MDVSA-2009:300

Nom du paquet

apache-conf

Date

2009-11-15

Advisory ID

MDVSA-2009:300

Affected versions

2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , MES5 i586 , 2009.1 x86_64 , MES5 x86_64

Problem description

A vulnerability was discovered and corrected in apache-conf:

The Apache HTTP Server enables the HTTP TRACE method per default
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via unspecified web client software (CVE-2009-2823).

This update provides a solution to this vulnerability.

Updated packages

2009.0 x86_64

 34765a6938fb58a84e94469f6955aa27  2009.0/x86_64/apache-conf-2.2.9-2.1mdv2009.0.x86_64.rpm 
 8e681fa0418a0951aa899d48033e00c0  2009.0/SRPMS/apache-conf-2.2.9-2.1mdv2009.0.src.rpm

CS4.0 x86_64

 7494f5ebd51e6eb7e1e2f085e65df3e5  corporate/4.0/x86_64/apache-conf-2.2.3-1.2.20060mlcs4.x86_64.rpm 
 b25eb9dde45ca05ce6a9e70096d86aab  corporate/4.0/SRPMS/apache-conf-2.2.3-1.2.20060mlcs4.src.rpm

MNF2.0 i586

 26351a3ea2d859fe11373e4763e4e847  mnf/2.0/i586/apache-conf-2.0.48-4.1.C30mdk.i586.rpm 
 0bb783ca29a5a8f698eae6b3a759156c  mnf/2.0/SRPMS/apache-conf-2.0.48-4.1.C30mdk.src.rpm

2010.0 x86_64

 edf8c147eced8445aebd6bc8878ccc8a  2010.0/x86_64/apache-conf-2.2.14-1.1mdv2010.0.x86_64.rpm 
 2f78caa45aacf9f673cade5630b2c310  2010.0/SRPMS/apache-conf-2.2.14-1.1mdv2010.0.src.rpm

2010.0 i586

 95495c9225a5f30240f78721c8b69147  2010.0/i586/apache-conf-2.2.14-1.1mdv2010.0.i586.rpm 
 2f78caa45aacf9f673cade5630b2c310  2010.0/SRPMS/apache-conf-2.2.14-1.1mdv2010.0.src.rpm

2009.1 i586

 6666715aaf3f95fb93d408e7a2e5f7a8  2009.1/i586/apache-conf-2.2.11-5.1mdv2009.1.i586.rpm
 d3dbacf5618880138f550a549ebb0c7f  2009.1/i586/apache-conf-2.2.9-2.1mdv2009.1.i586.rpm 
 05fe57eecfa55b7eb564cb4d69bd66c6  2009.1/SRPMS/apache-conf-2.2.11-5.1mdv2009.1.src.rpm
 968b77fbb38a4fcc51ae236121a8cd07  2009.1/SRPMS/apache-conf-2.2.9-2.1mdv2009.0.src.rpm

2009.0 i586

 a1a93cc99dce060dc70c9b84bc77fe73  2009.0/i586/apache-conf-2.2.9-2.1mdv2009.0.i586.rpm 
 8e681fa0418a0951aa899d48033e00c0  2009.0/SRPMS/apache-conf-2.2.9-2.1mdv2009.0.src.rpm

CS3.0 x86_64

 6d3fb3d9a6a13b9af4fabf33e5d19d8a  corporate/3.0/x86_64/apache-conf-2.0.48-4.1.C30mdk.x86_64.rpm 
 793ac16880599d98d46d75d18e267590  corporate/3.0/SRPMS/apache-conf-2.0.48-4.1.C30mdk.src.rpm

CS4.0 i586

 bff638e13669d04f50efbbdc7659994d  corporate/4.0/i586/apache-conf-2.2.3-1.2.20060mlcs4.i586.rpm 
 b25eb9dde45ca05ce6a9e70096d86aab  corporate/4.0/SRPMS/apache-conf-2.2.3-1.2.20060mlcs4.src.rpm

CS3.0 i586

 12beea6a8fd2aa124990902511bd3b13  corporate/3.0/i586/apache-conf-2.0.48-4.1.C30mdk.i586.rpm 
 793ac16880599d98d46d75d18e267590  corporate/3.0/SRPMS/apache-conf-2.0.48-4.1.C30mdk.src.rpm

MES5 i586

 3ece87a4a682fa9eac5d56731c957528  mes5/i586/apache-conf-2.2.9-2.1mdvmes5.i586.rpm 
 b18d8e392a76d9bc6465caafa834389a  mes5/SRPMS/apache-conf-2.2.9-2.1mdvmes5.src.rpm

2009.1 x86_64

 07c8d486e9cf3d2ccbbc008540475341  2009.1/x86_64/apache-conf-2.2.11-5.1mdv2009.1.x86_64.rpm
 de765ed36181f354d6d9a85a9a797658  2009.1/x86_64/apache-conf-2.2.9-2.1mdv2009.1.x86_64.rpm 
 05fe57eecfa55b7eb564cb4d69bd66c6  2009.1/SRPMS/apache-conf-2.2.11-5.1mdv2009.1.src.rpm
 968b77fbb38a4fcc51ae236121a8cd07  2009.1/SRPMS/apache-conf-2.2.9-2.1mdv2009.0.src.rpm

MES5 x86_64

 5e547eccf895fec458827a170679df58  mes5/x86_64/apache-conf-2.2.9-2.1mdvmes5.x86_64.rpm 
 b18d8e392a76d9bc6465caafa834389a  mes5/SRPMS/apache-conf-2.2.9-2.1mdvmes5.src.rpm

References

• http://www.kb.cert.org/vuls/id/867593
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2823