Nom du paquet
apache
Date
2001-09-18
Advisory ID
MDKSA-2001:077
Affected versions
8.0 i586 , 7.2 i586 , 7.1 i586 , CS1.0 i586 , 8.0 i586

Problem description

A problem exists with all Apache servers prior to version 1.3.19. The vulnerablity could allow directory indexing and path discovery on the vulnerable servers with a custom crafted request consisting of a long path name created artificially by using numerous slashes. This can cause modules to misbehave and return a listing of the directory contents by avoiding the error page. Because of the number of add-on packages Mandrake Linux provides for Apache that are compiled for a specific version of Apache, and due to the complexity of the upgrade, we recommend that users upgrade Apache and all associated packages by hand, invoking RPM directly. The updates provide updated Apache, PHP, mod_perl, and mod_ssl packages for all relevant versions, and all should be upgraded at the same time to avoid dependency issues. You can do this by using the "rpm -Fvh *.rpm" command from a temporary directory containing the relevant update packages. Due to a packaging error in previous versions of mod_php3 for Linux- Mandrake 7.1, you will need to manually edit /etc/httpd.conf to re- enable PHP support. You can do this by issuing, as root: echo "Include conf/addon-modules/php.conf" >>/etc/httpd/conf/httpd.conf Additionally, we have updated PHP to version 4.0.6 for Mandrake Linux 8.0.

