MDKSA-2005:129

Nom du paquet

apache2

Date

2005-08-03

Advisory ID

MDKSA-2005:129

Affected versions

MNF2.0 i586 , 10.2 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.1 x86_64

Problem description

Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback which can only be exploited if the Apache server is configured to use a malicious certificate revocation list (CAN-2005-1268). Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a "Content-Length" header which would cause Apache to incorrectly handle and forward the body of the request in a way that the receiving server processed it as a separate HTTP request. This could be used to allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks (CAN-2005-2088). The updated packages have been patched to prevent these issues.

Updated packages

MNF2.0 i586

 1a18dfe450b2f222bd303d699f9d6ad2  mnf/2.0/RPMS/apache2-2.0.48-6.9.M20mdk.i586.rpm
501464d0d433addc3bb4f40184c3c087  mnf/2.0/RPMS/apache2-common-2.0.48-6.9.M20mdk.i586.rpm
88d2c5d67cc53bce6681e6c155c97a04  mnf/2.0/RPMS/apache2-mod_cache-2.0.48-6.9.M20mdk.i586.rpm
59c231b8ca8fa4ac0e231e1cb0ab581d  mnf/2.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.M20mdk.i586.rpm
30df96dcea309c22fa35501455692dc5  mnf/2.0/RPMS/apache2-mod_proxy-2.0.48-6.9.M20mdk.i586.rpm
82ca0e9319ef4ce1c0e4035affbc3f77  mnf/2.0/RPMS/apache2-mod_ssl-2.0.48-6.9.M20mdk.i586.rpm
69a57868e0bb930aa1f80a2a52ce66ed  mnf/2.0/RPMS/apache2-modules-2.0.48-6.9.M20mdk.i586.rpm
d68d321fa52e1fda5740130d1bc73821  mnf/2.0/RPMS/libapr0-2.0.48-6.9.M20mdk.i586.rpm
e23874e9cec97aa3f720d00fe9694619  mnf/2.0/SRPMS/apache2-2.0.48-6.9.M20mdk.src.rpm

10.2 x86_64

 e9af8fb208bd208b7ffa481643b8469b  x86_64/10.2/RPMS/apache2-2.0.53-9.1.102mdk.x86_64.rpm
2cd3a72352db34a00186618d3f81b426  x86_64/10.2/RPMS/apache2-common-2.0.53-9.1.102mdk.x86_64.rpm
44bfc9125cf981b85c58b4d7550444a7  x86_64/10.2/RPMS/apache2-devel-2.0.53-9.1.102mdk.x86_64.rpm
3a5dcbd5883c8fd8b82fc29511ab49a4  x86_64/10.2/RPMS/apache2-manual-2.0.53-9.1.102mdk.x86_64.rpm
966050237bfa99fb5b12c219c2c92828  x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.1.102mdk.x86_64.rpm
c5b4cd5f4b13fa715f864b16fe93aa57  x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.1.102mdk.x86_64.rpm
951c80d965d5d726c24c25dc1a8a16df  x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.1.102mdk.x86_64.rpm
70e59f70873401e6f6860037b7e4aed3  x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.1.102mdk.x86_64.rpm
2c908e5104d4b82e0f022f4ac626b4f2  x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.1.102mdk.x86_64.rpm
21433e67d76597d40f861ccb4cbfe87a  x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.1.102mdk.x86_64.rpm
0d0eb089f16df8bdae792a07afe14bcf  x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.1.102mdk.x86_64.rpm
cdf79606f5a389626a617bb3c686da33  x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.1.102mdk.x86_64.rpm
b4773216a19e79e54784f9e9ff096ddf  x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.x86_64.rpm
7182963429a49b17c5bea219b04a2206  x86_64/10.2/RPMS/apache2-modules-2.0.53-9.1.102mdk.x86_64.rpm
26c382f742185b98696043ef49477527  x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.1.102mdk.x86_64.rpm
0a075ac9d255c6973696fbd8235b59a8  x86_64/10.2/RPMS/apache2-source-2.0.53-9.1.102mdk.x86_64.rpm
095fef6176f224c42145827b344946f2  x86_64/10.2/RPMS/apache2-worker-2.0.53-9.1.102mdk.x86_64.rpm
2b0c98cc0b33008809b0598548449765  x86_64/10.2/SRPMS/apache2-2.0.53-9.1.102mdk.src.rpm
d661143590371366ed74be65d5e425ad  x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.src.rpm

