Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > July 2007 > Mandriva Security Advisories

July 2007

Mandriva Security Advisories

ID: 154
Ref: 99/2007
Date: 10 July 2007:16:16:08
Version: 1
Title: Mandriva Security Advisories
Abstract: Description of security vulnerabilities in console-tools, rpmdrake, postfix, MySQL, apache and mplayer
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Advisory MDKA-2007:077
http://www.mandriva.com/security/
_______________________________________________________________________

Package : console-tools
Date : July 4, 2007
Affected: 2007.0, 2007.1
_______________________________________________________________________

Problem Description:

vt-is-UTF8 utility included in console-tools package, and used by Mandriva
initscripts, can hang, causing random problems like preventing a
local/remote system reboot, unless user take interactive action (#27948).
Also, when executed on a terminal different from a linux vt, it can cause
errors and make it unresponsive.

Updated packages fixes both problems, and also removes setkeycodes limit,
better fix for a previous issue alread addressed (#21741).
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
ad21edcb47ce9ccfff850c0de79fab19
2007.0/i586/console-tools-0.2.3-60.2mdv2007.0.i586.rpm
816db34aeda4a5b4eb1e56af6c84f12a
2007.0/i586/libconsole0-0.2.3-60.2mdv2007.0.i586.rpm
5e758c0f67d519973d02c1418a5e543b
2007.0/i586/libconsole0-devel-0.2.3-60.2mdv2007.0.i586.rpm
e2d9c1356d6cbf359bc4010dab9d8026
2007.0/i586/libconsole0-static-devel-0.2.3-60.2mdv2007.0.i586.rpm
6583c1cb7e6c38c4cf772384a4744230
2007.0/SRPMS/console-tools-0.2.3-60.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
7db0560f3f4dbc542c0620590568fa38
2007.0/x86_64/console-tools-0.2.3-60.2mdv2007.0.x86_64.rpm
462c0561bea1fc220bc12652e17ddd9a
2007.0/x86_64/lib64console0-0.2.3-60.2mdv2007.0.x86_64.rpm
567585498f8a49ea696ee48a62f8930a
2007.0/x86_64/lib64console0-devel-0.2.3-60.2mdv2007.0.x86_64.rpm
b2208dd5360b4a9c9dfe78597ff751d1
2007.0/x86_64/lib64console0-static-devel-0.2.3-60.2mdv2007.0.x86_64.rpm
6583c1cb7e6c38c4cf772384a4744230
2007.0/SRPMS/console-tools-0.2.3-60.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
d80545c5aa9d76e04df4e81758a81edb
2007.1/i586/console-tools-0.2.3-61.2mdv2007.1.i586.rpm
9ce345bcd46d448a9e951b5d4196894c
2007.1/i586/libconsole0-0.2.3-61.2mdv2007.1.i586.rpm
5b95591191647ed34ad1e520809c93a8
2007.1/i586/libconsole0-devel-0.2.3-61.2mdv2007.1.i586.rpm
21d0a9fedf30424aabb9f31b3c2efb68
2007.1/i586/libconsole0-static-devel-0.2.3-61.2mdv2007.1.i586.rpm
31f9a8269504901a878ed75b730ab88d
2007.1/SRPMS/console-tools-0.2.3-61.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
41751087401df4e9fc410ea6bfaa28fb
2007.1/x86_64/console-tools-0.2.3-61.2mdv2007.1.x86_64.rpm
819d03c21ed038d586d6c5c1f4595271
2007.1/x86_64/lib64console0-0.2.3-61.2mdv2007.1.x86_64.rpm
2038f29b7d4249725a837b70390c7021
2007.1/x86_64/lib64console0-devel-0.2.3-61.2mdv2007.1.x86_64.rpm
cd137ae7b67b7909a1eb7d2fda3f9a38
2007.1/x86_64/lib64console0-static-devel-0.2.3-61.2mdv2007.1.x86_64.rpm
31f9a8269504901a878ed75b730ab88d
2007.1/SRPMS/console-tools-0.2.3-61.2mdv2007.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of
md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG
public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGjBC5mqjQ0CJFipgRAscCAJ0RSXJcYswXEZe5oGr7PipGP74fMgCeLrav
ad8Cs1ULhbPFuJwpNrrAi/w=
=DqHs
-----END PGP SIGNATURE-----


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Advisory MDKA-2007:078
http://www.mandriva.com/security/
_______________________________________________________________________

Package : rpmdrake
Date : July 4, 2007
Affected: 2007.1
_______________________________________________________________________

Problem Description:

The rpmdrake package erronously warned it could not install some packages
from a DVD, due to read errors, while it did install them (bug #30463). This
update fix this issue.

Also, this update will make the install/update progress dialog to be closed
before displaying errors or .rpmnew files.
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:
4e1c628f8318f0e76b46fefa26fc759a
2007.1/i586/park-rpmdrake-3.69.1-1.1mdv2007.1.i586.rpm
720e867efc73e8848bc191a0a1c0752b
2007.1/i586/rpmdrake-3.69.1-1.1mdv2007.1.i586.rpm
e87a5aed544464ab982529e21e311ecb
2007.1/SRPMS/rpmdrake-3.69.1-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
680d07919509cd116e6da26ee24597ba
2007.1/x86_64/park-rpmdrake-3.69.1-1.1mdv2007.1.x86_64.rpm
e22017223f18e8217e4a803a4841ed97
2007.1/x86_64/rpmdrake-3.69.1-1.1mdv2007.1.x86_64.rpm
e87a5aed544464ab982529e21e311ecb
2007.1/SRPMS/rpmdrake-3.69.1-1.1mdv2007.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of
md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG
public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGjBv+mqjQ0CJFipgRAhIXAKDCac9oW9zWrs1M1UNRie9kV+0ZcQCeN7RP
iDVoLnt8UlkN6qXd+PNoq4I=
=uUX2
-----END PGP SIGNATURE-----



