Nom du paquet
apache
Date
2008-01-16
Advisory ID
MDVSA-2008:015
Affected versions
CS3.0 i586 , MNF2.0 i586 , CS3.0 x86_64

Problem description

A number of vulnerabilities were found and fixed in the Apache 2.0.x
packages:

A flaw found in the mod_imagemap module could lead to a cross-site
scripting attack on sites where mod_imagemap was enabled and an
imagemap file was publically available (CVE-2007-5000).

A flaw found in the mod_status module could lead to a cross-site
scripting attack on sites where mod_status was enabled and the status
pages were publically available (CVE-2007-6388).

A flaw found in the mod_proxy_ftp module could lead to a cross-site
scripting attack against web browsers which do not correctly derive
the response character set following the rules in RFC 2616, on sites
where the mod_proxy_ftp module was enabled (CVE-2008-0005).

The updated packages have been patched to correct these issues.

Updated packages

CS3.0 i586

 e0fabb0a832dc1204854ed23627c9071  corporate/3.0/i586/apache2-2.0.48-6.17.C30mdk.i586.rpm
 2d99e3d8fcd7056dd0233dbc147e37e7  corporate/3.0/i586/apache2-common-2.0.48-6.17.C30mdk.i586.rpm
 7bf8862eb0fff56e54a5e90e9933679b  corporate/3.0/i586/apache2-devel-2.0.48-6.17.C30mdk.i586.rpm
 1297ae9bf0bba4b2783641ba6ac576ee  corporate/3.0/i586/apache2-manual-2.0.48-6.17.C30mdk.i586.rpm
 3a418eec92eca0b9770c8197a8f80f07  corporate/3.0/i586/apache2-mod_cache-2.0.48-6.17.C30mdk.i586.rpm
 67f3a6a03a4726eb573c2155aaefdb76  corporate/3.0/i586/apache2-mod_dav-2.0.48-6.17.C30mdk.i586.rpm
 0b5cd07f4aa2ff89ed4c3fae36c5ca2b  corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.17.C30mdk.i586.rpm
 61b4e239c6cba376a4a62a52d7582158  corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.17.C30mdk.i586.rpm
 a6080f99a53ca66a9fcd56ee9ac09e21  corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.17.C30mdk.i586.rpm
 9652c8a568641754e49b971d79c8e52c  corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.17.C30mdk.i586.rpm
 b3886d86008a0f46c9791d331938c11a  corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.17.C30mdk.i586.rpm
 3d1b7594ce0bee796de8d2937223f382  corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.17.C30mdk.i586.rpm
 3fd1abda5d04c8342288fd37fbbbd362  corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.17.C30mdk.i586.rpm
 e8e643e3e779a8cc07399fb4ad1f6c15  corporate/3.0/i586/apache2-modules-2.0.48-6.17.C30mdk.i586.rpm
 e4b634876a9e7845ecf3679075c84ce1  corporate/3.0/i586/apache2-source-2.0.48-6.17.C30mdk.i586.rpm
 b3d0f3e54d76055f233caa5540a62036  corporate/3.0/i586/libapr0-2.0.48-6.17.C30mdk.i586.rpm 
 660176a97677746d6417ca0cf3351518  corporate/3.0/SRPMS/apache2-2.0.48-6.17.C30mdk.src.rpm

