Support / Security / Advisories / Mandriva Linux 2011 / MDVSA-2011:130-1

Package name: apache
Date: 2011-09-17
Advisory ID: MDVSA-2011:130-1
Affected versions: 2011 i586 , 2011 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in apache:

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through
2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a
denial of service (memory and CPU consumption) via a Range header
that expresses multiple overlapping ranges, as exploited in the
wild in August 2011, a different vulnerability than CVE-2007-0086
(CVE-2011-3192).

The updated packages have been patched to correct this issue.

Update:

Packages for Mandriva Linux 2011 is now being provided as well. Enjoy!

* apache has been upgraded to the latest version (2.2.21) for 2011

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21,
when used with mod_proxy_balancer in certain configurations, allows
remote attackers to cause a denial of service (temporary error state
in the backend server) via a malformed HTTP request (CVE-2011-3348).

Updated packages

2011 i586

 5c4825e4c63b4a06c68a5fd81517de71  2011/i586/apache-base-2.2.21-0.1-mdv2011.0.i586.rpm
 b5a00191b27804f9735643cdcd704b19  2011/i586/apache-conf-2.2.21-0.1-mdv2011.0.i586.rpm
 49defd7efbb4a37ec49c01c7ef9c64aa  2011/i586/apache-devel-2.2.21-0.1-mdv2011.0.i586.rpm
 a023e40689777630df036eae1a84a475  2011/i586/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm
 f03744bb74a3e0872cb08465799c3ee1  2011/i586/apache-htcacheclean-2.2.21-0.1-mdv2011.0.i586.rpm
 bb9efa66089deef66f9434b813d41a95  2011/i586/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.i586.rpm
 bb334eb7fe43927ba7c6c9196b4e1fd1  2011/i586/apache-mod_cache-2.2.21-0.1-mdv2011.0.i586.rpm
 086b5ed82c064b16964fff70bf9c841e  2011/i586/apache-mod_dav-2.2.21-0.1-mdv2011.0.i586.rpm
 115008b2471e10ea01689dafe5c46bcd  2011/i586/apache-mod_dbd-2.2.21-0.1-mdv2011.0.i586.rpm
 6b686ec6612ff8740d1e482faa06c544  2011/i586/apache-mod_deflate-2.2.21-0.1-mdv2011.0.i586.rpm
 8c8f14074bc0dbbeb2b3890611f95c6b  2011/i586/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.i586.rpm
 b03569edc20c9393e0b5eea09f590368  2011/i586/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.i586.rpm
 343703d3822a6757e000edeebe7e0a06  2011/i586/apache-mod_ldap-2.2.21-0.1-mdv2011.0.i586.rpm
 3457011403525d40e525716c4da8e477  2011/i586/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.i586.rpm
 3d060145b3665ca4c0b309f812af9370  2011/i586/apache-mod_proxy-2.2.21-0.1-mdv2011.0.i586.rpm
 a0e00b0610eb5a8c5c57afabeafc07f8  2011/i586/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.i586.rpm
 dd4bb38bbc2997ca398fb37225eca371  2011/i586/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.i586.rpm
 2966cdfddf02fa32447711af6a3046dd  2011/i586/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.i586.rpm
 48774d9c282dc476f35a0c8b2e821a7f  2011/i586/apache-mod_ssl-2.2.21-0.1-mdv2011.0.i586.rpm
 7b832f85bd258abf0c7abb161f4028b4  2011/i586/apache-mod_suexec-2.2.21-0.1-mdv2011.0.i586.rpm
 1c6b93eaa5b27477989bf82ea9a63685  2011/i586/apache-modules-2.2.21-0.1-mdv2011.0.i586.rpm
 1e7dc0ee3fafae8a786be0cc164ebe4a  2011/i586/apache-mod_userdir-2.2.21-0.1-mdv2011.0.i586.rpm
 ab2d074f2dfe57a64b022d4e6b8254ab  2011/i586/apache-mpm-event-2.2.21-0.1-mdv2011.0.i586.rpm
 a22debf09366b64e236965a4091009e9  2011/i586/apache-mpm-itk-2.2.21-0.1-mdv2011.0.i586.rpm
 174aed4327491b83f147f3b4e76bcd1f  2011/i586/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.i586.rpm
 e141881c27496e7e74ad7f3f566a1bd2  2011/i586/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.i586.rpm
 97893069a3d6eb73e3773bc0ee78c9a4  2011/i586/apache-mpm-worker-2.2.21-0.1-mdv2011.0.i586.rpm
 fe530e2da15b3e0bf14c617824ff82c9  2011/i586/apache-source-2.2.21-0.1-mdv2011.0.i586.rpm 
 4376094cd799523a1a7666f4e768707d  2011/SRPMS/apache-2.2.21-0.1.src.rpm
 b37e2a1dafb6883a10cefb4140e9635e  2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm
 d83c587ad4d56a31362f67334bbf9455  2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm
 0b4a145fd5ff8c11a53956f750cdbd42  2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm

