Package name
apache2
Date
2005-09-08
Advisory ID
MDKSA-2005:161
Affected versions
MNF2.0 i586 , 10.2 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.1 x86_64

Problem description

A flaw was discovered in mod_ssl's handling of the "SSLVerifyClient" directive. This flaw occurs if a virtual host is configured using "SSLVerifyClient optional" and a directive "SSLVerifyClient required" is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. (CAN-2005-2700) A flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service. (CAN-2005-2728) The updated packages have been patched to address these issues.

Updated packages

MNF2.0 i586

 ccade36dd4e32cfdea5aef5aabd9445d  mnf/2.0/RPMS/apache2-2.0.48-6.11.M20mdk.i586.rpm
c783539dc24d982c08475aaa3ce9a87b  mnf/2.0/RPMS/apache2-common-2.0.48-6.11.M20mdk.i586.rpm
062c695c4da5ba755e011b2aefe0f713  mnf/2.0/RPMS/apache2-mod_cache-2.0.48-6.11.M20mdk.i586.rpm
3bd4e212dde1b64cdc56c28ed04874b6  mnf/2.0/RPMS/apache2-mod_proxy-2.0.48-6.11.M20mdk.i586.rpm
8cd23bc9fa7986d2863cf8340b0ef260  mnf/2.0/RPMS/apache2-mod_ssl-2.0.48-6.11.M20mdk.i586.rpm
337ae7000dd56f6c0484ce0b23ae2fa6  mnf/2.0/RPMS/apache2-modules-2.0.48-6.11.M20mdk.i586.rpm
2925793c7118e7a223b30e0b070fbfa4  mnf/2.0/RPMS/libapr0-2.0.48-6.11.M20mdk.i586.rpm
b49bc4fa15deb0acd5d7365ce85c077b  mnf/2.0/SRPMS/apache2-2.0.48-6.11.M20mdk.src.rpm

10.2 x86_64

 2da8a90a9b91e7428f87682ea11c18f0  x86_64/10.2/RPMS/apache2-2.0.53-9.2.102mdk.x86_64.rpm
e6242e8e02054a42492a981c11ac0c75  x86_64/10.2/RPMS/apache2-common-2.0.53-9.2.102mdk.x86_64.rpm
f6588bf6413735ead6f1f711fc8fa5ef  x86_64/10.2/RPMS/apache2-devel-2.0.53-9.2.102mdk.x86_64.rpm
6cdd4bde0e62373d0348b998b485a7c9  x86_64/10.2/RPMS/apache2-manual-2.0.53-9.2.102mdk.x86_64.rpm
bb1a0816904d1676b7607412fd1e8f96  x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.2.102mdk.x86_64.rpm
bc363f2c9b88261a3c5b02c15d0602a5  x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.2.102mdk.x86_64.rpm
4c7b1e938461c2919637fab4a56c1385  x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.2.102mdk.x86_64.rpm
8c4c5dace9c2c938a42cb6b9e6b5632f  x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.2.102mdk.x86_64.rpm
5a80b6838b2c801b2542aaacf2530767  x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.2.102mdk.x86_64.rpm
b7d2919c2c7aae6af042ee49f5cf02e6  x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.2.102mdk.x86_64.rpm
607abd1359be2164b57e4b9c69f8cc4f  x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.2.102mdk.x86_64.rpm
a676736f1b21bd03cacca254b2ede632  x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.2.102mdk.x86_64.rpm
2c771caff3e1d1d51a9b92b97fffd3c4  x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.2.102mdk.x86_64.rpm
5fd1df0e98c9e8216063b5445f0f7793  x86_64/10.2/RPMS/apache2-modules-2.0.53-9.2.102mdk.x86_64.rpm
45fbea3de4bcf57d751cc277d1ab4894  x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.2.102mdk.x86_64.rpm
344afa889c8eb9600f6a5c3064a12637  x86_64/10.2/RPMS/apache2-source-2.0.53-9.2.102mdk.x86_64.rpm
12f27ff5da9f84cfc21880bc241fad43  x86_64/10.2/RPMS/apache2-worker-2.0.53-9.2.102mdk.x86_64.rpm
8a16e42b311c162399f3ae97d0744bbc  x86_64/10.2/SRPMS/apache2-2.0.53-9.2.102mdk.src.rpm
9a0a2bd52a58f0ef58c5b0801487087a  x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.2.102mdk.src.rpm

