Package name
apache-mod_auth_mysql
Date
2009-08-01
Advisory ID
MDVSA-2009:189
Affected versions
2009.0 x86_64 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2008.1 x86_64 , 2008.1 i586

Problem description

A vulnerability has been found and corrected in mod_auth_mysql:

SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql
(aka libapache2-mod-auth-mysql) module for the Apache HTTP Server
2.x allows remote attackers to execute arbitrary SQL commands via
multibyte character encodings for unspecified input (CVE-2008-2384).

This update provides fixes for this vulnerability.

Updated packages

2009.0 x86_64

 3095cb9c81915e594ec4109ca79cc6b7  2009.0/x86_64/apache-mod_auth_mysql-3.0.0-17.1mdv2009.0.x86_64.rpm 
 5e32f9eceb68760512a08343b680d87f  2009.0/SRPMS/apache-mod_auth_mysql-3.0.0-17.1mdv2009.0.src.rpm

2009.0 i586

 2449a104b728fa046695fc275f8e12a6  2009.0/i586/apache-mod_auth_mysql-3.0.0-17.1mdv2009.0.i586.rpm 
 5e32f9eceb68760512a08343b680d87f  2009.0/SRPMS/apache-mod_auth_mysql-3.0.0-17.1mdv2009.0.src.rpm

CS4.0 i586

 0a81210d2ed08e9687635f38f23b67f3  corporate/4.0/i586/apache-mod_auth_mysql-3.0.0-5.1.20060mlcs4.i586.rpm 
 65550cc56b4e9f808119c0de2ebaec47  corporate/4.0/SRPMS/apache-mod_auth_mysql-3.0.0-5.1.20060mlcs4.src.rpm

CS4.0 x86_64

 86e8313568d27765f1968f5e29cff658  corporate/4.0/x86_64/apache-mod_auth_mysql-3.0.0-5.1.20060mlcs4.x86_64.rpm 
 65550cc56b4e9f808119c0de2ebaec47  corporate/4.0/SRPMS/apache-mod_auth_mysql-3.0.0-5.1.20060mlcs4.src.rpm

2008.1 x86_64

 e0ef6a82166a4c51c73df1a123cadc55  2008.1/x86_64/apache-mod_auth_mysql-3.0.0-15.1mdv2008.1.x86_64.rpm 
 c593e9a6de76eb26171d0a1a761be234  2008.1/SRPMS/apache-mod_auth_mysql-3.0.0-15.1mdv2008.1.src.rpm

2008.1 i586

 8fad04a01d1c8f81341281d22cb15631  2008.1/i586/apache-mod_auth_mysql-3.0.0-15.1mdv2008.1.i586.rpm 
 c593e9a6de76eb26171d0a1a761be234  2008.1/SRPMS/apache-mod_auth_mysql-3.0.0-15.1mdv2008.1.src.rpm

References