2011 x86_64

 8837c56966896e10d3403956e7cf86ac  2011/x86_64/apache-base-2.2.21-0.1-mdv2011.0.x86_64.rpm
 aec6da25319585e53623471734f99c57  2011/x86_64/apache-conf-2.2.21-0.1-mdv2011.0.x86_64.rpm
 e8600455214ad4f2303d9f36576e4952  2011/x86_64/apache-devel-2.2.21-0.1-mdv2011.0.x86_64.rpm
 90694f3211fca3d436ec4130b8bb43e2  2011/x86_64/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm
 fd3f6a51c8abf8b1ff8356489ba6d6e1  2011/x86_64/apache-htcacheclean-2.2.21-0.1-mdv2011.0.x86_64.rpm
 796c8129bbc160455587bc54c58c2220  2011/x86_64/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm
 61add54b6e0c8306dff065a150b262e2  2011/x86_64/apache-mod_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
 cb98169c29008c256662f3a08141bf95  2011/x86_64/apache-mod_dav-2.2.21-0.1-mdv2011.0.x86_64.rpm
 5aa03ee54a7e40d41fd746fd1a223c72  2011/x86_64/apache-mod_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm
 386a956f014fe2d64dfe38fc261abd39  2011/x86_64/apache-mod_deflate-2.2.21-0.1-mdv2011.0.x86_64.rpm
 5a473bc45fa59323c4d526dd4f5a30d3  2011/x86_64/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
 aaa544f7a4912c161a2c73e222ae87d6  2011/x86_64/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
 f04054edc62a24ea9042c5b41074bd1d  2011/x86_64/apache-mod_ldap-2.2.21-0.1-mdv2011.0.x86_64.rpm
 1c97f63c1169f483d086a94b97f5c421  2011/x86_64/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
 ca912c34fec5cf470947a7f87e9705a4  2011/x86_64/apache-mod_proxy-2.2.21-0.1-mdv2011.0.x86_64.rpm
 b5ae70a8ed412e40275b4de7b639caa0  2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.x86_64.rpm
 6b11b032c13277712c336405ea23a8b0  2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.x86_64.rpm
 874a420342f1ea9278e014b79fe5a337  2011/x86_64/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.x86_64.rpm
 2757b3d7c8261563e22c41d3f94aaa29  2011/x86_64/apache-mod_ssl-2.2.21-0.1-mdv2011.0.x86_64.rpm
 6edbc6963aab9beee507f9a3c8be38a2  2011/x86_64/apache-mod_suexec-2.2.21-0.1-mdv2011.0.x86_64.rpm
 fe6143eaa1acc0de751198ea19129279  2011/x86_64/apache-modules-2.2.21-0.1-mdv2011.0.x86_64.rpm
 3e66fa1e1e2cf243c1c6472243cb86fe  2011/x86_64/apache-mod_userdir-2.2.21-0.1-mdv2011.0.x86_64.rpm
 7d45bfd7d3aa87d45d2287fdd9507847  2011/x86_64/apache-mpm-event-2.2.21-0.1-mdv2011.0.x86_64.rpm
 bce9e2cdffe45cbc4baf72f0d0c4000e  2011/x86_64/apache-mpm-itk-2.2.21-0.1-mdv2011.0.x86_64.rpm
 217bd96dfa802f7d049b6fd12600b154  2011/x86_64/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.x86_64.rpm
 cc304b9011d16d7f3cf5c8250e4d9f18  2011/x86_64/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.x86_64.rpm
 a8bb9b62c39f98a6df728d51a4fff39a  2011/x86_64/apache-mpm-worker-2.2.21-0.1-mdv2011.0.x86_64.rpm
 7d41c857be2574ac5f3ea7090a1f3c78  2011/x86_64/apache-source-2.2.21-0.1-mdv2011.0.x86_64.rpm 
 4376094cd799523a1a7666f4e768707d  2011/SRPMS/apache-2.2.21-0.1.src.rpm
 b37e2a1dafb6883a10cefb4140e9635e  2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm
 d83c587ad4d56a31362f67334bbf9455  2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm
 0b4a145fd5ff8c11a53956f750cdbd42  2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm

MDVSA-2011:130-1

Problem description

Updated packages

2011 i586

2011 x86_64

References