10.0 amd64

 bc016b31f98ec4e7bbf34f4d987bf294  amd64/10.0/RPMS/apache2-2.0.48-6.9.100mdk.amd64.rpm
793330fe7dde37952ec192cec49839a5  amd64/10.0/RPMS/apache2-common-2.0.48-6.9.100mdk.amd64.rpm
85cb508e4d82f86ce27f227e84348266  amd64/10.0/RPMS/apache2-devel-2.0.48-6.9.100mdk.amd64.rpm
a182c95d9e95707da1de2556107f3669  amd64/10.0/RPMS/apache2-manual-2.0.48-6.9.100mdk.amd64.rpm
1e6bdb5e7bcbcfa148146e7318600519  amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.9.100mdk.amd64.rpm
bfe3085c937a747721b53c19502bafa2  amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.9.100mdk.amd64.rpm
68e8b111eefe41bbeec6d34ffe00c826  amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.9.100mdk.amd64.rpm
2e1115aec2cea497b5871f0c632b7486  amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.100mdk.amd64.rpm
4734d75962c456ceceaecc591aaa2ba7  amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.9.100mdk.amd64.rpm
4d71b5036171d773f71618290496de05  amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.9.100mdk.amd64.rpm
5e8263605352c365a5b533cea2af6482  amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.9.100mdk.amd64.rpm
a1d4b30b9007d8ce6d3f14827f71105c  amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.9.100mdk.amd64.rpm
c2a0cbf927cad0737273fc5c7376ae1f  amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.9.100mdk.amd64.rpm
b25727c42f74d12f51016f2dbbc2877a  amd64/10.0/RPMS/apache2-modules-2.0.48-6.9.100mdk.amd64.rpm
8488740c4bbf88228c94c85c69a179ff  amd64/10.0/RPMS/apache2-source-2.0.48-6.9.100mdk.amd64.rpm
b6c8158c5f99c5700b351579749f5ed1  amd64/10.0/RPMS/lib64apr0-2.0.48-6.9.100mdk.amd64.rpm
fde6b2d1a9fea0cb99d965b1cc431de6  amd64/10.0/SRPMS/apache2-2.0.48-6.9.100mdk.src.rpm

10.2 i586

 1ca2ae50d22638a31c8af6c734a10708  10.2/RPMS/apache2-2.0.53-9.1.102mdk.i586.rpm
cb37acc10b2cb54fd1c130eb9bc1c91b  10.2/RPMS/apache2-common-2.0.53-9.1.102mdk.i586.rpm
81f76caa697c70bd1664f6b8d2240b48  10.2/RPMS/apache2-devel-2.0.53-9.1.102mdk.i586.rpm
187ef5bee839462b228c27b0e3030bc1  10.2/RPMS/apache2-manual-2.0.53-9.1.102mdk.i586.rpm
341212271ce65e34e45c6387cc8db140  10.2/RPMS/apache2-mod_cache-2.0.53-9.1.102mdk.i586.rpm
80481386b09d14db6bc003fe63478d7b  10.2/RPMS/apache2-mod_dav-2.0.53-9.1.102mdk.i586.rpm
35f7d8092a015ede56dc839e959b1b48  10.2/RPMS/apache2-mod_deflate-2.0.53-9.1.102mdk.i586.rpm
5def4e1615db9c737bf2e0ddb3006e86  10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.1.102mdk.i586.rpm
f583040aef7deaa580ab9ba62073d2bf  10.2/RPMS/apache2-mod_file_cache-2.0.53-9.1.102mdk.i586.rpm
6f1e9594d1505ab09306a4c62f954465  10.2/RPMS/apache2-mod_ldap-2.0.53-9.1.102mdk.i586.rpm
05b9a88df5ea49d99d39afca7406424f  10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.1.102mdk.i586.rpm
93aefd71936b00b41b12ef94b2ce2846  10.2/RPMS/apache2-mod_proxy-2.0.53-9.1.102mdk.i586.rpm
ed2df774035eb0dbe59068072aeeec79  10.2/RPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.i586.rpm
7ee623fb31b7f376b39975dfee0f31c0  10.2/RPMS/apache2-modules-2.0.53-9.1.102mdk.i586.rpm
59051fb0fe21645879fe0281e91db3e8  10.2/RPMS/apache2-peruser-2.0.53-9.1.102mdk.i586.rpm
ad69e3d21133523c91636385000d3bda  10.2/RPMS/apache2-source-2.0.53-9.1.102mdk.i586.rpm
a54b95b2c62f2fd8027576b26cf37c18  10.2/RPMS/apache2-worker-2.0.53-9.1.102mdk.i586.rpm
2b0c98cc0b33008809b0598548449765  10.2/SRPMS/apache2-2.0.53-9.1.102mdk.src.rpm
d661143590371366ed74be65d5e425ad  10.2/SRPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.src.rpm