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Advisory MDKA-2007:079
http://www.mandriva.com/security/
_______________________________________________________________________

Package : postfix
Date : July 4, 2007
Affected: 2007.0
_______________________________________________________________________

Problem Description:

This update to the postfix package fixes two bugs in the chroot script that
in some cases could have prevented postfix from working at all:

- The chroot script would malfunction if no postfix dynamic maps were installed

- The chroot script would not enforce a safe umask, and could create a
chroot with wrong permissions

This update also introduces all bugfixes from postfix release 2.3.6.
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
d671e3a14599b06809e35af7af5de821
2007.0/i586/libpostfix1-2.3.6-1.1mdv2007.0.i586.rpm
7683863ea8a0272dcffb4ac4a00ed856
2007.0/i586/postfix-2.3.6-1.1mdv2007.0.i586.rpm
51741e40281109443dfee4e66d61c386
2007.0/i586/postfix-ldap-2.3.6-1.1mdv2007.0.i586.rpm
1402672177e1081eac08ec88b3f81ae3
2007.0/i586/postfix-mysql-2.3.6-1.1mdv2007.0.i586.rpm
c118ac14a9b1a18fb4fe822b593615ea
2007.0/i586/postfix-pcre-2.3.6-1.1mdv2007.0.i586.rpm
e79b5808197fe7c53b0a136d88d0e642
2007.0/i586/postfix-pgsql-2.3.6-1.1mdv2007.0.i586.rpm
46916829df5d8409ea007d10bae1afb1
2007.0/SRPMS/postfix-2.3.6-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
f06a7896a8bcfad693010f8e9caa7551
2007.0/x86_64/lib64postfix1-2.3.6-1.1mdv2007.0.x86_64.rpm
a7ed0685982882ad16aeaed81494a665
2007.0/x86_64/postfix-2.3.6-1.1mdv2007.0.x86_64.rpm
0f396b64237dab09fab9592d1ad91468
2007.0/x86_64/postfix-ldap-2.3.6-1.1mdv2007.0.x86_64.rpm
2855744fe17d7af6d75df533dd00088b
2007.0/x86_64/postfix-mysql-2.3.6-1.1mdv2007.0.x86_64.rpm
fe47d2fdefc73f3b5f6e585dabd537c5
2007.0/x86_64/postfix-pcre-2.3.6-1.1mdv2007.0.x86_64.rpm
66cba2be0b44a004b6cafbbed5b5ee2a
2007.0/x86_64/postfix-pgsql-2.3.6-1.1mdv2007.0.x86_64.rpm
46916829df5d8409ea007d10bae1afb1
2007.0/SRPMS/postfix-2.3.6-1.1mdv2007.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of
md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG
public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGjCFfmqjQ0CJFipgRArPtAJ42rMw5FniPRH1tSv4rBgxgxZadEgCgu64c
E/5siVAy6+wL+z8qZthxoEA=
=KWCE
-----END PGP SIGNATURE-----



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:139
http://www.mandriva.com/security/
_______________________________________________________________________

Package : MySQL
Date : July 4, 2007
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________

Problem Description:

MySQL 5.x before 5.0.36 allows local users to cause a denial of service
(database crash) by performing information_schema table subselects and using
ORDER BY to sort a single-row result, which prevents certain structure
elements from being initialized and triggers a NULL dereference in the
filesort function. This issue does not affect MySQL 5.0.37 in Mandriva Linux
2007.1. (CVE-2007-1420)

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and
5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial
of service (crash) via a crafted IF clause that results in a divide-by-zero
error and a NULL pointer dereference. (CVE-2007-2583)

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not
require the DROP privilege for RENAME TABLE statements, which allows remote
authenticated users to rename arbitrary tables. (CVE-2007-2691)