Updated packages

8.0 i586

 d379d29a6acc539a94f2c5c261762df1  8.0/RPMS/HTML-Embperl-1.3.20_1.3.3-2.2mdk.i586.rpm
7cebcaca4383a19ac05556b2e5b85bc1  8.0/RPMS/apache-1.3.20-1.2mdk.i586.rpm
2552b620e877728a260396f1281e877a  8.0/RPMS/apache-common-1.3.20-1.2mdk.i586.rpm
d491a1e3fc86432665c76b075b3d9d10  8.0/RPMS/apache-conf-1.3.20-1.2mdk.i586.rpm
d59540396fcd71493bf370ef4228b942  8.0/RPMS/apache-devel-1.3.20-1.2mdk.i586.rpm
993281ba4b86c71e513a4e29024e3887  8.0/RPMS/apache-manual-1.3.20-1.2mdk.i586.rpm
f404d71383212971a4ab59a6c8611698  8.0/RPMS/apache-mod_perl-1.3.20_1.25_01-2.2mdk.i586.rpm
8e9b60fb2411fb8da35c318599928049  8.0/RPMS/apache-modules-1.3.20-1.2mdk.i586.rpm
657ac31e93d26ca07ebe7c5754f4adb9  8.0/RPMS/apache-source-1.3.20-1.2mdk.i586.rpm
af04df9d3816498daf60bf9734e14ba4  8.0/RPMS/apache-suexec-1.3.20-1.2mdk.i586.rpm
83196921efbbe31c69ae1b458e9b32f0  8.0/RPMS/mod_perl-common-1.3.20_1.25_01-2.2mdk.i586.rpm
ba32408642e6ed62b9946f127bb78f93  8.0/RPMS/mod_perl-devel-1.3.20_1.25_01-2.2mdk.i586.rpm
e93945de74a775497cc1f29c3116fe34  8.0/RPMS/mod_php-4.0.6-3mdk.i586.rpm
0d477d3cbb78e28950ef9fb637e64532  8.0/RPMS/mod_ssl-2.8.4-1.2mdk.i586.rpm
e93945de74a775497cc1f29c3116fe34  8.0/RPMS/mod_php-4.0.6-3mdk.i586.rpm
93ecb0381be916dff31720c1f8ccd7af  8.0/RPMS/php-4.0.6-3.2mdk.i586.rpm
9334c69cc9109861740cefdcbbca3f0f  8.0/RPMS/php-common-4.0.6-3.2mdk.i586.rpm
b3f706b65c0afd2c5a54f52ba908db61  8.0/RPMS/php-dba_gdbm_db3-4.0.6-2.2mdk.i586.rpm
500e5efbeb2b71a2d39f19e99f9480e3  8.0/RPMS/php-devel-4.0.6-3.2mdk.i586.rpm
bdcad46aaad5ab194f7c2e396af07116  8.0/RPMS/php-gd-4.0.6-1.2mdk.i586.rpm
45edeaeb2021ce1f92bd43ad416a0cf9  8.0/RPMS/php-imap-4.0.6-1.2mdk.i586.rpm
a25e6ffb9a91cce7c5f7f863439c1c70  8.0/RPMS/php-ldap-4.0.6-2.2mdk.i586.rpm
10e7de7e4c61cc925f01ab045595c9e9  8.0/RPMS/php-manual_en-4.0.6-3.2mdk.i586.rpm
416f7bd764e0d631cc7bf2bc17d93581  8.0/RPMS/php-mysql-4.0.6-2.2mdk.i586.rpm
dc06c8672a789e3fa9080dfa65a835c5  8.0/RPMS/php-pgsql-4.0.6-1.2mdk.i586.rpm
3a940b91dea80c3ff183f9bd6e9b0084  8.0/RPMS/php-readline-4.0.6-1.2mdk.i586.rpm
0188e8a2f26355cc7af2221a7dc83a40  8.0/SRPMS/apache-1.3.20-1.2mdk.src.rpm
a68a308b902e36662f99c18f5e024dd0  8.0/SRPMS/apache-conf-1.3.20-1.2mdk.src.rpm
1162877d96ccfcaa21208d1a2a321d5f  8.0/SRPMS/apache-mod_perl-1.3.20_1.25_01-2.2mdk.src.rpm
5df10c7d419b67c5ee0d271059309d12  8.0/SRPMS/mod_php-4.0.6-3mdk.src.rpm
4fca49ba15b24be37a7ff9e42152d75b  8.0/SRPMS/mod_ssl-2.8.4-1.2mdk.src.rpm
5df10c7d419b67c5ee0d271059309d12  8.0/SRPMS/mod_php-4.0.6-3mdk.src.rpm
84e096b785c0b2514d0e51cfb55dfed4  8.0/SRPMS/php-4.0.6-3.2mdk.src.rpm
69e797bf4c7d006753023a25d0dc1666  8.0/SRPMS/php-dba_gdbm_db3-4.0.6-2.2mdk.src.rpm
8d45763afa776c37f61a82f761645d3a  8.0/SRPMS/php-gd-4.0.6-1.2mdk.src.rpm
1e1f6740af95e63a74b06d406621a7e2  8.0/SRPMS/php-imap-4.0.6-1.2mdk.src.rpm
c29bd84488ddf88732f06f9efd5e6cec  8.0/SRPMS/php-ldap-4.0.6-2.2mdk.src.rpm
b2e2d9dcfe96cace5f13ad8c7a8f7743  8.0/SRPMS/php-manual_en-4.0.6-3.2mdk.src.rpm
92c9efa68df863357ecf9f30e29a9c7c  8.0/SRPMS/php-mysql-4.0.6-2.2mdk.src.rpm
b60116ea069ab5c93a129816019a67c6  8.0/SRPMS/php-pgsql-4.0.6-1.2mdk.src.rpm
48c494f09afc05c4bc41e62f1d9b0711  8.0/SRPMS/php-readline-4.0.6-1.2mdk.src.rpm

