MDVSA-2012:154

Nom du paquet

apache

Date

2012-09-28

Advisory ID

MDVSA-2012:154

Affected versions

MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in apache
(ASF HTTPD):

Insecure handling of LD_LIBRARY_PATH was found that could lead to
the current working directory to be searched for DSOs. This could
allow a local user to execute code as root if an administrator runs
apachectl from an untrusted directory (CVE-2012-0883).

Possible XSS for sites which use mod_negotiation and allow untrusted
uploads to locations which have MultiViews enabled (CVE-2012-2687).

The updated packages have been upgraded to the latest 2.2.23 version
which is not vulnerable to these issues.

Updated packages

MES5 i586

 2a6deb52a907ef25643d0bc49d0829aa  mes5/i586/apache-base-2.2.23-0.1mdvmes5.2.i586.rpm
 cf6c25930c89694dbc23771030bed22b  mes5/i586/apache-conf-2.2.23-0.1mdvmes5.2.i586.rpm
 5853c6245a92e6a9f50d5ed8ea1f0873  mes5/i586/apache-devel-2.2.23-0.1mdvmes5.2.i586.rpm
 96b6bc8398fd9bfe2216a3d34d3efa37  mes5/i586/apache-doc-2.2.23-0.1mdvmes5.2.i586.rpm
 4dd0e9f2f8bd5418bb780c33e4030a81  mes5/i586/apache-htcacheclean-2.2.23-0.1mdvmes5.2.i586.rpm
 d8537cdd24e5cd259e6cb821e7d78b75  mes5/i586/apache-mod_authn_dbd-2.2.23-0.1mdvmes5.2.i586.rpm
 33f926c8833af125afbe89679640e84b  mes5/i586/apache-mod_cache-2.2.23-0.1mdvmes5.2.i586.rpm
 763647d82824dc5b71a1296830cb04d9  mes5/i586/apache-mod_dav-2.2.23-0.1mdvmes5.2.i586.rpm
 891dba584907e14fa965362bbe1e9df3  mes5/i586/apache-mod_dbd-2.2.23-0.1mdvmes5.2.i586.rpm
 5778eaef034bb73259bd11d78a3f0474  mes5/i586/apache-mod_deflate-2.2.23-0.1mdvmes5.2.i586.rpm
 fa4186b16baa4f528b84af1c1bef6c4d  mes5/i586/apache-mod_disk_cache-2.2.23-0.1mdvmes5.2.i586.rpm
 05459bbd61b32f06d05082ad6e109a07  mes5/i586/apache-mod_file_cache-2.2.23-0.1mdvmes5.2.i586.rpm
 d729802408335fbed5db1553e2a3bef0  mes5/i586/apache-mod_ldap-2.2.23-0.1mdvmes5.2.i586.rpm
 a1877e86f5fb446a8adb1c0778bb7ecf  mes5/i586/apache-mod_mem_cache-2.2.23-0.1mdvmes5.2.i586.rpm
 01ab1dbeb1177af0950a1da7fa70b470  mes5/i586/apache-mod_proxy-2.2.23-0.1mdvmes5.2.i586.rpm
 423dadd5f7c9ba6a7da8037ad54c2cde  mes5/i586/apache-mod_proxy_ajp-2.2.23-0.1mdvmes5.2.i586.rpm
 9c7af6f3f19b1e1697584e692808e86a  mes5/i586/apache-mod_proxy_scgi-2.2.23-0.1mdvmes5.2.i586.rpm
 8e816b0eeb136e6acfa24f27b4ad903c  mes5/i586/apache-mod_reqtimeout-2.2.23-0.1mdvmes5.2.i586.rpm
 8000c240a4c0f761017cda0c249282a1  mes5/i586/apache-mod_ssl-2.2.23-0.1mdvmes5.2.i586.rpm
 f3a62ecede37f013b2ddaf0b32a77ddb  mes5/i586/apache-mod_suexec-2.2.23-0.1mdvmes5.2.i586.rpm
 385ca21f2966e8b64c4dd0541996c21d  mes5/i586/apache-modules-2.2.23-0.1mdvmes5.2.i586.rpm
 a7205d395f2c231acee8c73d8a383dab  mes5/i586/apache-mod_userdir-2.2.23-0.1mdvmes5.2.i586.rpm
 502eae665036c3973f69f986ce420c07  mes5/i586/apache-mpm-event-2.2.23-0.1mdvmes5.2.i586.rpm
 aebac24b0d8a7e24ec4e70b51359db68  mes5/i586/apache-mpm-itk-2.2.23-0.1mdvmes5.2.i586.rpm
 5733be6c3a6c9efd63d4439854f55a37  mes5/i586/apache-mpm-peruser-2.2.23-0.1mdvmes5.2.i586.rpm
 9c9f7e40e1903040088a1c35835a3c43  mes5/i586/apache-mpm-prefork-2.2.23-0.1mdvmes5.2.i586.rpm
 06aaffabfbfda5f6d4f54f8bb58cf810  mes5/i586/apache-mpm-worker-2.2.23-0.1mdvmes5.2.i586.rpm
 026532e051d72c31f3078d32249a392f  mes5/i586/apache-source-2.2.23-0.1mdvmes5.2.i586.rpm 
 4682ce2fda81a55007d13c70bb2376f1  mes5/SRPMS/apache-2.2.23-0.1mdvmes5.2.src.rpm
 45468b04e766eb6b59356395fd75cfd0  mes5/SRPMS/apache-conf-2.2.23-0.1mdvmes5.2.src.rpm
 9680fd9ea4808d5939cd8fa00ef618b5  mes5/SRPMS/apache-mod_suexec-2.2.23-0.1mdvmes5.2.src.rpm