MNF2.0 i586

 0d7296bc37c70931a79d5981c292b82f  mnf/2.0/i586/apache2-2.0.48-6.17.M20mdk.i586.rpm
 e3db0e869074f6fbc15cbcdf66806c3e  mnf/2.0/i586/apache2-common-2.0.48-6.17.M20mdk.i586.rpm
 4a49046ee1c2e5bb3417783051caa28a  mnf/2.0/i586/apache2-devel-2.0.48-6.17.M20mdk.i586.rpm
 68838daa22fe4e47dd399d281e946b3f  mnf/2.0/i586/apache2-manual-2.0.48-6.17.M20mdk.i586.rpm
 f51d2cc5178d9eb235681d0aeeea339c  mnf/2.0/i586/apache2-mod_cache-2.0.48-6.17.M20mdk.i586.rpm
 e69c01851c2d17962479701d335f6d2a  mnf/2.0/i586/apache2-mod_dav-2.0.48-6.17.M20mdk.i586.rpm
 8294205320ee4047018adaacf79792f1  mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.17.M20mdk.i586.rpm
 66da17f8628f646f51b1f45a90eeb874  mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.17.M20mdk.i586.rpm
 631223e65b60be8067a7204e30ee5694  mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.17.M20mdk.i586.rpm
 8362b6016b1b2c6c3d6e4d6e450fec23  mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.17.M20mdk.i586.rpm
 44d23d4a8ba891c35b77c90a183df588  mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.17.M20mdk.i586.rpm
 086599e69c35f1836d37a17086d28ec2  mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.17.M20mdk.i586.rpm
 20edb85556832d8d50b9320a8ea5ae53  mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.17.M20mdk.i586.rpm
 4e3eff355f26f4c441ad176a661ef483  mnf/2.0/i586/apache2-modules-2.0.48-6.17.M20mdk.i586.rpm
 de7fb4b98c0ae60caaf9e77bc8e4edf8  mnf/2.0/i586/apache2-source-2.0.48-6.17.M20mdk.i586.rpm
 35a34eeb8b961d7813286955ba593f76  mnf/2.0/i586/libapr0-2.0.48-6.17.M20mdk.i586.rpm 
 705f99d354c34a20a6dd66421316096e  mnf/2.0/SRPMS/apache2-2.0.48-6.17.M20mdk.src.rpm

CS3.0 x86_64

 e616f6ca90aaed6b7877c8e84ce61a6c  corporate/3.0/x86_64/apache2-2.0.48-6.17.C30mdk.x86_64.rpm
 9e5731c7d1635e92fdb026785a35e1fc  corporate/3.0/x86_64/apache2-common-2.0.48-6.17.C30mdk.x86_64.rpm
 3b7456191eb49e6aed0b239338890d50  corporate/3.0/x86_64/apache2-devel-2.0.48-6.17.C30mdk.x86_64.rpm
 ccfdfa7286c3be4e37b763eb8c56d9af  corporate/3.0/x86_64/apache2-manual-2.0.48-6.17.C30mdk.x86_64.rpm
 72ca899935c0b83b71e143d94cdc66f0  corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.17.C30mdk.x86_64.rpm
 5455176128af28271ceccac00947414b  corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.17.C30mdk.x86_64.rpm
 f82082e4458ffdcf5f905af8da6fad68  corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.17.C30mdk.x86_64.rpm
 a76d5d5aa57817d48c244d1a19db386a  corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.17.C30mdk.x86_64.rpm
 38bff396839955a9b2a52679b8e9730f  corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.17.C30mdk.x86_64.rpm
 8064518036a784af67f787edfd38b429  corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.17.C30mdk.x86_64.rpm
 5d780cd9a1448870ef2fb712a87e3b18  corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.17.C30mdk.x86_64.rpm
 0eb257d14aa0b920f0b8fed66fcb0758  corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.17.C30mdk.x86_64.rpm
 a04aa093320e9c2c3b0d288a442c5821  corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.17.C30mdk.x86_64.rpm
 59b737044482d22b2299a32d6651fb8b  corporate/3.0/x86_64/apache2-modules-2.0.48-6.17.C30mdk.x86_64.rpm
 6745332fed3a6cd7cf6ec6a3ea2ab52e  corporate/3.0/x86_64/apache2-source-2.0.48-6.17.C30mdk.x86_64.rpm
 36a6313cf1bf1425e03d904a5f527831  corporate/3.0/x86_64/lib64apr0-2.0.48-6.17.C30mdk.x86_64.rpm 
 660176a97677746d6417ca0cf3351518  corporate/3.0/SRPMS/apache2-2.0.48-6.17.C30mdk.src.rpm

References