7.2 i586

 14ecd4a55701a9e01cb9f402492007df  7.2/RPMS/HTML-Embperl-1.3b6-3.1mdk.i586.rpm
9d9bace3d742354e6dfbfa3c8cfb60f8  7.2/RPMS/apache-1.3.20-3.1mdk.i586.rpm
5114bcc5f1a277aa9331124d766bc097  7.2/RPMS/apache-common-1.3.20-3.1mdk.i586.rpm
719daaccf0b11cc24c69cb73b4bc6a71  7.2/RPMS/apache-devel-1.3.20-3.1mdk.i586.rpm
0f7819a64e087c860a0caf99b2b48819  7.2/RPMS/apache-manual-1.3.20-3.1mdk.i586.rpm
14c0b768186dffb037306d1651dc851d  7.2/RPMS/apache-mod_perl-1.3.20_1.24-3.1mdk.i586.rpm
f48a5e44b0e679d4bfa3aef1c40a9af9  7.2/RPMS/apache-mod_perl-devel-1.3.20_1.24-3.1mdk.i586.rpm
50b8bb0d3b3b1452ff867953fa051222  7.2/RPMS/apache-suexec-1.3.20-3.1mdk.i586.rpm
8f22e1643f6c1adfac71149b3283ac39  7.2/RPMS/mod_php-4.0.4pl1-2.1mdk.i586.rpm
1b45a62c1015d74695f655d94b064347  7.2/RPMS/mod_ssl-2.8.4-1.1mdk.i586.rpm
8f22e1643f6c1adfac71149b3283ac39  7.2/RPMS/mod_php-4.0.4pl1-2.1mdk.i586.rpm
8b5c3ec86fcf6b8462f4940c20504654  7.2/RPMS/php-4.0.4pl1-2.1mdk.i586.rpm
0ab8b1e3924f72d96356484d7cb00df2  7.2/RPMS/php-dba_gdbm_db2-4.0.4pl1-2.1mdk.i586.rpm
ce4811a78c8457f95e665d8bd89a4ba9  7.2/RPMS/php-devel-4.0.4pl1-2.1mdk.i586.rpm
93ec99f78ac53e6f356db9034fe5af49  7.2/RPMS/php-gd-4.0.4pl1-2.1mdk.i586.rpm
4009c23dba38dba27fec2809e796cc24  7.2/RPMS/php-imap-4.0.4pl1-2.1mdk.i586.rpm
37f7f9d073f3520343fb3bd5c07fac60  7.2/RPMS/php-ldap-4.0.4pl1-2.1mdk.i586.rpm
43275b23bcb6db3bba490ff970bc0e16  7.2/RPMS/php-manual-4.0.4pl1-2.1mdk.i586.rpm
3321ed48c52f0ad91db87196e07924fc  7.2/RPMS/php-mysql-4.0.4pl1-2.1mdk.i586.rpm
bb2debffd4e7ab4d73e4f52cbdcbc7e0  7.2/RPMS/php-pgsql-4.0.4pl1-2.1mdk.i586.rpm
17b2010fecce8013beb0acc578ca5b5d  7.2/RPMS/php-readline-4.0.4pl1-2.1mdk.i586.rpm
7cd3faa0624118cfefade2633a185be7  7.2/SRPMS/apache-1.3.20-3.1mdk.src.rpm
4a15671a5a30b8399318275782fc4617  7.2/SRPMS/mod_ssl-2.8.4-1.1mdk.src.rpm
3c69dd72fbc771c914a6ae0140192d9f  7.2/SRPMS/php-4.0.4pl1-2.1mdk.src.rpm

