MDKSA-2007:141

Package name

apache

Date

2007-07-04

Advisory ID

MDKSA-2007:141

Affected versions

CS3.0 i586 , MNF2.0 i586 , CS3.0 x86_64

Problem description

A vulnerability was discovered in the the Apache mod_status module
that could lead to a cross-site scripting attack on sites where the
server-status page was publically accessible and ExtendedStatus was
enabled (CVE-2006-5752).

A vulnerability was found in the Apache mod_cache module that could
cause the httpd server child process to crash if it was sent a
carefully crafted request. This could lead to a denial of service
if using a threaded MPM (CVE-2007-1863).

Updated packages have been patched to prevent the above issues.

Updated packages

CS3.0 i586

 33b4ae40c9eedadc7ea05bbb79a8a023  corporate/3.0/i586/apache2-2.0.48-6.14.C30mdk.i586.rpm
 0d2db18ac10c77ab4486c3b3f693b3c9  corporate/3.0/i586/apache2-common-2.0.48-6.14.C30mdk.i586.rpm
 530dc14f5f5c28f0c41c28263be70c66  corporate/3.0/i586/apache2-devel-2.0.48-6.14.C30mdk.i586.rpm
 23d8731286c81b5ef69e6c743d064751  corporate/3.0/i586/apache2-manual-2.0.48-6.14.C30mdk.i586.rpm
 fecdea1f465f55798f44dfb54f5d505d  corporate/3.0/i586/apache2-mod_cache-2.0.48-6.14.C30mdk.i586.rpm
 76b1905e2f629f6b7f44965157edc9f8  corporate/3.0/i586/apache2-mod_dav-2.0.48-6.14.C30mdk.i586.rpm
 d444c58838c9b6bfb165f20e3947fa71  corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.14.C30mdk.i586.rpm
 bbf3e12adee9e972716c6d9b3b00024a  corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.14.C30mdk.i586.rpm
 0a4de57e75712e4972cec7be5ea028c1  corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.14.C30mdk.i586.rpm
 d3ad1ad4b8d2e6ac0326f319d22c4736  corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.14.C30mdk.i586.rpm
 38c489f26dbc7fafb4fb7014310648f8  corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.14.C30mdk.i586.rpm
 84a4b113c4eb28004920fda04bf6e4c5  corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.14.C30mdk.i586.rpm
 39a8ff0956dd1087e14958ce141efaec  corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.14.C30mdk.i586.rpm
 d240e12e5c70884a03d4a4e93c121678  corporate/3.0/i586/apache2-modules-2.0.48-6.14.C30mdk.i586.rpm
 8df7637f83d086df49f35caa9efb823e  corporate/3.0/i586/apache2-source-2.0.48-6.14.C30mdk.i586.rpm
 d27c0cc4ee311add44ab39386cda6327  corporate/3.0/i586/libapr0-2.0.48-6.14.C30mdk.i586.rpm 
 412819e938a35e65159856b6df26d0a3  corporate/3.0/SRPMS/apache2-2.0.48-6.14.C30mdk.src.rpm