Updated packages have been patched to prevent the above issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2691
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
21bf6c3cf8908d8ec01317dbbaeda4d4
2007.0/i586/MySQL-5.0.24a-2.1mdv2007.0.i586.rpm
af81d1d15cceb0906b17ed905c8027c6
2007.0/i586/MySQL-Max-5.0.24a-2.1mdv2007.0.i586.rpm
a90669dfc21494a4453bc31620513b82
2007.0/i586/MySQL-bench-5.0.24a-2.1mdv2007.0.i586.rpm
bd4a71a850f5df9c7583d7eff0fa2a88
2007.0/i586/MySQL-client-5.0.24a-2.1mdv2007.0.i586.rpm
6cbd4325f98ba34c3c0c07da93edf9f7
2007.0/i586/MySQL-common-5.0.24a-2.1mdv2007.0.i586.rpm
a7eef0dd7b38e3a704b49d57d9cae953
2007.0/i586/MySQL-ndb-extra-5.0.24a-2.1mdv2007.0.i586.rpm
1165add80c08fdbe13c9d0906340a998
2007.0/i586/MySQL-ndb-management-5.0.24a-2.1mdv2007.0.i586.rpm
1dab5164b03c4689a9289e5b8e4c1b83
2007.0/i586/MySQL-ndb-storage-5.0.24a-2.1mdv2007.0.i586.rpm
cfc946c33e31cad4eb3d2cee60101af8
2007.0/i586/MySQL-ndb-tools-5.0.24a-2.1mdv2007.0.i586.rpm
25fa8c6756256c4dd67ece5a36651394
2007.0/i586/libmysql15-5.0.24a-2.1mdv2007.0.i586.rpm
a36d220223051510d41b4f9a4505cc21
2007.0/i586/libmysql15-devel-5.0.24a-2.1mdv2007.0.i586.rpm
6257cf37dd793e4e28079e24d85371cf
2007.0/i586/libmysql15-static-devel-5.0.24a-2.1mdv2007.0.i586.rpm
61fd5383c89b7599741d3627c6a568f2
2007.0/SRPMS/MySQL-5.0.24a-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
3cc829514ba910e9d3118874a3390e51
2007.0/x86_64/MySQL-5.0.24a-2.1mdv2007.0.x86_64.rpm
6f84bac1c088b0ef773dcdc051de08e5
2007.0/x86_64/MySQL-Max-5.0.24a-2.1mdv2007.0.x86_64.rpm
84e4c7c9cbd439444bfb3353994e8d23
2007.0/x86_64/MySQL-bench-5.0.24a-2.1mdv2007.0.x86_64.rpm
96ac718984a765f95002a0ee934e93cd
2007.0/x86_64/MySQL-client-5.0.24a-2.1mdv2007.0.x86_64.rpm
1bed2bc4d5c4f5700b13495d8bb6f3c4
2007.0/x86_64/MySQL-common-5.0.24a-2.1mdv2007.0.x86_64.rpm
55ea8d680cfdeaf48eeacf3aa789ab19
2007.0/x86_64/MySQL-ndb-extra-5.0.24a-2.1mdv2007.0.x86_64.rpm
4047515dedd71ffe9c6fd4268e25f115
2007.0/x86_64/MySQL-ndb-management-5.0.24a-2.1mdv2007.0.x86_64.rpm
05c75e22bf10cff94581eaa3096c2e47
2007.0/x86_64/MySQL-ndb-storage-5.0.24a-2.1mdv2007.0.x86_64.rpm
c105dd5a6a0c96ad00795183ed9f6ae8
2007.0/x86_64/MySQL-ndb-tools-5.0.24a-2.1mdv2007.0.x86_64.rpm
41c0722f531c0af55c3b2d621c29f009
2007.0/x86_64/lib64mysql15-5.0.24a-2.1mdv2007.0.x86_64.rpm
58801989259c4983f0201bab1bdb4d0e
2007.0/x86_64/lib64mysql15-devel-5.0.24a-2.1mdv2007.0.x86_64.rpm
dc9cbf9b7edc50053dbad01c988667c1
2007.0/x86_64/lib64mysql15-static-devel-5.0.24a-2.1mdv2007.0.x86_64.rpm
61fd5383c89b7599741d3627c6a568f2
2007.0/SRPMS/MySQL-5.0.24a-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
96494772204a2bbf2be3832500782456 2007.1/i586/MySQL-5.0.37-2.1mdv2007.1.i586.rpm
4c0fdbce214a1b313d5157a1b455c2f4
2007.1/i586/MySQL-Max-5.0.37-2.1mdv2007.1.i586.rpm
8b068d834518bdb3dc1f5f92bb496b8b
2007.1/i586/MySQL-bench-5.0.37-2.1mdv2007.1.i586.rpm
654367537e3d73b9913e7f49e9e368cc
2007.1/i586/MySQL-client-5.0.37-2.1mdv2007.1.i586.rpm
eb29ca9f2ba5bcddd89dfba36b33b608
2007.1/i586/MySQL-common-5.0.37-2.1mdv2007.1.i586.rpm
c5d4e06f21fbc62ef670b708125ff156
2007.1/i586/MySQL-ndb-extra-5.0.37-2.1mdv2007.1.i586.rpm
0f38ad5a905ee7b11a793fd8f96ebf72
2007.1/i586/MySQL-ndb-management-5.0.37-2.1mdv2007.1.i586.rpm
4e4c72d48124ddffe141caffa291eb7e
2007.1/i586/MySQL-ndb-storage-5.0.37-2.1mdv2007.1.i586.rpm
598327f4a6954b7d66ae670150423d10
2007.1/i586/MySQL-ndb-tools-5.0.37-2.1mdv2007.1.i586.rpm
0b3bb96443df3752707f4f350aa82795
2007.1/i586/libmysql15-5.0.37-2.1mdv2007.1.i586.rpm
4a04bedbd2ee2645c884e2b43bfb8148
2007.1/i586/libmysql15-devel-5.0.37-2.1mdv2007.1.i586.rpm
93e902375f1fe1e6748c6770aa727cfb
2007.1/i586/libmysql15-static-devel-5.0.37-2.1mdv2007.1.i586.rpm
20002982712cf20e3b568952153bf934 2007.1/SRPMS/MySQL-5.0.37-2.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
ce3cf3bd485bc610d6206b8e9c485bec
2007.1/x86_64/MySQL-5.0.37-2.1mdv2007.1.x86_64.rpm
cd61f695c1b2bb7936f6e7c6f9852a03
2007.1/x86_64/MySQL-Max-5.0.37-2.1mdv2007.1.x86_64.rpm
130ab74a2ecb353740fa3ce72de0d2e1
2007.1/x86_64/MySQL-bench-5.0.37-2.1mdv2007.1.x86_64.rpm
d19473f9ef587d648ba9eb9432cabb96
2007.1/x86_64/MySQL-client-5.0.37-2.1mdv2007.1.x86_64.rpm
9a7242331c11e17774778e25cc070bfb
2007.1/x86_64/MySQL-common-5.0.37-2.1mdv2007.1.x86_64.rpm
af8a57d23ba18c6d26d6c8e86c78ecd5
2007.1/x86_64/MySQL-ndb-extra-5.0.37-2.1mdv2007.1.x86_64.rpm
a485fdba11c17a31736304ec4c350219
2007.1/x86_64/MySQL-ndb-management-5.0.37-2.1mdv2007.1.x86_64.rpm
71740a48d949c431ab93147ae9a1f016
2007.1/x86_64/MySQL-ndb-storage-5.0.37-2.1mdv2007.1.x86_64.rpm
c75e0882938222abed05802d776d705b
2007.1/x86_64/MySQL-ndb-tools-5.0.37-2.1mdv2007.1.x86_64.rpm
3cc3e00778849eb1441d7d1b8ffb9c77
2007.1/x86_64/lib64mysql15-5.0.37-2.1mdv2007.1.x86_64.rpm
34f0aab6fbf146fa753b6e74d018b9b4
2007.1/x86_64/lib64mysql15-devel-5.0.37-2.1mdv2007.1.x86_64.rpm
e578aa3c0533512d3172a8783951a78b
2007.1/x86_64/lib64mysql15-static-devel-5.0.37-2.1mdv2007.1.x86_64.rpm
20002982712cf20e3b568952153bf934 2007.1/SRPMS/MySQL-5.0.37-2.1mdv2007.1.src.rpm

