Package name
apache
Date
2013-04-04
Advisory ID
MDVSA-2013:015-1
Affected versions
MBS1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in apache
(ASF HTTPD):

Various XSS (cross-site scripting vulnerability) flaws due to unescaped
hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap,
mod_ldap, and mod_proxy_ftp (CVE-2012-3499).

XSS (cross-site scripting vulnerability) in mod_proxy_balancer manager
interface (CVE-2012-4558).

Additionally the ASF bug 53219 was resolved which provides a way
to mitigate the CRIME attack vulnerability by disabling TLS-level
compression. Use the new directive SSLCompression on|off to enable or
disable TLS-level compression, by default SSLCompression is turned on.

The updated packages have been upgraded to the latest 2.2.24 version
which is not vulnerable to these issues.

Update:

Packages for Mandriva Business Server 1 is being provided.

Updated packages

MBS1 x86_64

 7509c635731abff8de4726b3f490a65a  mbs1/x86_64/apache-2.2.24-1.mbs1.x86_64.rpm
 c8d15d2347a4186119c59fe34ac83314  mbs1/x86_64/apache-devel-2.2.24-1.mbs1.x86_64.rpm
 e128a1f644d5d96fe4ad08c25278af59  mbs1/x86_64/apache-doc-2.2.24-1.mbs1.noarch.rpm
 f1a8fa36a6f42d9e75570c497a338a21  mbs1/x86_64/apache-htcacheclean-2.2.24-1.mbs1.x86_64.rpm
 b3637ef4aec30f46cef5b4cb6c70fb16  mbs1/x86_64/apache-mod_authn_dbd-2.2.24-1.mbs1.x86_64.rpm
 529da28cbb446db208c3416d57519c31  mbs1/x86_64/apache-mod_cache-2.2.24-1.mbs1.x86_64.rpm
 19cbba7b984d375755ab152af36fa085  mbs1/x86_64/apache-mod_dav-2.2.24-1.mbs1.x86_64.rpm
 1eccf69d4657a3dcc7e73d9fba4ab133  mbs1/x86_64/apache-mod_dbd-2.2.24-1.mbs1.x86_64.rpm
 4cd7e5cddc596281e925e45acf9f2745  mbs1/x86_64/apache-mod_deflate-2.2.24-1.mbs1.x86_64.rpm
 3336f3e2daf72b958e5dafb5212c3c33  mbs1/x86_64/apache-mod_disk_cache-2.2.24-1.mbs1.x86_64.rpm
 7b7ed707bb38b26061d755b981551da2  mbs1/x86_64/apache-mod_file_cache-2.2.24-1.mbs1.x86_64.rpm
 ad7cc8bd814d6fe7123edcd911acd61e  mbs1/x86_64/apache-mod_ldap-2.2.24-1.mbs1.x86_64.rpm
 ea30ba683d4a3c761424d85d127038e9  mbs1/x86_64/apache-mod_mem_cache-2.2.24-1.mbs1.x86_64.rpm
 273dec6dcaa57765722bc617054f4326  mbs1/x86_64/apache-mod_proxy-2.2.24-1.mbs1.x86_64.rpm
 1e2301a111dd7cef51544d46ee2fecd5  mbs1/x86_64/apache-mod_proxy_ajp-2.2.24-1.mbs1.x86_64.rpm
 bf87d20545719e432451c9af603acd26  mbs1/x86_64/apache-mod_proxy_scgi-2.2.24-1.mbs1.x86_64.rpm
 884fb55f90be44415f9cf8a67d2c25bc  mbs1/x86_64/apache-mod_reqtimeout-2.2.24-1.mbs1.x86_64.rpm
 ac91f11c0c7d4b15e30a7f08761a55db  mbs1/x86_64/apache-mod_ssl-2.2.24-1.mbs1.x86_64.rpm
 aa3ee3fd0993015a3ad21af92db10cf3  mbs1/x86_64/apache-mod_suexec-2.2.24-1.mbs1.x86_64.rpm
 bc99a7d1879fff69044d1e0ab716f6d4  mbs1/x86_64/apache-mod_userdir-2.2.24-1.mbs1.x86_64.rpm
 1ebcb5de0cdabdd483d03cd90b37e922  mbs1/x86_64/apache-mpm-event-2.2.24-1.mbs1.x86_64.rpm
 edd2a1509f2f4a0ef6db792db02d6d5f  mbs1/x86_64/apache-mpm-itk-2.2.24-1.mbs1.x86_64.rpm
 8f923499d4f47bd8de82621b15b7e2e0  mbs1/x86_64/apache-mpm-peruser-2.2.24-1.mbs1.x86_64.rpm
 de40119e6d0c18efcc5d42986bcbb92d  mbs1/x86_64/apache-mpm-prefork-2.2.24-1.mbs1.x86_64.rpm
 110746aad4564a1dba52be50c996c582  mbs1/x86_64/apache-mpm-worker-2.2.24-1.mbs1.x86_64.rpm
 a3d0a7163dbe01862ae830eac0ee81b8  mbs1/x86_64/apache-source-2.2.24-1.mbs1.noarch.rpm 
 509beb781e5871d20135d2407aa5cf07  mbs1/SRPMS/apache-2.2.24-1.mbs1.src.rpm

References