MNF2.0 i586

 3b66d4eaf4091aede0930ec9301064a0  mnf/2.0/i586/apache2-2.0.48-6.14.M20mdk.i586.rpm
 c94a8966ab3b67071429c14c1eb899f2  mnf/2.0/i586/apache2-common-2.0.48-6.14.M20mdk.i586.rpm
 dadac33ef4982ab11d5598997d4e4d1d  mnf/2.0/i586/apache2-devel-2.0.48-6.14.M20mdk.i586.rpm
 9dbe03b9bebae8ce4e4703e210e2c1fa  mnf/2.0/i586/apache2-manual-2.0.48-6.14.M20mdk.i586.rpm
 7c977a7a26bbeaafa3a799ebd0559ea5  mnf/2.0/i586/apache2-mod_cache-2.0.48-6.14.M20mdk.i586.rpm
 2e47db770a1a974710d5dae1ca290936  mnf/2.0/i586/apache2-mod_dav-2.0.48-6.14.M20mdk.i586.rpm
 e0319ec65d680b04fc0768dcb62e009c  mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.14.M20mdk.i586.rpm
 56487fcc42cf1213f629eb8e2c0166a8  mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.14.M20mdk.i586.rpm
 f04b85763fe99b9a8675693540abbba9  mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.14.M20mdk.i586.rpm
 d64c6bb4f71752fffcfea7fa6df6e9d5  mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.14.M20mdk.i586.rpm
 032d38f08b994e8056b7a45b41d6779b  mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.14.M20mdk.i586.rpm
 4daa1573e3b352ae0876ced8a816ddc1  mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.14.M20mdk.i586.rpm
 68aa23dad66ad710e96750abab87c359  mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.14.M20mdk.i586.rpm
 95b0de0c80b432e4fe82e745408417e6  mnf/2.0/i586/apache2-modules-2.0.48-6.14.M20mdk.i586.rpm
 d80dca1b0b2a7870f3d65424342b8f1b  mnf/2.0/i586/apache2-source-2.0.48-6.14.M20mdk.i586.rpm
 4ef56c99d09113cb3139bf3b89b35d86  mnf/2.0/i586/libapr0-2.0.48-6.14.M20mdk.i586.rpm 
 542f190bea765d0d80dc660396078538  mnf/2.0/SRPMS/apache2-2.0.48-6.14.M20mdk.src.rpm

CS3.0 x86_64

 dfccabfd0496f8c43190e8a3fb8126c4  corporate/3.0/x86_64/apache2-2.0.48-6.14.C30mdk.x86_64.rpm
 611a03bcb215fea9cdbcb9947e4c2fe5  corporate/3.0/x86_64/apache2-common-2.0.48-6.14.C30mdk.x86_64.rpm
 5a0b8194418b87bb5c876689074dae73  corporate/3.0/x86_64/apache2-devel-2.0.48-6.14.C30mdk.x86_64.rpm
 243acf8278d50e8aa3603ee66888bee5  corporate/3.0/x86_64/apache2-manual-2.0.48-6.14.C30mdk.x86_64.rpm
 3c7e59abeaadf6e7b79625aa7c2a8feb  corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.14.C30mdk.x86_64.rpm
 ea0051d179e89eb578784da0a06ba515  corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.14.C30mdk.x86_64.rpm
 cedc742db5f95e6cfa514ca272a0beb8  corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.14.C30mdk.x86_64.rpm
 52ea68be3a7d00bfcfb295bf7c838fd8  corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.14.C30mdk.x86_64.rpm
 a34a7ef7a90245843abd29a901982458  corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.14.C30mdk.x86_64.rpm
 ebf80868b29fbcec3cfe98f97c9c039a  corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.14.C30mdk.x86_64.rpm
 9498d52515df024b731c77e86ec8ca80  corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.14.C30mdk.x86_64.rpm
 4d2f6004a024770a542110ddb458d331  corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.14.C30mdk.x86_64.rpm
 0ba5b39fe791c256f1bcfc31f0283244  corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.14.C30mdk.x86_64.rpm
 da4637c7b4465764f4813d2c2aee33c2  corporate/3.0/x86_64/apache2-modules-2.0.48-6.14.C30mdk.x86_64.rpm
 8404598ff3c49d98ba12067f32cce34c  corporate/3.0/x86_64/apache2-source-2.0.48-6.14.C30mdk.x86_64.rpm
 6fcf4bc783925e54682204f364bfd8ff  corporate/3.0/x86_64/lib64apr0-2.0.48-6.14.C30mdk.x86_64.rpm 
 412819e938a35e65159856b6df26d0a3  corporate/3.0/SRPMS/apache2-2.0.48-6.14.C30mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863