Corporate 4.0:
6dd1e46117228da990577dcc61c62924
corporate/4.0/i586/MySQL-5.0.24-1.1.20060mlcs4.i586.rpm
056f42ca5a679334f5b10fee2ac7c3ff
corporate/4.0/i586/MySQL-Max-5.0.24-1.1.20060mlcs4.i586.rpm
8ef459e29a6e0b6efc41ce10865b05c7
corporate/4.0/i586/MySQL-bench-5.0.24-1.1.20060mlcs4.i586.rpm
7d3b7b1714983c1d2eafdf8cc7bc4575
corporate/4.0/i586/MySQL-client-5.0.24-1.1.20060mlcs4.i586.rpm
0f011f86f0cd69f8298d68e711194396
corporate/4.0/i586/MySQL-common-5.0.24-1.1.20060mlcs4.i586.rpm
7863f10c35563f5ae5ab69d4c6991932
corporate/4.0/i586/MySQL-ndb-extra-5.0.24-1.1.20060mlcs4.i586.rpm
a09a90a1f7f30a7d4656f5315f3f91ea
corporate/4.0/i586/MySQL-ndb-management-5.0.24-1.1.20060mlcs4.i586.rpm
4daff89ac6a7eefa3959a3a3f4bbfa52
corporate/4.0/i586/MySQL-ndb-storage-5.0.24-1.1.20060mlcs4.i586.rpm
b1eda7ba40300324970df9167782c33b
corporate/4.0/i586/MySQL-ndb-tools-5.0.24-1.1.20060mlcs4.i586.rpm
56444ba86d330cd75ebb83f2aab6aaa8
corporate/4.0/i586/libmysql15-5.0.24-1.1.20060mlcs4.i586.rpm
8b567ebda8df1f0712ee98fdace57817
corporate/4.0/i586/libmysql15-devel-5.0.24-1.1.20060mlcs4.i586.rpm
423a28d42aec3612823398b88d6ab0ce
corporate/4.0/i586/libmysql15-static-devel-5.0.24-1.1.20060mlcs4.i586.rpm
4151b2b3b22cd4b8c1dc031fb3430d78
corporate/4.0/SRPMS/MySQL-5.0.24-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
b89177a384077e76ef9df8d021c74a66
corporate/4.0/x86_64/MySQL-5.0.24-1.1.20060mlcs4.x86_64.rpm
3c7b768ba6f05ea036d940cc58c6500a
corporate/4.0/x86_64/MySQL-Max-5.0.24-1.1.20060mlcs4.x86_64.rpm
95da2d0ea66c4de6dadbd89324197a27
corporate/4.0/x86_64/MySQL-bench-5.0.24-1.1.20060mlcs4.x86_64.rpm
a5c454af184c33ce1e8d555ace6c8931
corporate/4.0/x86_64/MySQL-client-5.0.24-1.1.20060mlcs4.x86_64.rpm
34f0b93bc7b48c1f8fa04a74550036c3
corporate/4.0/x86_64/MySQL-common-5.0.24-1.1.20060mlcs4.x86_64.rpm
9882f3066be03c78f7dd7bbe1bf0c555
corporate/4.0/x86_64/MySQL-ndb-extra-5.0.24-1.1.20060mlcs4.x86_64.rpm
9c61cca4d73f8f0baf55987f538d6872
corporate/4.0/x86_64/MySQL-ndb-management-5.0.24-1.1.20060mlcs4.x86_64.rpm
2d155a51c2c9ecd4ad645dcfe314280c
corporate/4.0/x86_64/MySQL-ndb-storage-5.0.24-1.1.20060mlcs4.x86_64.rpm
eda3a5e7040258ff6005323db42d4b7e
corporate/4.0/x86_64/MySQL-ndb-tools-5.0.24-1.1.20060mlcs4.x86_64.rpm
cf8f3a2b20f73a918afcc2c3e73ac57a
corporate/4.0/x86_64/lib64mysql15-5.0.24-1.1.20060mlcs4.x86_64.rpm
87246d9937ee81c09d53243c35aff3cc
corporate/4.0/x86_64/lib64mysql15-devel-5.0.24-1.1.20060mlcs4.x86_64.rpm
325018d3076aebc0ca825c20b7065909
corporate/4.0/x86_64/lib64mysql15-static-devel-5.0.24-1.1.20060mlcs4.x86_64.rpm
4151b2b3b22cd4b8c1dc031fb3430d78
corporate/4.0/SRPMS/MySQL-5.0.24-1.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of
md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG
public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGi/ojmqjQ0CJFipgRAj4NAKCMFSHT8PkOglo8P86m1XiXTwUasQCfWnjl
9JQL+8BVj6JxMqm+UCYacFs=
=SIi1
-----END PGP SIGNATURE-----



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:140
http://www.mandriva.com/security/
_______________________________________________________________________

Package : apache
Date : July 4, 2007
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered in the the Apache mod_status module that
could lead to a cross-site scripting attack on sites where the server-status
page was publically accessible and ExtendedStatus was enabled
(CVE-2006-5752).