MES5 x86_64

 edb7104f5e0e69ba1b16155f56cdaf78  mes5/x86_64/apache-base-2.2.23-0.1mdvmes5.2.x86_64.rpm
 0c8520eb535312e29fb685d84ac94431  mes5/x86_64/apache-conf-2.2.23-0.1mdvmes5.2.x86_64.rpm
 3dc668b4f677ba4c6d11272cdd46d74a  mes5/x86_64/apache-devel-2.2.23-0.1mdvmes5.2.x86_64.rpm
 665467a06653cd4690d9674407c47183  mes5/x86_64/apache-doc-2.2.23-0.1mdvmes5.2.x86_64.rpm
 be95023bf533bba0245d6115aa0d3a21  mes5/x86_64/apache-htcacheclean-2.2.23-0.1mdvmes5.2.x86_64.rpm
 8d55fbc21e43d404a95fdabbc4b5c8da  mes5/x86_64/apache-mod_authn_dbd-2.2.23-0.1mdvmes5.2.x86_64.rpm
 bea7f4a121b78a159a5f7eb782593b2c  mes5/x86_64/apache-mod_cache-2.2.23-0.1mdvmes5.2.x86_64.rpm
 386d2c7ffb035cd282315dd4fbfd71d3  mes5/x86_64/apache-mod_dav-2.2.23-0.1mdvmes5.2.x86_64.rpm
 568303f666e0ec8755b2eb386aaf54ad  mes5/x86_64/apache-mod_dbd-2.2.23-0.1mdvmes5.2.x86_64.rpm
 2df5ec32ada4acb3f7fff12f151bc1a1  mes5/x86_64/apache-mod_deflate-2.2.23-0.1mdvmes5.2.x86_64.rpm
 ec4ad6d0f722e225ad2551cbdbcfcc4f  mes5/x86_64/apache-mod_disk_cache-2.2.23-0.1mdvmes5.2.x86_64.rpm
 be2fbe50607b150d8847b84df1ebe8e0  mes5/x86_64/apache-mod_file_cache-2.2.23-0.1mdvmes5.2.x86_64.rpm
 6e63be0d6867d49e578da8cc3923598c  mes5/x86_64/apache-mod_ldap-2.2.23-0.1mdvmes5.2.x86_64.rpm
 a96853ec44db86b46ef626a9b1b6bc52  mes5/x86_64/apache-mod_mem_cache-2.2.23-0.1mdvmes5.2.x86_64.rpm
 ff96dc83bea37765fcf010e6acc38561  mes5/x86_64/apache-mod_proxy-2.2.23-0.1mdvmes5.2.x86_64.rpm
 4dccdde9516d099ff6d7d47611c509a2  mes5/x86_64/apache-mod_proxy_ajp-2.2.23-0.1mdvmes5.2.x86_64.rpm
 04a4ec93d067626f75d9372e6355f0a2  mes5/x86_64/apache-mod_proxy_scgi-2.2.23-0.1mdvmes5.2.x86_64.rpm
 4b66f4a23616a24728e78f5de7ff611b  mes5/x86_64/apache-mod_reqtimeout-2.2.23-0.1mdvmes5.2.x86_64.rpm
 d1936911f3666dae08a7246047720c58  mes5/x86_64/apache-mod_ssl-2.2.23-0.1mdvmes5.2.x86_64.rpm
 12e673bf6b9cf5c3bb8d169bcb1d592a  mes5/x86_64/apache-mod_suexec-2.2.23-0.1mdvmes5.2.x86_64.rpm
 9c1f3daa78a7c16aef87996e7adb2f7d  mes5/x86_64/apache-modules-2.2.23-0.1mdvmes5.2.x86_64.rpm
 2e765c5007b9ae87d52fd54adccc02bf  mes5/x86_64/apache-mod_userdir-2.2.23-0.1mdvmes5.2.x86_64.rpm
 df910acc362dd1d19d684041a3ad3f0d  mes5/x86_64/apache-mpm-event-2.2.23-0.1mdvmes5.2.x86_64.rpm
 0a451c5cc78971ff3a8a7e7c124384b9  mes5/x86_64/apache-mpm-itk-2.2.23-0.1mdvmes5.2.x86_64.rpm
 da8a8853e3c43ba0429bce6965826505  mes5/x86_64/apache-mpm-peruser-2.2.23-0.1mdvmes5.2.x86_64.rpm
 f143a74d64b59f0e60a025ef56caebc9  mes5/x86_64/apache-mpm-prefork-2.2.23-0.1mdvmes5.2.x86_64.rpm
 536ab2c713bd7dbf8ab1a8fd839fe12d  mes5/x86_64/apache-mpm-worker-2.2.23-0.1mdvmes5.2.x86_64.rpm
 77e1637d806dbc6d06501bc4c98f1ae4  mes5/x86_64/apache-source-2.2.23-0.1mdvmes5.2.x86_64.rpm 
 4682ce2fda81a55007d13c70bb2376f1  mes5/SRPMS/apache-2.2.23-0.1mdvmes5.2.src.rpm
 45468b04e766eb6b59356395fd75cfd0  mes5/SRPMS/apache-conf-2.2.23-0.1mdvmes5.2.src.rpm
 9680fd9ea4808d5939cd8fa00ef618b5  mes5/SRPMS/apache-mod_suexec-2.2.23-0.1mdvmes5.2.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
• http://httpd.apache.org/security/vulnerabilities_22.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
• http://www.apache.org/dist/httpd/CHANGES_2.2.23