Support / Sécurité / Annonces de sécurité / Mandriva Linux 2009.1 / MDVSA-2009:102

Nom du paquet: apache
Date: 2009-04-30
Advisory ID: MDVSA-2009:102
Affected versions: 2009.1 i586 , 2009.1 x86_64

Problem description

A vulnerability has been found and corrected in apache:

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server
2.2.11 allows remote attackers to obtain sensitive response data,
intended for a client that sent an earlier POST request with no
request body, via an HTTP request (CVE-2009-1191).

This update provides fixes for that vulnerability.

Updated packages

2009.1 i586

 84173d7808395e9764cf8a6bf73518b1  2009.1/i586/apache-base-2.2.11-10.1mdv2009.1.i586.rpm
 cf5436765525b3adc826daa5bc210ab5  2009.1/i586/apache-devel-2.2.11-10.1mdv2009.1.i586.rpm
 05da7f68e46c4314dccf1391f3e575d6  2009.1/i586/apache-htcacheclean-2.2.11-10.1mdv2009.1.i586.rpm
 a78717a71f2aeffc488b4a79e0f13a5c  2009.1/i586/apache-mod_authn_dbd-2.2.11-10.1mdv2009.1.i586.rpm
 d82c899d917a0432093a95a7994f3212  2009.1/i586/apache-mod_cache-2.2.11-10.1mdv2009.1.i586.rpm
 6286f9a46a5cf1c69389020f2b8f1ba9  2009.1/i586/apache-mod_dav-2.2.11-10.1mdv2009.1.i586.rpm
 f84e50430736a059f89036436cf093d0  2009.1/i586/apache-mod_dbd-2.2.11-10.1mdv2009.1.i586.rpm
 aa900c2245dda03318a50d1950466e70  2009.1/i586/apache-mod_deflate-2.2.11-10.1mdv2009.1.i586.rpm
 d7613d9f701996918b2e612b2f9945ce  2009.1/i586/apache-mod_disk_cache-2.2.11-10.1mdv2009.1.i586.rpm
 1584026aec3bb46e5a277d8c239d5cc4  2009.1/i586/apache-mod_file_cache-2.2.11-10.1mdv2009.1.i586.rpm
 85c01c35c9a10050d03c83fab0cc7b07  2009.1/i586/apache-mod_ldap-2.2.11-10.1mdv2009.1.i586.rpm
 dd3fe1449025622ee3bde812643c60cd  2009.1/i586/apache-mod_mem_cache-2.2.11-10.1mdv2009.1.i586.rpm
 3786880d703cea5a5a5e035318b63918  2009.1/i586/apache-mod_proxy-2.2.11-10.1mdv2009.1.i586.rpm
 b56fc78a2da3de576c685b641f8d620a  2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.1mdv2009.1.i586.rpm
 9cffd8c0587a34aa2d513aed57bccf07  2009.1/i586/apache-mod_ssl-2.2.11-10.1mdv2009.1.i586.rpm
 47891fcaefd8f5b22ab707353f3b8192  2009.1/i586/apache-modules-2.2.11-10.1mdv2009.1.i586.rpm
 0c3dcb4931fe01468275ec0e05a30595  2009.1/i586/apache-mod_userdir-2.2.11-10.1mdv2009.1.i586.rpm
 7eb07e1ae40b4d790275a96da9c0c40b  2009.1/i586/apache-mpm-event-2.2.11-10.1mdv2009.1.i586.rpm
 58b7e5edbee5510b2269ddbe051ea72a  2009.1/i586/apache-mpm-itk-2.2.11-10.1mdv2009.1.i586.rpm
 4bfbe7ff2ee129eb7acceff9ae92223d  2009.1/i586/apache-mpm-peruser-2.2.11-10.1mdv2009.1.i586.rpm
 4f282324726b702b83c101c718c6c5ce  2009.1/i586/apache-mpm-prefork-2.2.11-10.1mdv2009.1.i586.rpm
 3bfc7be3fc27b1b1c488092c609b31e9  2009.1/i586/apache-mpm-worker-2.2.11-10.1mdv2009.1.i586.rpm
 6acf6841d772e23440f83bd89ebf49ea  2009.1/i586/apache-source-2.2.11-10.1mdv2009.1.i586.rpm 
 1715fdb5dce7fd4b93c47c11e045d5ea  2009.1/SRPMS/apache-2.2.11-10.1mdv2009.1.src.rpm