A vulnerability was found in the Apache mod_cache module that could cause
the httpd server child process to crash if it was sent a carefully crafted
request. This could lead to a denial of service if using a threaded MPM
(CVE-2007-1863).

The Apache server also did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to run
scripts on the server could manipulate the scoreboard and cause arbitrary
processes to be terminated (CVE-2007-3304).

Updated packages have been patched to prevent the above issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
5f906bba3e1195f5ffbc3fcb2a6bde38
2007.0/i586/apache-base-2.2.3-1.1mdv2007.0.i586.rpm
83a4844cd98ef203958796ce280a71b2
2007.0/i586/apache-devel-2.2.3-1.1mdv2007.0.i586.rpm
2a6853cad61ca0548715486c5d4c8a23
2007.0/i586/apache-htcacheclean-2.2.3-1.1mdv2007.0.i586.rpm
bebbc850c030be2ef87ce12d420fb825
2007.0/i586/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.i586.rpm
9e08e4738b304aab4f90f4f18aa5da45
2007.0/i586/apache-mod_cache-2.2.3-1.1mdv2007.0.i586.rpm
989d0538f7882277053f6d4c89ca581c
2007.0/i586/apache-mod_dav-2.2.3-1.1mdv2007.0.i586.rpm
c1c0fc53dd811dd6176800226574efbf
2007.0/i586/apache-mod_dbd-2.2.3-1.1mdv2007.0.i586.rpm
e68509c01d66b9d42e676e7974360154
2007.0/i586/apache-mod_deflate-2.2.3-1.1mdv2007.0.i586.rpm
5596cb5359b7919125fc10be83598445
2007.0/i586/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.i586.rpm
d71b54240667224fd7da7fec4693c30b
2007.0/i586/apache-mod_file_cache-2.2.3-1.1mdv2007.0.i586.rpm
3571cab041e622f9399c57f377ac3fe3
2007.0/i586/apache-mod_ldap-2.2.3-1.1mdv2007.0.i586.rpm
598fdd7aad80fdc557142c5e9fc00677
2007.0/i586/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.i586.rpm
f4ec774478f5d198ad2e3d3384a5ad83
2007.0/i586/apache-mod_proxy-2.2.3-1.1mdv2007.0.i586.rpm
ab7726290be59f03a5ade2029a2b02f8
2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.i586.rpm
d72ab4173d51da4a0c1df63dbb52ccf5
2007.0/i586/apache-mod_ssl-2.2.3-1.1mdv2007.0.i586.rpm
fcde0ec8b64d83402b53f926ec7fa835
2007.0/i586/apache-mod_userdir-2.2.3-1.1mdv2007.0.i586.rpm
58a0628d42d23c9aa5df6567789fad40
2007.0/i586/apache-modules-2.2.3-1.1mdv2007.0.i586.rpm
011487e1afdfb400419303182e5320c7
2007.0/i586/apache-mpm-prefork-2.2.3-1.1mdv2007.0.i586.rpm
7a755b22020153b44f8d00ba153d3d97
2007.0/i586/apache-mpm-worker-2.2.3-1.1mdv2007.0.i586.rpm
ef6e11f0d26db492bc9fe83a2dbf53d7
2007.0/i586/apache-source-2.2.3-1.1mdv2007.0.i586.rpm
411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
7c5408879073413fb27f2d40854813d0
2007.0/x86_64/apache-base-2.2.3-1.1mdv2007.0.x86_64.rpm
c720f2a661616b0bf35bc353d14b9b3b
2007.0/x86_64/apache-devel-2.2.3-1.1mdv2007.0.x86_64.rpm
12164d6d70972cb9ed2fb6581e212bf1
2007.0/x86_64/apache-htcacheclean-2.2.3-1.1mdv2007.0.x86_64.rpm
5278f8d03ce9d59ec4929d4362b04bbe
2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm
40c83185db12d04f4953a374b329ebb3
2007.0/x86_64/apache-mod_cache-2.2.3-1.1mdv2007.0.x86_64.rpm
fe37fb1d4378c4bbcfd8d63bd57c3d4d
2007.0/x86_64/apache-mod_dav-2.2.3-1.1mdv2007.0.x86_64.rpm
0830bc5d1718a533e3358a45975596ce
2007.0/x86_64/apache-mod_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm
e18c3a6a322258e73b87170766aa7882
2007.0/x86_64/apache-mod_deflate-2.2.3-1.1mdv2007.0.x86_64.rpm
fc8c27067e6b04bd549fe0b95579ebaa
2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.x86_64.rpm
b31385db2199fd33eeb624c80e9d882a
2007.0/x86_64/apache-mod_file_cache-2.2.3-1.1mdv2007.0.x86_64.rpm
08123786649152eab65e123c75db8e66
2007.0/x86_64/apache-mod_ldap-2.2.3-1.1mdv2007.0.x86_64.rpm
7de4b739d93683648209dcdc69dd5473
2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.x86_64.rpm
85fde2923d945f3849d77f806b8bc55d
2007.0/x86_64/apache-mod_proxy-2.2.3-1.1mdv2007.0.x86_64.rpm
b68991944f2989b6d3f89f7272239d76
2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.x86_64.rpm
19871683773211daa721957dc5dd565d
2007.0/x86_64/apache-mod_ssl-2.2.3-1.1mdv2007.0.x86_64.rpm
5cf2a97219d6789e4572da1ecddedf16
2007.0/x86_64/apache-mod_userdir-2.2.3-1.1mdv2007.0.x86_64.rpm
feede872aaf0ca4bbd86ffe24455e9cd
2007.0/x86_64/apache-modules-2.2.3-1.1mdv2007.0.x86_64.rpm
a00a35d4eba8f538cea741b2fc4079f4
2007.0/x86_64/apache-mpm-prefork-2.2.3-1.1mdv2007.0.x86_64.rpm
da86251e4417f068d2cafed30e380779
2007.0/x86_64/apache-mpm-worker-2.2.3-1.1mdv2007.0.x86_64.rpm
ceb7fd32d3ad933ab6a914085f858911
