MDKSA-2007:142
- Package name
- apache
- Date
- 2007-07-04
- Advisory ID
- MDKSA-2007:142
- Affected versions
- CS3.0 i586 , CS3.0 x86_64
Problem description
A vulnerability was discovered in the the Apache mod_status module
that could lead to a cross-site scripting attack on sites where the
server-status page was publically accessible and ExtendedStatus was
enabled (CVE-2006-5752).
The Apache server also did not verify that a process was an Apache
child process before sending it signals. A local attacker with the
ability to run scripts on the server could manipulate the scoreboard
and cause arbitrary processes to be terminated (CVE-2007-3304).
Updated packages have been patched to prevent the above issues.
Updated packages
CS3.0 i586
f5e889bd8e60e51e3083c469fe45819b corporate/3.0/i586/apache-1.3.29-1.6.C30mdk.i586.rpm b93136eed561695b1e08bc8928ae2ed5 corporate/3.0/i586/apache-devel-1.3.29-1.6.C30mdk.i586.rpm d3020b612ea5ba6608cb31fb9d36b2e3 corporate/3.0/i586/apache-modules-1.3.29-1.6.C30mdk.i586.rpm 7d388f0149dd885c836c0122daf3da8c corporate/3.0/i586/apache-source-1.3.29-1.6.C30mdk.i586.rpm d380c7a6bb60735195479677bf9873d5 corporate/3.0/SRPMS/apache-1.3.29-1.6.C30mdk.src.rpm
CS3.0 x86_64
6afb4426581fe816df087d4c08f40384 corporate/3.0/x86_64/apache-1.3.29-1.6.C30mdk.x86_64.rpm c71d91796cfa58cca1988bd7500d4982 corporate/3.0/x86_64/apache-devel-1.3.29-1.6.C30mdk.x86_64.rpm 4e75d741e641f29b7a78a32dc7ff5e2c corporate/3.0/x86_64/apache-modules-1.3.29-1.6.C30mdk.x86_64.rpm bce6cac0aaa62358779c65a67902fe64 corporate/3.0/x86_64/apache-source-1.3.29-1.6.C30mdk.x86_64.rpm d380c7a6bb60735195479677bf9873d5 corporate/3.0/SRPMS/apache-1.3.29-1.6.C30mdk.src.rpm