10.1 i586

 dfc22a83dc0fa3954130396056b3fcb4  10.1/RPMS/apache2-2.0.50-7.3.101mdk.i586.rpm
5a957baf5d3b3a4e23c9f753209a7cb8  10.1/RPMS/apache2-common-2.0.50-7.3.101mdk.i586.rpm
bbb22f539624def5a6834b3a2f41f151  10.1/RPMS/apache2-devel-2.0.50-7.3.101mdk.i586.rpm
1f8f5bd9629ef5b1007239d264e0163b  10.1/RPMS/apache2-manual-2.0.50-7.3.101mdk.i586.rpm
3e3d9a633fc64249a6c2ffc4a34312bd  10.1/RPMS/apache2-mod_cache-2.0.50-7.3.101mdk.i586.rpm
7b4c85871bd02ca5a16285adb4b6b0e1  10.1/RPMS/apache2-mod_dav-2.0.50-7.3.101mdk.i586.rpm
e9099625fdd18a375a2a5dfb50466a34  10.1/RPMS/apache2-mod_deflate-2.0.50-7.3.101mdk.i586.rpm
a01faaa30912a50b8b05578bd09906db  10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.3.101mdk.i586.rpm
e0afe6bcc497bc7675ca19e302edee54  10.1/RPMS/apache2-mod_file_cache-2.0.50-7.3.101mdk.i586.rpm
d7625aae3dd70d31a4e018c47d8c752a  10.1/RPMS/apache2-mod_ldap-2.0.50-7.3.101mdk.i586.rpm
2875579dbbb6fb2275888eb82edd2405  10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.3.101mdk.i586.rpm
1038eaae39e9bf271c5e291cf2f1e9c2  10.1/RPMS/apache2-mod_proxy-2.0.50-7.3.101mdk.i586.rpm
1180740c23a017aa18657b84ecbf3185  10.1/RPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.i586.rpm
af7be1db9940b8a9cf6227365bfe4953  10.1/RPMS/apache2-modules-2.0.50-7.3.101mdk.i586.rpm
de97b3d4332e1971d0a53f4556a56106  10.1/RPMS/apache2-source-2.0.50-7.3.101mdk.i586.rpm
7478ba1527f37f5d0d45b09c6c956892  10.1/RPMS/apache2-worker-2.0.50-7.3.101mdk.i586.rpm
7dfb5acdff36dbba754f553d52ad7fd0  10.1/SRPMS/apache2-2.0.50-7.3.101mdk.src.rpm
59099063cd9ce08dd4919047a3fabbea  10.1/SRPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.src.rpm