10.0 amd64

 5959aa420b784a3c948a654f321cd2b9  amd64/10.0/RPMS/apache2-2.0.48-6.11.100mdk.amd64.rpm
111ac8f83281fb77a5dbc6736acacdb0  amd64/10.0/RPMS/apache2-common-2.0.48-6.11.100mdk.amd64.rpm
24ace7ff54ed9ca30ad63d2db911e488  amd64/10.0/RPMS/apache2-devel-2.0.48-6.11.100mdk.amd64.rpm
4d0c62200bcddbb537babe29ab8ee86a  amd64/10.0/RPMS/apache2-manual-2.0.48-6.11.100mdk.amd64.rpm
86bc78ee571b5e447d0db8178e0a4862  amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.11.100mdk.amd64.rpm
c7d69bd5d51eb9f234c818199fddbdea  amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.11.100mdk.amd64.rpm
4785b9e8da509317f018c582ea2fe9f4  amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.11.100mdk.amd64.rpm
ce00c70b1079da0a0a5432abc1d708a0  amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.11.100mdk.amd64.rpm
51e31767d8722fdd7e15fd7fc2c1bdde  amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.11.100mdk.amd64.rpm
562604623e02b8e4ad814dedb2c775eb  amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.11.100mdk.amd64.rpm
5f8bf2dab896c449e41702e400175d06  amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.11.100mdk.amd64.rpm
ea55786b6fc44014f08711fd6b94118e  amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.11.100mdk.amd64.rpm
0c4ee48682525c6c019ceaf7f3ffc21e  amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.11.100mdk.amd64.rpm
171cd403c98c5ffbc7085e458b52bbad  amd64/10.0/RPMS/apache2-modules-2.0.48-6.11.100mdk.amd64.rpm
f07995ed367ce585efa450d282a39f2a  amd64/10.0/RPMS/apache2-source-2.0.48-6.11.100mdk.amd64.rpm
7516f39fd25dfbe9df156d050cd5cf37  amd64/10.0/RPMS/lib64apr0-2.0.48-6.11.100mdk.amd64.rpm
8d29bf56013554140ee53950fcca9410  amd64/10.0/SRPMS/apache2-2.0.48-6.11.100mdk.src.rpm

10.2 i586

 181b063de484c836a09b4722f5062506  10.2/RPMS/apache2-2.0.53-9.2.102mdk.i586.rpm
1fec497d53d79ee8cc18a91d60986f87  10.2/RPMS/apache2-common-2.0.53-9.2.102mdk.i586.rpm
bcec08901215dc2e8848b877f04c23a0  10.2/RPMS/apache2-devel-2.0.53-9.2.102mdk.i586.rpm
f74f6cf726ab9108e617b9762388dd30  10.2/RPMS/apache2-manual-2.0.53-9.2.102mdk.i586.rpm
73772bfd561fc0ae7afb8eb374cc77d4  10.2/RPMS/apache2-mod_cache-2.0.53-9.2.102mdk.i586.rpm
39d5a0f538314926bc186071ca647425  10.2/RPMS/apache2-mod_dav-2.0.53-9.2.102mdk.i586.rpm
28226ee4f14f57a41dbbd91d83e9fdab  10.2/RPMS/apache2-mod_deflate-2.0.53-9.2.102mdk.i586.rpm
c252d21e6bcd0145152252f3f425aac4  10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.2.102mdk.i586.rpm
01bcf1dad802d65b8b4286f757561a0a  10.2/RPMS/apache2-mod_file_cache-2.0.53-9.2.102mdk.i586.rpm
c96c60e2f826aa9b6f1d639964541fd9  10.2/RPMS/apache2-mod_ldap-2.0.53-9.2.102mdk.i586.rpm
987c814d31bb5a7ef93d66902dfadbb4  10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.2.102mdk.i586.rpm
716e0be8b6f25d115b5ee01b5420db12  10.2/RPMS/apache2-mod_proxy-2.0.53-9.2.102mdk.i586.rpm
dd81510cb09113cdf2f9bc4acb4d4b1a  10.2/RPMS/apache2-mod_ssl-2.0.53-8.2.102mdk.i586.rpm
b9d81d6c8b1dcd45ae703b4507bdd3ac  10.2/RPMS/apache2-modules-2.0.53-9.2.102mdk.i586.rpm
51cb7958b2889d397d8d60d7f9a90a1b  10.2/RPMS/apache2-peruser-2.0.53-9.2.102mdk.i586.rpm
836bd59908b4db2796320ea09f5412a3  10.2/RPMS/apache2-source-2.0.53-9.2.102mdk.i586.rpm
d7d0f19642a1385224efc128d8081349  10.2/RPMS/apache2-worker-2.0.53-9.2.102mdk.i586.rpm
8a16e42b311c162399f3ae97d0744bbc  10.2/SRPMS/apache2-2.0.53-9.2.102mdk.src.rpm
9a0a2bd52a58f0ef58c5b0801487087a  10.2/SRPMS/apache2-mod_ssl-2.0.53-8.2.102mdk.src.rpm

