Package name
Advisory ID
Affected versions
6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

The Apache web server comes with a module called mod_rewrite which is used to rewrite URLs presented by the client prior to further processing. There is a flaw in the mod_rewrite logic that allows an attacker to view arbitrary files on the server system if they contain regular expression references. All Linux-Mandrake users using Apache are encouraged to upgrade to these updated versions that fix this flaw. The Apache package for 7.1 had a problem with improper permissions on the suexec wrapper which prevented it from running if the apache-suexec package was installed. As well, the uninstall script would exit with errors. Both issues are fixed. The new md5 checksums are listed below. Update: The permissions on the -14mdk apache-suexec package were still incorrect. While some CGI scripts would perform, others would not due to the permissions being 4700 and not 4711. The -15mdk RPMs for 7.1 fix this issue.

Updated packages

6.1 i586

 890f342e3d33a73978b9ec60d53f3c54  6.1/RPMS/apache-1.3.9-8mdk.i586.rpm
4308ebc3b5c496b74173d0af0cb43de9  6.1/RPMS/apache-devel-1.3.9-8mdk.i586.rpm
6fea96bb3c5e6696a2322134d6245937  6.1/SRPMS/apache-1.3.9-8mdk.src.rpm

6.0 i586

 77fa37ac213493d94f5817f93710cbb8  6.0/RPMS/apache-1.3.6-29mdk.i586.rpm
8c51afd87ab8be5b08bc2d02fdc37298  6.0/RPMS/apache-devel-1.3.6-29mdk.i586.rpm
ec94ecd38c6a33dc5c77f7cf323d4791  6.0/SRPMS/apache-1.3.6-29mdk.src.rpm

7.0 i586

 094ae1b8764bd6c71519fe051b735e21  7.0/RPMS/apache-1.3.9-18mdk.i586.rpm
dc298d04f25fe4f5a895e898606b8551  7.0/RPMS/apache-devel-1.3.9-18mdk.i586.rpm
7fe54f76cf8f5b46d35ba44944783811  7.0/RPMS/apache-suexec-1.3.9-18mdk.i586.rpm
c0eeda6da43ac82e2625950738287183  7.0/SRPMS/apache-1.3.9-18mdk.src.rpm

7.1 i586

 6733773bb495b2095eae6670dc40c1a8  7.1/RPMS/apache-1.3.12-15mdk.i586.rpm
6de0327248be26c363bb5bb32a8d7530  7.1/RPMS/apache-devel-1.3.12-15mdk.i586.rpm
1bdbee39947ed25e99af77486eadeee0  7.1/RPMS/apache-suexec-1.3.12-15mdk.i586.rpm
971578db71afb0474a7c41ccdc2b5d2c  7.1/SRPMS/apache-1.3.12-15mdk.src.rpm