10.0 i586

 db011ebbe2f6af2c15d5cc00a7ec57db  10.0/RPMS/apache2-2.0.48-6.9.100mdk.i586.rpm
56be5a7ebf1a857fc850f12b8a966804  10.0/RPMS/apache2-common-2.0.48-6.9.100mdk.i586.rpm
2a2a7659e74ca24b671e253e0b0a6739  10.0/RPMS/apache2-devel-2.0.48-6.9.100mdk.i586.rpm
c275c2858a0cd53d869bbebefcf9aadc  10.0/RPMS/apache2-manual-2.0.48-6.9.100mdk.i586.rpm
f1556470e4d676ae449890f748bb14d1  10.0/RPMS/apache2-mod_cache-2.0.48-6.9.100mdk.i586.rpm
bd167f7e3d977275342cef51e91c2120  10.0/RPMS/apache2-mod_dav-2.0.48-6.9.100mdk.i586.rpm
ce097a184f899faca51cccbc92c7a5cd  10.0/RPMS/apache2-mod_deflate-2.0.48-6.9.100mdk.i586.rpm
2e5f211efdfa2e5d2d284742f936e074  10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.100mdk.i586.rpm
31303fa7f3cc1fd1c62263180c78a2e2  10.0/RPMS/apache2-mod_file_cache-2.0.48-6.9.100mdk.i586.rpm
b3038c4dee15fca38447895df92d21ec  10.0/RPMS/apache2-mod_ldap-2.0.48-6.9.100mdk.i586.rpm
d2660486ae85e3d4b6891c1f90684191  10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.9.100mdk.i586.rpm
5922750acc8dae9b452ed022eeb4506d  10.0/RPMS/apache2-mod_proxy-2.0.48-6.9.100mdk.i586.rpm
1d8df60bf49e3347f0f902b17e8b4537  10.0/RPMS/apache2-mod_ssl-2.0.48-6.9.100mdk.i586.rpm
1641514604f52069ccc72210e160202f  10.0/RPMS/apache2-modules-2.0.48-6.9.100mdk.i586.rpm
6fa60c33625eb3b6ab78e3aef64b3402  10.0/RPMS/apache2-source-2.0.48-6.9.100mdk.i586.rpm
e876c2150532f8516941fedad3d5f880  10.0/RPMS/libapr0-2.0.48-6.9.100mdk.i586.rpm
fde6b2d1a9fea0cb99d965b1cc431de6  10.0/SRPMS/apache2-2.0.48-6.9.100mdk.src.rpm

CS3.0 x86_64

 ecb414e090a0f9fa94286960b5802a18  x86_64/corporate/3.0/RPMS/apache2-2.0.48-6.9.C30mdk.x86_64.rpm
af212e22e9fd393fc20a571ce7b5ef0a  x86_64/corporate/3.0/RPMS/apache2-common-2.0.48-6.9.C30mdk.x86_64.rpm
dc68ff259e52b77291649ab877a4e8ca  x86_64/corporate/3.0/RPMS/apache2-manual-2.0.48-6.9.C30mdk.x86_64.rpm
adc6238e04c25e2cacd27970c0c2127b  x86_64/corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.9.C30mdk.x86_64.rpm
9487b688732a0da0ccef34527dac2b99  x86_64/corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.9.C30mdk.x86_64.rpm
59f097e6e3f07b4ab9d98d8399da2a11  x86_64/corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.C30mdk.x86_64.rpm
e2be8dce1adfb811af8a84595c5ab383  x86_64/corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.9.C30mdk.x86_64.rpm
bfba74b829509c6031e5ba0bae21ebd7  x86_64/corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.9.C30mdk.x86_64.rpm
5bf5d2e8968de23e9d80d187210ee1ba  x86_64/corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.9.C30mdk.x86_64.rpm
c33572e8d8a3468531ee59f6e37e0f4f  x86_64/corporate/3.0/RPMS/apache2-modules-2.0.48-6.9.C30mdk.x86_64.rpm
c9e65871380ca2fd72be75f532081bad  x86_64/corporate/3.0/RPMS/lib64apr0-2.0.48-6.9.C30mdk.x86_64.rpm
49e85703438cbe2e91a6c9cdf114b68c  x86_64/corporate/3.0/SRPMS/apache2-2.0.48-6.9.C30mdk.src.rpm