2007.0/x86_64/apache-source-2.2.3-1.1mdv2007.0.x86_64.rpm
411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
9daef91724ded29a3c76e74c261f7766
2007.1/i586/apache-base-2.2.4-6.2mdv2007.1.i586.rpm
9288ee938a0853d6e0072f839c68c1c2
2007.1/i586/apache-devel-2.2.4-6.2mdv2007.1.i586.rpm
613a986f9f654f1ce3432ee6f6db2391
2007.1/i586/apache-htcacheclean-2.2.4-6.2mdv2007.1.i586.rpm
8e0eb376d851d1ddba8850d4233fc3d3
2007.1/i586/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.i586.rpm
24de68668efa15e4abaaffd690837256
2007.1/i586/apache-mod_cache-2.2.4-6.2mdv2007.1.i586.rpm
288866908d43959c4b31c368346ba65d
2007.1/i586/apache-mod_dav-2.2.4-6.2mdv2007.1.i586.rpm
d25838ec739d7a0037148f573262f81c
2007.1/i586/apache-mod_dbd-2.2.4-6.2mdv2007.1.i586.rpm
ebad14bcccb73c8f8a27e98a6982a6f1
2007.1/i586/apache-mod_deflate-2.2.4-6.2mdv2007.1.i586.rpm
810d445f2146848b582e798e368b32ab
2007.1/i586/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.i586.rpm
307de93279683b5b3e76ee6d971781cc
2007.1/i586/apache-mod_file_cache-2.2.4-6.2mdv2007.1.i586.rpm
f59890e1bc38cfa598a4100705cf4cc6
2007.1/i586/apache-mod_ldap-2.2.4-6.2mdv2007.1.i586.rpm
098a05d1cbaa6bfa2d2707896dd6366c
2007.1/i586/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.i586.rpm
6504f5e57440ff07da16de3d928898f6
2007.1/i586/apache-mod_proxy-2.2.4-6.2mdv2007.1.i586.rpm
adc3a611a780e23178e93a6cedf135d4
2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.i586.rpm
659508a67fbe28b5dd9f861384ca1cf1
2007.1/i586/apache-mod_ssl-2.2.4-6.2mdv2007.1.i586.rpm
604eb70716d7e7b6bc6e8399cc4d9f5c
2007.1/i586/apache-mod_userdir-2.2.4-6.2mdv2007.1.i586.rpm
750d7cb431356abc88fe7a031f872b04
2007.1/i586/apache-modules-2.2.4-6.2mdv2007.1.i586.rpm
210be718db221db891452f05a001ee4e
2007.1/i586/apache-mpm-event-2.2.4-6.2mdv2007.1.i586.rpm
482e3d3af6756108c3e9a26ec2a8ac56
2007.1/i586/apache-mpm-itk-2.2.4-6.2mdv2007.1.i586.rpm
b76ff4578c127ebd248b21a85a31140a
2007.1/i586/apache-mpm-prefork-2.2.4-6.2mdv2007.1.i586.rpm
2484dee8a4d4e7604a69abcd1b443954
2007.1/i586/apache-mpm-worker-2.2.4-6.2mdv2007.1.i586.rpm
9823f9b97e1829df97999494c3a3d453
2007.1/i586/apache-source-2.2.4-6.2mdv2007.1.i586.rpm
ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
4d043339268bff11fa07897ee3dc2988
2007.1/x86_64/apache-base-2.2.4-6.2mdv2007.1.x86_64.rpm
afbae73f408fa95c9e4d25e3aa39583d
2007.1/x86_64/apache-devel-2.2.4-6.2mdv2007.1.x86_64.rpm
d92c22ff28fcd919b3a8525f753066c3
2007.1/x86_64/apache-htcacheclean-2.2.4-6.2mdv2007.1.x86_64.rpm
abe81d2effd6f4975accbdc8d25d089e
2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm
480d5c31af3289f26953a691f92e2a51
2007.1/x86_64/apache-mod_cache-2.2.4-6.2mdv2007.1.x86_64.rpm
3feae93ade4038e67fcbaa691f2a74aa
2007.1/x86_64/apache-mod_dav-2.2.4-6.2mdv2007.1.x86_64.rpm
b60eead7fe808fbc5eff6cb34f1de80b
2007.1/x86_64/apache-mod_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm
023afee3221da629fd8e1d34006b7463
2007.1/x86_64/apache-mod_deflate-2.2.4-6.2mdv2007.1.x86_64.rpm
1180446c8cf65c196352006d6da00e17
2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.x86_64.rpm
0e8c2dfc0e42c23b0afbada9f8868bb6
2007.1/x86_64/apache-mod_file_cache-2.2.4-6.2mdv2007.1.x86_64.rpm
32aa45f45b8893d6c23c6892b7ad7e62
2007.1/x86_64/apache-mod_ldap-2.2.4-6.2mdv2007.1.x86_64.rpm
15c20ffb5fdc8ab2a6fa92157c9f0536
2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.x86_64.rpm
f91fd6552f480eb36d030bb2e91d30b4
2007.1/x86_64/apache-mod_proxy-2.2.4-6.2mdv2007.1.x86_64.rpm
2c9d1e35af7adebaeb6284bf5da4dd5f
2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.x86_64.rpm
caa59aaba47c89d20e799a3f02271afd
2007.1/x86_64/apache-mod_ssl-2.2.4-6.2mdv2007.1.x86_64.rpm
8ac44f8c409ea29492a3acdc1eb44c7f
2007.1/x86_64/apache-mod_userdir-2.2.4-6.2mdv2007.1.x86_64.rpm
0f2198ec988390ff3b7843a1e7090517
2007.1/x86_64/apache-modules-2.2.4-6.2mdv2007.1.x86_64.rpm
2548664fde736f25acf59f46c847d1ff
2007.1/x86_64/apache-mpm-event-2.2.4-6.2mdv2007.1.x86_64.rpm
2434c402bae11969ddf5281f2f042d24
2007.1/x86_64/apache-mpm-itk-2.2.4-6.2mdv2007.1.x86_64.rpm
8a06ecd19726db033496a042c6a6be2f
2007.1/x86_64/apache-mpm-prefork-2.2.4-6.2mdv2007.1.x86_64.rpm
e8d339c397409391f3fb36f704c38c6c
2007.1/x86_64/apache-mpm-worker-2.2.4-6.2mdv2007.1.x86_64.rpm
8a6f923428242f7aa1b4d489739e241b
2007.1/x86_64/apache-source-2.2.4-6.2mdv2007.1.x86_64.rpm
ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm

Corporate 4.0:
74beb8d1579ce5d5f12c8b15981b6e63
corporate/4.0/i586/apache-base-2.2.3-1.1.20060mlcs4.i586.rpm
326a8259b0d99bc2938bfa6cd85743e7
corporate/4.0/i586/apache-devel-2.2.3-1.1.20060mlcs4.i586.rpm
ca305d0928255a65814af781b345a056
corporate/4.0/i586/apache-htcacheclean-2.2.3-1.1.20060mlcs4.i586.rpm
48c2b6a5ee11c3f011b1f6dc60a86479
corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.i586.rpm
b81a3077cb88a34af43a61ad6f2559ea
corporate/4.0/i586/apache-mod_cache-2.2.3-1.1.20060mlcs4.i586.rpm
ba5aee0b2a86182560e54f0cf4d360bd
corporate/4.0/i586/apache-mod_dav-2.2.3-1.1.20060mlcs4.i586.rpm
b696352106c5a0d1697385523455c767
corporate/4.0/i586/apache-mod_dbd-2.2.3-1.1.20060mlcs4.i586.rpm
e79f271f000dd7f3a009cca70fd7e4a2
corporate/4.0/i586/apache-mod_deflate-2.2.3-1.1.20060mlcs4.i586.rpm
c7bdb987f61099b64e751639ca02dd8a
corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.i586.rpm
b0303fcc2f43bdcf25419dde56df2297
corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.i586.rpm
f818ff0f890abe230c92069f9d256e5c
corporate/4.0/i586/apache-mod_ldap-2.2.3-1.1.20060mlcs4.i586.rpm
4247be23e42c368b3880c7ab5ac13c89
corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.i586.rpm
e50f1749935c96d3364bdce9af5d22bf
corporate/4.0/i586/apache-mod_proxy-2.2.3-1.1.20060mlcs4.i586.rpm
a619b4e0130d1db7f77a790fee0917a6
corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.i586.rpm
8170e0e77256f08d07b02119400a19f9
corporate/4.0/i586/apache-mod_ssl-2.2.3-1.1.20060mlcs4.i586.rpm
4a5d94d4f94295efe48266a1d529486e
corporate/4.0/i586/apache-mod_userdir-2.2.3-1.1.20060mlcs4.i586.rpm
7c0c27197d6b44115366eac339c424f2
corporate/4.0/i586/apache-modules-2.2.3-1.1.20060mlcs4.i586.rpm
56351aafc723fdea2f2fac22d5046944
corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.i586.rpm
ccbb2f27b762b5dd564dc7a00aac6db0
corporate/4.0/i586/apache-mpm-worker-2.2.3-1.1.20060mlcs4.i586.rpm
a65137ff29ed6a1da1f894d19997faec
corporate/4.0/i586/apache-source-2.2.3-1.1.20060mlcs4.i586.rpm
8cdf592a822485abba00dfb6591615ea
corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
7a9b4f5b3fcf2cac67e4c38022ee2441
corporate/4.0/x86_64/apache-base-2.2.3-1.1.20060mlcs4.x86_64.rpm
5604ba341d957fbe6182bd2eb29a8e9d
corporate/4.0/x86_64/apache-devel-2.2.3-1.1.20060mlcs4.x86_64.rpm
8983bda4bbe3b58f9c6c317531eb52b7
corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.1.20060mlcs4.x86_64.rpm
9baf252cbc8ef8a093ed25e7a0daf25d
corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm
26cc58bcbfd25a83c15051c8f590a36d
corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm
941a32aea1b1b3bca1ae343d5d925892
corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.1.20060mlcs4.x86_64.rpm
1d79a7b921ce150de88e22ffbaba4b31
corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm
d80b9ffca3dd024e73d069e55ba7fa3e
corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.1.20060mlcs4.x86_64.rpm
7a7a11645680a7bee9cf88b166b0d32f
corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm
fcc85c0f9faf1fa08a01f3d4ecb68033
corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm
55789d16ff565bcd31dfa522435d4d4b
corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.1.20060mlcs4.x86_64.rpm
7ee708824d65878b71ede35e139ac94d
corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm
e8579835f848cade641da14354196497
corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.1.20060mlcs4.x86_64.rpm
6a1e70a638aecf603f3bc2485d14bd78
corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.x86_64.rpm
212f40574d0821b909972ebc36fb697a
corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.1.20060mlcs4.x86_64.rpm
32a8dd886e42c8093be05c9ee4d31855
corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.1.20060mlcs4.x86_64.rpm
265bccd86baa7fca942f1c6d4d694523
corporate/4.0/x86_64/apache-modules-2.2.3-1.1.20060mlcs4.x86_64.rpm
babdb585a6c754f23d91c41fc844a5e2
corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.x86_64.rpm
63274f5c5dc3897d0062f621b1c63e0e
corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.1.20060mlcs4.x86_64.rpm
18782a1fcbcb760d36162ce830ac4cdd
corporate/4.0/x86_64/apache-source-2.2.3-1.1.20060mlcs4.x86_64.rpm
8cdf592a822485abba00dfb6591615ea
corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of
md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG
public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGjD3WmqjQ0CJFipgRAtGoAKCXMGCKCMbkso0ugvF0TpsWNwkPjgCfVakS
Re00IyLecNs4MIGgsrv2qJE=
=5EEm
-----END PGP SIGNATURE-----



