MDKSA-2000:060-1

Package name

apache

Date

2000-10-18

Advisory ID

MDKSA-2000:060-1

Affected versions

6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

The Apache web server comes with a module called mod_rewrite which is used to rewrite URLs presented by the client prior to further processing. There is a flaw in the mod_rewrite logic that allows an attacker to view arbitrary files on the server system if they contain regular expression references. All Linux-Mandrake users using Apache are encouraged to upgrade to these updated versions that fix this flaw. Update: The Apache package for 7.1 had a problem with improper permissions on the suexec wrapper which prevented it from running if the apache-suexec package was installed. As well, the uninstall script would exit with errors. Both issues are fixed. The new md5 checksums are listed below.

Updated packages

6.1 i586

 890f342e3d33a73978b9ec60d53f3c54  6.1/RPMS/apache-1.3.9-8mdk.i586.rpm
4308ebc3b5c496b74173d0af0cb43de9  6.1/RPMS/apache-devel-1.3.9-8mdk.i586.rpm
6fea96bb3c5e6696a2322134d6245937  6.1/SRPMS/apache-1.3.9-8mdk.src.rpm

6.0 i586

 77fa37ac213493d94f5817f93710cbb8  6.0/RPMS/apache-1.3.6-29mdk.i586.rpm
8c51afd87ab8be5b08bc2d02fdc37298  6.0/RPMS/apache-devel-1.3.6-29mdk.i586.rpm
ec94ecd38c6a33dc5c77f7cf323d4791  6.0/SRPMS/apache-1.3.6-29mdk.src.rpm

7.0 i586

 094ae1b8764bd6c71519fe051b735e21  7.0/RPMS/apache-1.3.9-18mdk.i586.rpm
dc298d04f25fe4f5a895e898606b8551  7.0/RPMS/apache-devel-1.3.9-18mdk.i586.rpm
7fe54f76cf8f5b46d35ba44944783811  7.0/RPMS/apache-suexec-1.3.9-18mdk.i586.rpm
c0eeda6da43ac82e2625950738287183  7.0/SRPMS/apache-1.3.9-18mdk.src.rpm

7.1 i586

 abbf20cdd540c8240037f155dcc51736  7.1/RPMS/apache-1.3.12-14mdk.i586.rpm
361a06b538c3596acf4f5d462ba5b8fa  7.1/RPMS/apache-devel-1.3.12-14mdk.i586.rpm
e6dae6bd7d2ba04585758afc187c8ed2  7.1/RPMS/apache-suexec-1.3.12-14mdk.i586.rpm
9f463055a3920af9aa831c5f67e5b0a9  7.1/SRPMS/apache-1.3.12-14mdk.src.rpm