CS3.0 i586

 1c89b3ad77c737313acb5f1d5f48129b  corporate/3.0/RPMS/apache2-2.0.48-6.9.C30mdk.i586.rpm
35e9f3b14c4de61538770009015a9554  corporate/3.0/RPMS/apache2-common-2.0.48-6.9.C30mdk.i586.rpm
55c0c1c976e29e79b44df58de2fea4ab  corporate/3.0/RPMS/apache2-manual-2.0.48-6.9.C30mdk.i586.rpm
e65aa8841fc1a7bc3146c7370ca55e5b  corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.9.C30mdk.i586.rpm
b6b5d352206a7643688e64d6a72219da  corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.9.C30mdk.i586.rpm
2b281f5ab46acca21ead65966e46fbc4  corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.C30mdk.i586.rpm
715c79fd4f46883621a099c4124a8f68  corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.9.C30mdk.i586.rpm
64eca9c3242e64a98bbd7d0f20eb9ce0  corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.9.C30mdk.i586.rpm
589a154565d218cfaecb31992df1516e  corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.9.C30mdk.i586.rpm
5ee73292109ad86649cd7345de4a895d  corporate/3.0/RPMS/apache2-modules-2.0.48-6.9.C30mdk.i586.rpm
19dca123d4f2680b42972c438d57c6c5  corporate/3.0/RPMS/libapr0-2.0.48-6.9.C30mdk.i586.rpm
49e85703438cbe2e91a6c9cdf114b68c  corporate/3.0/SRPMS/apache2-2.0.48-6.9.C30mdk.src.rpm

10.1 x86_64

 9b123ac403579bddd160c2e004e4474a  x86_64/10.1/RPMS/apache2-2.0.50-7.3.101mdk.x86_64.rpm
d177b0a39048150fdcbe1c76ca06b76c  x86_64/10.1/RPMS/apache2-common-2.0.50-7.3.101mdk.x86_64.rpm
f0543159b56b949cefda9d371953710b  x86_64/10.1/RPMS/apache2-devel-2.0.50-7.3.101mdk.x86_64.rpm
e5cd3e4d5783c9d9c8bc6e3507cbcf55  x86_64/10.1/RPMS/apache2-manual-2.0.50-7.3.101mdk.x86_64.rpm
28cb57e08c8507632f33fb4f93bff147  x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.3.101mdk.x86_64.rpm
10a1467eb3467f24d47c418fa474e354  x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.3.101mdk.x86_64.rpm
2231db9e54fd0751c9535f65d92b8204  x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.3.101mdk.x86_64.rpm
dd8055fed5ab3a973b7564bbda69b85b  x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.3.101mdk.x86_64.rpm
99420a62c756726d1f2943dc114e2252  x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.3.101mdk.x86_64.rpm
7f6b63a9aae218b5facac164cfc373df  x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.3.101mdk.x86_64.rpm
f2c31e3c06f1a724452a312638e289e9  x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.3.101mdk.x86_64.rpm
65ca005aa9da5ca0217bab1ab160e3f0  x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.3.101mdk.x86_64.rpm
5e628b11db17519443b99ffbf9ee15d1  x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.x86_64.rpm
87e0dcda381114284edcde89abad618b  x86_64/10.1/RPMS/apache2-modules-2.0.50-7.3.101mdk.x86_64.rpm
c9129e8f3250b988a54f12422ae8b19e  x86_64/10.1/RPMS/apache2-source-2.0.50-7.3.101mdk.x86_64.rpm
767b15ae30336bfd2234c1321f6f66d2  x86_64/10.1/RPMS/apache2-worker-2.0.50-7.3.101mdk.x86_64.rpm
7dfb5acdff36dbba754f553d52ad7fd0  x86_64/10.1/SRPMS/apache2-2.0.50-7.3.101mdk.src.rpm
59099063cd9ce08dd4919047a3fabbea  x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088