2009.1 x86_64

 da7e1a2f61449581eb6472909c405554  2009.1/x86_64/apache-base-2.2.11-10.1mdv2009.1.x86_64.rpm
 370cd6bc3b5dddbe096c292d6c64b2a8  2009.1/x86_64/apache-devel-2.2.11-10.1mdv2009.1.x86_64.rpm
 0d40fd7ad65adf7ec4bce90d70b6cca1  2009.1/x86_64/apache-htcacheclean-2.2.11-10.1mdv2009.1.x86_64.rpm
 43b68e253a37cd3c849a5611cafdd3f4  2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.1mdv2009.1.x86_64.rpm
 fdd3942faeb19f783522485602d02aa5  2009.1/x86_64/apache-mod_cache-2.2.11-10.1mdv2009.1.x86_64.rpm
 4b1582292c86fb24d3012b9ec01f6b33  2009.1/x86_64/apache-mod_dav-2.2.11-10.1mdv2009.1.x86_64.rpm
 84f82788780a7a2143c47b902918b495  2009.1/x86_64/apache-mod_dbd-2.2.11-10.1mdv2009.1.x86_64.rpm
 d8da90b82dad28ffb6d08a37a3801623  2009.1/x86_64/apache-mod_deflate-2.2.11-10.1mdv2009.1.x86_64.rpm
 fb760b8890ced968acaae0c97e7ebe29  2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.1mdv2009.1.x86_64.rpm
 57508bfeff839917bd2840d88f1e7242  2009.1/x86_64/apache-mod_file_cache-2.2.11-10.1mdv2009.1.x86_64.rpm
 ec39a0800645bb3c2e70b6433f3be014  2009.1/x86_64/apache-mod_ldap-2.2.11-10.1mdv2009.1.x86_64.rpm
 03b1273fec51287c89eb728320865413  2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.1mdv2009.1.x86_64.rpm
 a47cd7dafa57ae146f3ef62f152ed652  2009.1/x86_64/apache-mod_proxy-2.2.11-10.1mdv2009.1.x86_64.rpm
 4cca6e597f9b42dc8df2d322abfef052  2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.1mdv2009.1.x86_64.rpm
 54b731a8732163081ef52005720bc10b  2009.1/x86_64/apache-mod_ssl-2.2.11-10.1mdv2009.1.x86_64.rpm
 8574d616adb823ab1204b3175a6d187c  2009.1/x86_64/apache-modules-2.2.11-10.1mdv2009.1.x86_64.rpm
 8da6f834e5dc5994acb5e21dde9db5ca  2009.1/x86_64/apache-mod_userdir-2.2.11-10.1mdv2009.1.x86_64.rpm
 cc7b72ebb9cb262b8650a77e2d231454  2009.1/x86_64/apache-mpm-event-2.2.11-10.1mdv2009.1.x86_64.rpm
 d44150c74bf7b5962942ef15b465e99f  2009.1/x86_64/apache-mpm-itk-2.2.11-10.1mdv2009.1.x86_64.rpm
 c39db13bb76acb414c2baae91f9a1261  2009.1/x86_64/apache-mpm-peruser-2.2.11-10.1mdv2009.1.x86_64.rpm
 b32f61458288390688c852502b6e6a9b  2009.1/x86_64/apache-mpm-prefork-2.2.11-10.1mdv2009.1.x86_64.rpm
 a9433a9b6f4b84e9f22e7705e0addf35  2009.1/x86_64/apache-mpm-worker-2.2.11-10.1mdv2009.1.x86_64.rpm
 e8546ef348460ceb6e71633621fe203c  2009.1/x86_64/apache-source-2.2.11-10.1mdv2009.1.x86_64.rpm 
 1715fdb5dce7fd4b93c47c11e045d5ea  2009.1/SRPMS/apache-2.2.11-10.1mdv2009.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191