Support / Sécurité / Annonces de sécurité / Mandriva Linux 2009.1 / MDVSA-2010:081

Nom du paquet: apache-mod_auth_shadow
Date: 2010-04-18
Advisory ID: MDVSA-2010:081
Affected versions: 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.1 x86_64 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586

Problem description

A vulnerability has been found and corrected in apache-mod_auth_shadow:

A race condition was found in the way mod_auth_shadow used an external
helper binary to validate user credentials (username / password
pairs). A remote attacker could use this flaw to bypass intended
access restrictions, resulting in ability to view and potentially
alter resources, which should be otherwise protected by authentication
(CVE-2010-1151).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

Updated packages

2010.0 x86_64

 2c089b026696f997308e2cbbff90e8f3  2010.0/x86_64/apache-mod_auth_shadow-2.2-11.1mdv2010.0.x86_64.rpm 
 8c3bfa1a5aabe41431ad2a6293b63289  2010.0/SRPMS/apache-mod_auth_shadow-2.2-11.1mdv2010.0.src.rpm

2010.0 i586

 5203075213a7269eda6490f2e872fe6d  2010.0/i586/apache-mod_auth_shadow-2.2-11.1mdv2010.0.i586.rpm 
 8c3bfa1a5aabe41431ad2a6293b63289  2010.0/SRPMS/apache-mod_auth_shadow-2.2-11.1mdv2010.0.src.rpm

2009.1 i586

 de655677768a289d0c320efdf592d46c  2009.1/i586/apache-mod_auth_shadow-2.2-9.1mdv2009.1.i586.rpm 
 e2ea6b1a383ae1c136ae5067fe17ad4d  2009.1/SRPMS/apache-mod_auth_shadow-2.2-9.1mdv2009.1.src.rpm

2009.1 x86_64

 3b7ce7b289986979d70bf23f847d9b81  2009.1/x86_64/apache-mod_auth_shadow-2.2-9.1mdv2009.1.x86_64.rpm 
 e2ea6b1a383ae1c136ae5067fe17ad4d  2009.1/SRPMS/apache-mod_auth_shadow-2.2-9.1mdv2009.1.src.rpm

CS4.0 i586

 cdd8547a4fea3dd1ce2403885c852fbe  corporate/4.0/i586/apache-mod_auth_shadow-2.1-1.1.20060mlcs4.i586.rpm 
 dc91e56f4152c5dcccc355e6808839b6  corporate/4.0/SRPMS/apache-mod_auth_shadow-2.1-1.1.20060mlcs4.src.rpm

2008.0 x86_64

 56baacb864db79336dcbfb6fbaf5f023  2008.0/x86_64/apache-mod_auth_shadow-2.2-4.1mdv2008.0.x86_64.rpm 
 0e7d4426b036fd9da6b659b380bbf055  2008.0/SRPMS/apache-mod_auth_shadow-2.2-4.1mdv2008.0.src.rpm

CS4.0 x86_64

 b79080f90e6289eaa811ddbb013c6648  corporate/4.0/x86_64/apache-mod_auth_shadow-2.1-1.1.20060mlcs4.x86_64.rpm 
 dc91e56f4152c5dcccc355e6808839b6  corporate/4.0/SRPMS/apache-mod_auth_shadow-2.1-1.1.20060mlcs4.src.rpm

2008.0 i586

 edd7af18ec821306d302775c0503ff4d  2008.0/i586/apache-mod_auth_shadow-2.2-4.1mdv2008.0.i586.rpm 
 0e7d4426b036fd9da6b659b380bbf055  2008.0/SRPMS/apache-mod_auth_shadow-2.2-4.1mdv2008.0.src.rpm

MDVSA-2010:081