7.1 i586

 66be24cb54d0b81a275bc55deb7fc46f  7.1/RPMS/apache-1.3.20-1.3mdk.i586.rpm
29e0d16940f032fbd96576327a119ec1  7.1/RPMS/apache-devel-1.3.20-1.3mdk.i586.rpm
cc6a0aaf4d6b10b20686ddf7fa2f925e  7.1/RPMS/apache-suexec-1.3.20-1.3mdk.i586.rpm
79ec84f3720d65ebd6003f77e19b1d23  7.1/RPMS/mod_perl-1.22-29.3mdk.i586.rpm
21f1638d0dd29d31286a0cf45f44cafc  7.1/RPMS/mod_php3-3.0.17-2.3mdk.i586.rpm
0b8cf6dee144d9b5c4d8dbf6186aa86b  7.1/RPMS/mod_php3-imap-3.0.17-2.3mdk.i586.rpm
7b73ea1ca66ff3e71749c6305551a77d  7.1/RPMS/mod_php3-ldap-3.0.17-2.3mdk.i586.rpm
d2114ac796e2438f9af1dff9c7ac8a7b  7.1/RPMS/mod_php3-manual-3.0.17-2.3mdk.i586.rpm
8645d02caa74d3a3bf3c9dcb381e8bd9  7.1/RPMS/mod_php3-mysql-3.0.17-2.3mdk.i586.rpm
4e14c192d8e9e3771131cdc90d999aac  7.1/RPMS/mod_php3-pgsql-3.0.17-2.3mdk.i586.rpm
21f1638d0dd29d31286a0cf45f44cafc  7.1/RPMS/mod_php3-3.0.17-2.3mdk.i586.rpm
0b8cf6dee144d9b5c4d8dbf6186aa86b  7.1/RPMS/mod_php3-imap-3.0.17-2.3mdk.i586.rpm
7b73ea1ca66ff3e71749c6305551a77d  7.1/RPMS/mod_php3-ldap-3.0.17-2.3mdk.i586.rpm
d2114ac796e2438f9af1dff9c7ac8a7b  7.1/RPMS/mod_php3-manual-3.0.17-2.3mdk.i586.rpm
8645d02caa74d3a3bf3c9dcb381e8bd9  7.1/RPMS/mod_php3-mysql-3.0.17-2.3mdk.i586.rpm
4e14c192d8e9e3771131cdc90d999aac  7.1/RPMS/mod_php3-pgsql-3.0.17-2.3mdk.i586.rpm
61d0a2633355d0e5a936803023c9c406  7.1/SRPMS/apache-1.3.20-1.3mdk.src.rpm
7aa8082bad63d0f56ba7ef96337e654a  7.1/SRPMS/mod_perl-1.22-29.3mdk.src.rpm
b315b402fc8de3c315d1d2c515e74342  7.1/SRPMS/mod_php3-3.0.17-2.3mdk.src.rpm
b315b402fc8de3c315d1d2c515e74342  7.1/SRPMS/mod_php3-3.0.17-2.3mdk.src.rpm

CS1.0 i586

 66be24cb54d0b81a275bc55deb7fc46f  1.0.1/RPMS/apache-1.3.20-1.3mdk.i586.rpm
29e0d16940f032fbd96576327a119ec1  1.0.1/RPMS/apache-devel-1.3.20-1.3mdk.i586.rpm
cc6a0aaf4d6b10b20686ddf7fa2f925e  1.0.1/RPMS/apache-suexec-1.3.20-1.3mdk.i586.rpm
79ec84f3720d65ebd6003f77e19b1d23  1.0.1/RPMS/mod_perl-1.22-29.3mdk.i586.rpm
21f1638d0dd29d31286a0cf45f44cafc  1.0.1/RPMS/mod_php3-3.0.17-2.3mdk.i586.rpm
0b8cf6dee144d9b5c4d8dbf6186aa86b  1.0.1/RPMS/mod_php3-imap-3.0.17-2.3mdk.i586.rpm
7b73ea1ca66ff3e71749c6305551a77d  1.0.1/RPMS/mod_php3-ldap-3.0.17-2.3mdk.i586.rpm
d2114ac796e2438f9af1dff9c7ac8a7b  1.0.1/RPMS/mod_php3-manual-3.0.17-2.3mdk.i586.rpm
8645d02caa74d3a3bf3c9dcb381e8bd9  1.0.1/RPMS/mod_php3-mysql-3.0.17-2.3mdk.i586.rpm
4e14c192d8e9e3771131cdc90d999aac  1.0.1/RPMS/mod_php3-pgsql-3.0.17-2.3mdk.i586.rpm
21f1638d0dd29d31286a0cf45f44cafc  1.0.1/RPMS/mod_php3-3.0.17-2.3mdk.i586.rpm
0b8cf6dee144d9b5c4d8dbf6186aa86b  1.0.1/RPMS/mod_php3-imap-3.0.17-2.3mdk.i586.rpm
7b73ea1ca66ff3e71749c6305551a77d  1.0.1/RPMS/mod_php3-ldap-3.0.17-2.3mdk.i586.rpm
d2114ac796e2438f9af1dff9c7ac8a7b  1.0.1/RPMS/mod_php3-manual-3.0.17-2.3mdk.i586.rpm
8645d02caa74d3a3bf3c9dcb381e8bd9  1.0.1/RPMS/mod_php3-mysql-3.0.17-2.3mdk.i586.rpm
4e14c192d8e9e3771131cdc90d999aac  1.0.1/RPMS/mod_php3-pgsql-3.0.17-2.3mdk.i586.rpm
61d0a2633355d0e5a936803023c9c406  1.0.1/SRPMS/apache-1.3.20-1.3mdk.src.rpm
7aa8082bad63d0f56ba7ef96337e654a  1.0.1/SRPMS/mod_perl-1.22-29.3mdk.src.rpm
b315b402fc8de3c315d1d2c515e74342  1.0.1/SRPMS/mod_php3-3.0.17-2.3mdk.src.rpm
b315b402fc8de3c315d1d2c515e74342  1.0.1/SRPMS/mod_php3-3.0.17-2.3mdk.src.rpm