10.1 i586

 9298f100a016ebf91e7ed2bb68ffa782  10.1/RPMS/apache2-2.0.50-7.4.101mdk.i586.rpm
c3c7c01a71aca7d898071fe38b9e0029  10.1/RPMS/apache2-common-2.0.50-7.4.101mdk.i586.rpm
06c7b2f7a0e294d7115472ec2795c6eb  10.1/RPMS/apache2-devel-2.0.50-7.4.101mdk.i586.rpm
3241deb8bfdce1d810552e1da4172eca  10.1/RPMS/apache2-manual-2.0.50-7.4.101mdk.i586.rpm
547d637c9af30e21159b7e5ca55f2e9e  10.1/RPMS/apache2-mod_cache-2.0.50-7.4.101mdk.i586.rpm
0d3b51a87cc28953a2f8e62a10060c78  10.1/RPMS/apache2-mod_dav-2.0.50-7.4.101mdk.i586.rpm
4a3e71db64f56229805ced06a2796143  10.1/RPMS/apache2-mod_deflate-2.0.50-7.4.101mdk.i586.rpm
7a14a53f7eb3c356c5f1aa377938e69d  10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.4.101mdk.i586.rpm
aa39ba4d397d0095a0854ee77ae72e1f  10.1/RPMS/apache2-mod_file_cache-2.0.50-7.4.101mdk.i586.rpm
a314cc48a755408e80bb9626e7a28731  10.1/RPMS/apache2-mod_ldap-2.0.50-7.4.101mdk.i586.rpm
b97420430cfd9190917dfb7a41e5f8d0  10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.4.101mdk.i586.rpm
5922f944a8fcf74ff0c9b45cffbb09f6  10.1/RPMS/apache2-mod_proxy-2.0.50-7.4.101mdk.i586.rpm
51111f25851c1bb2f4965070caf5ef0b  10.1/RPMS/apache2-mod_ssl-2.0.50-4.3.101mdk.i586.rpm
18d3410a2f360d821b60b46b3ec018a3  10.1/RPMS/apache2-modules-2.0.50-7.4.101mdk.i586.rpm
a5beb9688175b863ed6f6892bf23bed4  10.1/RPMS/apache2-source-2.0.50-7.4.101mdk.i586.rpm
bf038c8af8453bb09a25bd86d7a5d63f  10.1/RPMS/apache2-worker-2.0.50-7.4.101mdk.i586.rpm
02670d7f806c01e9733af31a5a829127  10.1/SRPMS/apache2-2.0.50-7.4.101mdk.src.rpm
bde0511732391a216ab69617740b1285  10.1/SRPMS/apache2-mod_ssl-2.0.50-4.3.101mdk.src.rpm

