.20060mdk.x86_64.rpm
 e2dbb1c9a18e5766a08adc3ddb4f1fb6  x86_64/2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.x86_64.rpm
 aa027a7ca0870145495edc79c9e3f7cb  x86_64/2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.x86_64.rpm
 f55dcf60da3a4e0bc6a9c7c22f153e32  x86_64/2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm
 377a0a4c5813cca0cfd1ec6c1be57964  x86_64/2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm

10.1 x86_64

 43085852f7b6e5a55e4220cbd6493b74  x86_64/10.1/RPMS/apache2-2.0.50-7.6.101mdk.x86_64.rpm
 2715904b29d6433d25f6ea35715d5484  x86_64/10.1/RPMS/apache2-common-2.0.50-7.6.101mdk.x86_64.rpm
 71828de67a3c26f4061eeebef8e6de2b  x86_64/10.1/RPMS/apache2-devel-2.0.50-7.6.101mdk.x86_64.rpm
 d37b18f9791c65466e5fafdf0287720e  x86_64/10.1/RPMS/apache2-manual-2.0.50-7.6.101mdk.x86_64.rpm
 088b8334c6efef6f17a1602be41b6045  x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.6.101mdk.x86_64.rpm
 9326eca120d7ac3e71337bad1f85fef0  x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.6.101mdk.x86_64.rpm
 36818cef250fc94d074f0fc0f2c6d8c7  x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.6.101mdk.x86_64.rpm
 63d37c81fe0b48ccd91d79e4c90dd5ec  x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.6.101mdk.x86_64.rpm
 f7daa039d6878f063ca97468d9328fa8  x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.6.101mdk.x86_64.rpm
 13e394bc675d106270fe8fca27f7acbd  x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.6.101mdk.x86_64.rpm
 8b1fd1bd22e33a25be158b7e152aba60  x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.6.101mdk.x86_64.rpm
 f88328582773c7129bf2a341d9cb88db  x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.6.101mdk.x86_64.rpm
 62170db76a317250d37884dfd07e3f1c  x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.x86_64.rpm
 eeedff56c6e4f15df683f9c98f0c7e8c  x86_64/10.1/RPMS/apache2-modules-2.0.50-7.6.101mdk.x86_64.rpm
 aedf2f9b3ab9b65889546ce8dddb7930  x86_64/10.1/RPMS/apache2-source-2.0.50-7.6.101mdk.x86_64.rpm
 99a1557b76f495547ada02c17044b472  x86_64/10.1/RPMS/apache2-worker-2.0.50-7.6.101mdk.x86_64.rpm
 50bb5f9723f0146fe82d312f7fbeb2cf  x86_64/10.1/SRPMS/apache2-2.0.50-7.6.101mdk.src.rpm
 21c1f068fe82b86e3396b37f7ec96782  x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357