8.0 i586

 1a052077e612411d31a476adee51e02d  ppc/8.0/RPMS/HTML-Embperl-1.3.20_1.3.3-2.2mdk.ppc.rpm
e60a5a0e06a0a52edd3facc8897f7893  ppc/8.0/RPMS/apache-1.3.20-1.2mdk.ppc.rpm
d45a6f586619e1fcbb7dc1b001e19710  ppc/8.0/RPMS/apache-common-1.3.20-1.2mdk.ppc.rpm
bcdd65060a13aa91e68af6d8112d3838  ppc/8.0/RPMS/apache-conf-1.3.20-1.2mdk.ppc.rpm
aaa32339e5825b0a03fda19c19d57b45  ppc/8.0/RPMS/apache-devel-1.3.20-1.2mdk.ppc.rpm
18213d6227c56c6967022950f5170dc5  ppc/8.0/RPMS/apache-manual-1.3.20-1.2mdk.ppc.rpm
d6d6c693047a798cbf6dfc27c1726e9e  ppc/8.0/RPMS/apache-mod_perl-1.3.20_1.25_01-2.2mdk.ppc.rpm
43373e633698bb78bf4125dfb97ac0dd  ppc/8.0/RPMS/apache-modules-1.3.20-1.2mdk.ppc.rpm
f7c0fb4a1a02d848bd27a28b2a3b1b80  ppc/8.0/RPMS/apache-source-1.3.20-1.2mdk.ppc.rpm
6c92d1ed9d6634115ef87d0707116036  ppc/8.0/RPMS/apache-suexec-1.3.20-1.2mdk.ppc.rpm
905c871d496a1fb3d308953d84548966  ppc/8.0/RPMS/mod_perl-common-1.3.20_1.25_01-2.2mdk.ppc.rpm
8e459c8ff93dfdd2eb010956bc090916  ppc/8.0/RPMS/mod_perl-devel-1.3.20_1.25_01-2.2mdk.ppc.rpm
fc4ba413a5dc4f59903d5e1705ef9343  ppc/8.0/RPMS/mod_php-4.0.6-3mdk.ppc.rpm
aa6f190d1d963ee7208edc38e8ce11d1  ppc/8.0/RPMS/mod_ssl-2.8.4-1.2mdk.ppc.rpm
fc4ba413a5dc4f59903d5e1705ef9343  ppc/8.0/RPMS/mod_php-4.0.6-3mdk.ppc.rpm
fbd7e60c636e6804e30ad2675efcaf9e  ppc/8.0/RPMS/php-4.0.6-3.2mdk.ppc.rpm
12153f5cad9dc118615876079fb73a15  ppc/8.0/RPMS/php-common-4.0.6-3.2mdk.ppc.rpm
910b8891a49eb9669649b94b6de2fe7f  ppc/8.0/RPMS/php-dba_gdbm_db3-4.0.6-2.2mdk.ppc.rpm
ee132fc7c09af818c1bba7666d970ea1  ppc/8.0/RPMS/php-devel-4.0.6-3.2mdk.ppc.rpm
c9856136eb2e6ddd3618aa8bf926be14  ppc/8.0/RPMS/php-gd-4.0.6-1.2mdk.ppc.rpm