10.0 i586

 c3ed23adb5520b012f1c10bd631c6018  10.0/RPMS/apache2-2.0.48-6.11.100mdk.i586.rpm
f8761ef4e61ce7744b75c8a8de61cdf1  10.0/RPMS/apache2-common-2.0.48-6.11.100mdk.i586.rpm
de2e7f74e89ebb37a6ef718a12be902f  10.0/RPMS/apache2-devel-2.0.48-6.11.100mdk.i586.rpm
ed0b72d5309626b96c3c38f1015c2860  10.0/RPMS/apache2-manual-2.0.48-6.11.100mdk.i586.rpm
f65a339780a083298403712270bf517a  10.0/RPMS/apache2-mod_cache-2.0.48-6.11.100mdk.i586.rpm
9810ac0cdc1d6215c4704f29eb315d0e  10.0/RPMS/apache2-mod_dav-2.0.48-6.11.100mdk.i586.rpm
1ec5364b1fcacfe2a38a9ec1d25b114b  10.0/RPMS/apache2-mod_deflate-2.0.48-6.11.100mdk.i586.rpm
b82a66e437c462e401fd3722a465bcf4  10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.11.100mdk.i586.rpm
e0fddaa3c8655c76dddeaefb3e0570ac  10.0/RPMS/apache2-mod_file_cache-2.0.48-6.11.100mdk.i586.rpm
59363c9c0d6525b269a40f975f4a6259  10.0/RPMS/apache2-mod_ldap-2.0.48-6.11.100mdk.i586.rpm
5b43545c79965b11d7957e6adba2313e  10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.11.100mdk.i586.rpm
dfcdfb0d8650d7c930172a3a5db3f441  10.0/RPMS/apache2-mod_proxy-2.0.48-6.11.100mdk.i586.rpm
0ce6233be2b2e36b0b386497bf208bc7  10.0/RPMS/apache2-mod_ssl-2.0.48-6.11.100mdk.i586.rpm
70dacf1f98682b910d0eaffd8b8e0eb9  10.0/RPMS/apache2-modules-2.0.48-6.11.100mdk.i586.rpm
7c409711aa895c8ea8cd3e7518e57bcb  10.0/RPMS/apache2-source-2.0.48-6.11.100mdk.i586.rpm
9bad55274b504895e56c53311c6b549f  10.0/RPMS/libapr0-2.0.48-6.11.100mdk.i586.rpm
8d29bf56013554140ee53950fcca9410  10.0/SRPMS/apache2-2.0.48-6.11.100mdk.src.rpm

CS3.0 x86_64

 0a84ad543a6cf712509e12a0c013ab2a  x86_64/corporate/3.0/RPMS/apache2-2.0.48-6.11.C30mdk.x86_64.rpm
55b54f2b22a8f83e32fc73ec70f65f77  x86_64/corporate/3.0/RPMS/apache2-common-2.0.48-6.11.C30mdk.x86_64.rpm
02c191cae831d661661b579ca8e1c256  x86_64/corporate/3.0/RPMS/apache2-manual-2.0.48-6.11.C30mdk.x86_64.rpm
33fe9167e0a6d32d89161f8bed0bc814  x86_64/corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.11.C30mdk.x86_64.rpm
074cde9d633f8be9da84e0083650b18c  x86_64/corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.11.C30mdk.x86_64.rpm
4f6720edec1098c086840ce9bf299c07  x86_64/corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.11.C30mdk.x86_64.rpm
d080f16e0dd5ce782e3bf9e0090b4b90  x86_64/corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.11.C30mdk.x86_64.rpm
9b4be46d6b38c4e5532b34b8505a7bd8  x86_64/corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.11.C30mdk.x86_64.rpm
aa57fbec9ce8209025aacf4dcd810fab  x86_64/corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.11.C30mdk.x86_64.rpm
dd1c0390079c7417f9cb39b999644413  x86_64/corporate/3.0/RPMS/apache2-modules-2.0.48-6.11.C30mdk.x86_64.rpm
f1f046407392a27a740a5a63270b0ed3  x86_64/corporate/3.0/RPMS/lib64apr0-2.0.48-6.11.C30mdk.x86_64.rpm
d9878cfe7baf397d8380155859a44f94  x86_64/corporate/3.0/SRPMS/apache2-2.0.48-6.11.C30mdk.src.rpm

