Support / Sécurité / Annonces de sécurité / Multi Network Firewall 2.0 / MDVSA-2008:194

Nom du paquet: apache2
Date: 2008-09-13
Advisory ID: MDVSA-2008:194
Affected versions: CS3.0 i586 , MNF2.0 i586 , CS3.0 x86_64

Problem description

A cross-site scripting vulnerability was found in the mod_proxy_ftp
module in Apache that allowed remote attackers to inject arbitrary
web script or HTML via wildcards in a pathname in an FTP URI
(CVE-2008-2939).

The updated packages have been patched to prevent these issues.

Updated packages

CS3.0 i586

 cb99d8d30c755c2263624e64a238c97b  corporate/3.0/i586/apache2-2.0.48-6.18.C30mdk.i586.rpm
 0a6626ff589e99899aea1cb6ba2bb568  corporate/3.0/i586/apache2-common-2.0.48-6.18.C30mdk.i586.rpm
 e1a2c5e55038bb1aacf3cef6bbb8fab0  corporate/3.0/i586/apache2-devel-2.0.48-6.18.C30mdk.i586.rpm
 b2d0e0bc451473385825fc2388026ae4  corporate/3.0/i586/apache2-manual-2.0.48-6.18.C30mdk.i586.rpm
 d78741b6fcab8f07976960b105e02bfe  corporate/3.0/i586/apache2-mod_cache-2.0.48-6.18.C30mdk.i586.rpm
 290b0f2bca9765f895cdb3a876b122eb  corporate/3.0/i586/apache2-mod_dav-2.0.48-6.18.C30mdk.i586.rpm
 62565a3e6a93e65aad4d51806a457ed0  corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.18.C30mdk.i586.rpm
 e33734d21a417e096b80134a228a8907  corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.i586.rpm
 14841928e53e8f2133d26707f073cf5a  corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.18.C30mdk.i586.rpm
 695859dc62af2282917471ba5564efd5  corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.18.C30mdk.i586.rpm
 8e0f0388b7e995a622b0b1c055d20167  corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.i586.rpm
 f798de71bbc16988699156be21fb22cc  corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.18.C30mdk.i586.rpm
 90d80910a1dad80b21f76234983c4648  corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.18.C30mdk.i586.rpm
 b294270cd780a9908db877daeaab7fd0  corporate/3.0/i586/apache2-modules-2.0.48-6.18.C30mdk.i586.rpm
 16f0e826993f524fb0e14744513cd6bd  corporate/3.0/i586/apache2-source-2.0.48-6.18.C30mdk.i586.rpm
 7d2e73a5d629b9c8ca467303dc35c041  corporate/3.0/i586/libapr0-2.0.48-6.18.C30mdk.i586.rpm 
 0e474bcf2388dfa4e9b8eec44af8613a  corporate/3.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm

MNF2.0 i586

 0767fe397bd9e35301bbb89c38f670ce  mnf/2.0/i586/apache2-2.0.48-6.18.C30mdk.i586.rpm
 738b0e7514d1e69cc01bc4ebfc191b6f  mnf/2.0/i586/apache2-common-2.0.48-6.18.C30mdk.i586.rpm
 ddff71afd9d60987ec952f411c017a3a  mnf/2.0/i586/apache2-devel-2.0.48-6.18.C30mdk.i586.rpm
 2d22c245ef43e13e7fdc62e91a43dc6c  mnf/2.0/i586/apache2-manual-2.0.48-6.18.C30mdk.i586.rpm
 0d2484f67a8524c40ce8c747bf5902db  mnf/2.0/i586/apache2-mod_cache-2.0.48-6.18.C30mdk.i586.rpm
 c355dabc05d922129aa7af76fc6fa350  mnf/2.0/i586/apache2-mod_dav-2.0.48-6.18.C30mdk.i586.rpm
 624a8f0e66f8536c31d1dda8e48bc790  mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.18.C30mdk.i586.rpm
 8e8e3da47f17ead30794a37b64e0018a  mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.i586.rpm
 66c58438edb5928ce3cddcab4f870fdd  mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.18.C30mdk.i586.rpm
 1c3738bd489905b7e9cea22af4693ab9  mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.18.C30mdk.i586.rpm
 7d49a07cfa1f06297e64fd60e640c3af  mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.i586.rpm
 4d4123c3751e6ad0a87b9a7e4683b34e  mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.18.C30mdk.i586.rpm
 740418f2f1a03bb5588603a2fb3f72db  mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.18.C30mdk.i586.rpm
 33cd3e8bdab33eeb9a8bc1d5dcf87831  mnf/2.0/i586/apache2-modules-2.0.48-6.18.C30mdk.i586.rpm
 adad509aeb921896619eff3208e62ca8  mnf/2.0/i586/apache2-source-2.0.48-6.18.C30mdk.i586.rpm
 a9703ad89a3b53677ccc2c4f90aae9bf  mnf/2.0/i586/libapr0-2.0.48-6.18.C30mdk.i586.rpm 
 3e93f31336660bfc08664cb01436559d  mnf/2.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm

CS3.0 x86_64

 839d73dc124b3effbc26badb04390bd5  corporate/3.0/x86_64/apache2-2.0.48-6.18.C30mdk.x86_64.rpm
 b68fc8aad0b43452f922833f0195b080  corporate/3.0/x86_64/apache2-common-2.0.48-6.18.C30mdk.x86_64.rpm
 74a1af859a3251b4c3a2922367516c1f  corporate/3.0/x86_64/apache2-devel-2.0.48-6.18.C30mdk.x86_64.rpm
 4e15a214cfc255906f417af5d51f269a  corporate/3.0/x86_64/apache2-manual-2.0.48-6.18.C30mdk.x86_64.rpm
 0fe9472b70e6dd39fc737f88d887fe00  corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.18.C30mdk.x86_64.rpm
 24517b150a1de83c3b83166a1956c7ab  corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.18.C30mdk.x86_64.rpm
 a6e7688aa8659163a7931a85fc431cdf  corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.18.C30mdk.x86_64.rpm
 85bd4c5ecce52d0de6a36dd8614c4f26  corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.18.C30mdk.x86_64.rpm
 b642855a2edf425463a70cfc5c529114  corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.18.C30mdk.x86_64.rpm
 5efb348be022e755dc3b96c35e918b7d  corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.18.C30mdk.x86_64.rpm
 def1cb6a2ee3f4341dd39fd1d007f882  corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.18.C30mdk.x86_64.rpm
 fcfd2805b8db60cb457b3c895777a916  corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.18.C30mdk.x86_64.rpm
 073d91c0d9777658e962014440701ef6  corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.18.C30mdk.x86_64.rpm
 ee0bf865aee32c3b1f8eff7d0096e475  corporate/3.0/x86_64/apache2-modules-2.0.48-6.18.C30mdk.x86_64.rpm
 6733a938a7d2db502fc06db65743ddc3  corporate/3.0/x86_64/apache2-source-2.0.48-6.18.C30mdk.x86_64.rpm
 2b7d2fb2c34fefafff86bde620eca69d  corporate/3.0/x86_64/lib64apr0-2.0.48-6.18.C30mdk.x86_64.rpm 
 0e474bcf2388dfa4e9b8eec44af8613a  corporate/3.0/SRPMS/apache2-2.0.48-6.18.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939