a59aa52c14fa5cff90fec4c387f78bb6  ppc/8.0/RPMS/php-imap-4.0.6-1.2mdk.ppc.rpm
821765055cf3e744d34a78464ba94808  ppc/8.0/RPMS/php-ldap-4.0.6-2.2mdk.ppc.rpm
c7cf3c787d79e8f0773084ff98b59102  ppc/8.0/RPMS/php-manual_en-4.0.6-3.2mdk.ppc.rpm
e353a0fe0d07a81ccc99336fb6379997  ppc/8.0/RPMS/php-mysql-4.0.6-2.2mdk.ppc.rpm
b85f241a43267281954bd2e82768ce12  ppc/8.0/RPMS/php-pgsql-4.0.6-1.2mdk.ppc.rpm
82324d8ffa3660ddace4c7da1e65db41  ppc/8.0/RPMS/php-readline-4.0.6-1.2mdk.ppc.rpm
8ffaa4ca1317e9b77b4179297a20ebd5  ppc/8.0/SRPMS/apache-1.3.20-1.2mdk.src.rpm
cc90f72e056be1502ca1db4dc71a4a1e  ppc/8.0/SRPMS/apache-conf-1.3.20-1.2mdk.src.rpm
01adb4f69c71c2a6bc82cfa5d0d8a86e  ppc/8.0/SRPMS/apache-mod_perl-1.3.20_1.25_01-2.2mdk.src.rpm
8ea62a0630d383894a6d457c8709c3a9  ppc/8.0/SRPMS/mod_php-4.0.6-3mdk.src.rpm
11a08dd58ca5ca3e02919cd603db8170  ppc/8.0/SRPMS/mod_ssl-2.8.4-1.2mdk.src.rpm
8ea62a0630d383894a6d457c8709c3a9  ppc/8.0/SRPMS/mod_php-4.0.6-3mdk.src.rpm
25ddfc429c63dc881605db7df16774a9  ppc/8.0/SRPMS/php-4.0.6-3.2mdk.src.rpm
38870b0fa8de215df7c94632b058e4ce  ppc/8.0/SRPMS/php-dba_gdbm_db3-4.0.6-2.2mdk.src.rpm
8201bd1c5fb42691564b8ba9bdd7db36  ppc/8.0/SRPMS/php-gd-4.0.6-1.2mdk.src.rpm
4efa1524c597add37740e8c0fee434b3  ppc/8.0/SRPMS/php-imap-4.0.6-1.2mdk.src.rpm
09c15928dd9568a765930d6d03bcc30a  ppc/8.0/SRPMS/php-ldap-4.0.6-2.2mdk.src.rpm
f4dceddc5e6b1f7d161b585cc6ee8b87  ppc/8.0/SRPMS/php-manual_en-4.0.6-3.2mdk.src.rpm
cfc99904da9bdaf6f9972237da00c8ff  ppc/8.0/SRPMS/php-mysql-4.0.6-2.2mdk.src.rpm
467d82deca0c50208a86b54054123ba0  ppc/8.0/SRPMS/php-pgsql-4.0.6-1.2mdk.src.rpm
de858c72849ea7388cce4270a3bbfa6d  ppc/8.0/SRPMS/php-readline-4.0.6-1.2mdk.src.rpm

References