CS3.0 i586

 22e18eaab021cfccf717d5eaec082ab1  corporate/3.0/RPMS/apache2-2.0.48-6.11.C30mdk.i586.rpm
24c63b872a0a532910acd4e700f69a06  corporate/3.0/RPMS/apache2-common-2.0.48-6.11.C30mdk.i586.rpm
764978136b58e99af9c26d57ef6f3b31  corporate/3.0/RPMS/apache2-manual-2.0.48-6.11.C30mdk.i586.rpm
4295a667e7658163c7b3f90556adce47  corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.11.C30mdk.i586.rpm
001d15856d121400c0dcfb3b5a1e9f3c  corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.11.C30mdk.i586.rpm
7d9c3ea628e86fbe2385c07f2b04a69d  corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.11.C30mdk.i586.rpm
eb7869e4b3f2e73b0636e6b06fce364a  corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.11.C30mdk.i586.rpm
457a47ed2f7279f303cc2e9d86030cda  corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.11.C30mdk.i586.rpm
4f929704feed4dcb3c9c443f3bed01dd  corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.11.C30mdk.i586.rpm
f7738c77a130fbbae2ee44b3af16e4a0  corporate/3.0/RPMS/apache2-modules-2.0.48-6.11.C30mdk.i586.rpm
d131b9a5dcd101b61779ee0ce619d105  corporate/3.0/RPMS/libapr0-2.0.48-6.11.C30mdk.i586.rpm
d9878cfe7baf397d8380155859a44f94  corporate/3.0/SRPMS/apache2-2.0.48-6.11.C30mdk.src.rpm

10.1 x86_64

 cf3ffc2f4c6f77bef3fe9fdfbfa6ab18  x86_64/10.1/RPMS/apache2-2.0.50-7.4.101mdk.x86_64.rpm
0b859489be6190cc8864dd43ea25f6c9  x86_64/10.1/RPMS/apache2-common-2.0.50-7.4.101mdk.x86_64.rpm
f79e4889060bdaef1a0ba1f2e5e2d109  x86_64/10.1/RPMS/apache2-devel-2.0.50-7.4.101mdk.x86_64.rpm
9210487fb9bb2198ea9f7a344686ddfa  x86_64/10.1/RPMS/apache2-manual-2.0.50-7.4.101mdk.x86_64.rpm
2a003b0b92cf73dbd97357cdc83f7a80  x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.4.101mdk.x86_64.rpm
e9158f8904f42917b109d8c29a1eaef5  x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.4.101mdk.x86_64.rpm
7bc7ada5cb2e49eafacd58658a804e23  x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.4.101mdk.x86_64.rpm
3c2eb02ec0b6996b40ec2ed63ba0461b  x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.4.101mdk.x86_64.rpm
c5ef16ceace6b39b02980a2c1b2926db  x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.4.101mdk.x86_64.rpm
c8c0bd27d380053ae9639355a1879e12  x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.4.101mdk.x86_64.rpm
a0d9bb42c623783e2b69ace91ef8fe89  x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.4.101mdk.x86_64.rpm
4e01447b5b84020d1fef62334d134054  x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.4.101mdk.x86_64.rpm
b9452df883f869eb41ee8f1cbecbfe99  x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.3.101mdk.x86_64.rpm
f27ab73ba4c86da7d28185d01defa216  x86_64/10.1/RPMS/apache2-modules-2.0.50-7.4.101mdk.x86_64.rpm
f5b12191de96443e50de6d066e27bfa9  x86_64/10.1/RPMS/apache2-source-2.0.50-7.4.101mdk.x86_64.rpm
b9cec7a4e167a1f270452d4701447cb3  x86_64/10.1/RPMS/apache2-worker-2.0.50-7.4.101mdk.x86_64.rpm
02670d7f806c01e9733af31a5a829127  x86_64/10.1/SRPMS/apache2-2.0.50-7.4.101mdk.src.rpm
bde0511732391a216ab69617740b1285  x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.3.101mdk.src.rpm

References