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:141
http://www.mandriva.com/security/
_______________________________________________________________________

Package : apache
Date : July 4, 2007
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered in the the Apache mod_status module that
could lead to a cross-site scripting attack on sites where the server-status
page was publically accessible and ExtendedStatus was enabled
(CVE-2006-5752).

A vulnerability was found in the Apache mod_cache module that could cause
the httpd server child process to crash if it was sent a carefully crafted
request. This could lead to a denial of service if using a threaded MPM
(CVE-2007-1863).

Updated packages have been patched to prevent the above issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
33b4ae40c9eedadc7ea05bbb79a8a023
corporate/3.0/i586/apache2-2.0.48-6.14.C30mdk.i586.rpm
0d2db18ac10c77ab4486c3b3f693b3c9
corporate/3.0/i586/apache2-common-2.0.48-6.14.C30mdk.i586.rpm
530dc14f5f5c28f0c41c28263be70c66
corporate/3.0/i586/apache2-devel-2.0.48-6.14.C30mdk.i586.rpm
23d8731286c81b5ef69e6c743d064751
corporate/3.0/i586/apache2-manual-2.0.48-6.14.C30mdk.i586.rpm
fecdea1f465f55798f44dfb54f5d505d
corporate/3.0/i586/apache2-mod_cache-2.0.48-6.14.C30mdk.i586.rpm
76b1905e2f629f6b7f44965157edc9f8
corporate/3.0/i586/apache2-mod_dav-2.0.48-6.14.C30mdk.i586.rpm
d444c58838c9b6bfb165f20e3947fa71
corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.14.C30mdk.i586.rpm
bbf3e12adee9e972716c6d9b3b00024a
corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.14.C30mdk.i586.rpm
0a4de57e75712e4972cec7be5ea028c1
corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.14.C30mdk.i586.rpm
d3ad1ad4b8d2e6ac0326f319d22c4736
corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.14.C30mdk.i586.rpm
38c489f26dbc7fafb4fb7014310648f8
corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.14.C30mdk.i586.rpm
84a4b113c4eb28004920fda04bf6e4c5
corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.14.C30mdk.i586.rpm
39a8ff0956dd1087e14958ce141efaec
corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.14.C30mdk.i586.rpm
d240e12e5c70884a03d4a4e93c121678
corporate/3.0/i586/apache2-modules-2.0.48-6.14.C30mdk.i586.rpm
8df7637f83d086df49f35caa9efb823e
corporate/3.0/i586/apache2-source-2.0.48-6.14.C30mdk.i586.rpm
d27c0cc4ee311add44ab39386cda6327
corporate/3.0/i586/libapr0-2.0.48-6.14.C30mdk.i586.rpm
412819e938a35e65159856b6df26d0a3
corporate/3.0/SRPMS/apache2-2.0.48-6.14.C30mdk.src.rpm

Corporate 3.0/X86_64:
dfccabfd0496f8c43190e8a3fb8126c4
corporate/3.0/x86_64/apache2-2.0.48-6.14.C30mdk.x86_64.rpm
611a03bcb215fea9cdbcb9947e4c2fe5
corporate/3.0/x86_64/apache2-common-2.0.48-6.14.C30mdk.x86_64.rpm
5a0b8194418b87bb5c876689074dae73
corporate/3.0/x86_64/apache2-devel-2.0.48-6.14.C30mdk.x86_64.rpm
243acf8278d50e8aa3603ee66888bee5
corporate/3.0/x86_64/apache2-manual-2.0.48-6.14.C30mdk.x86_64.rpm
3c7e59abeaadf6e7b79625aa7c2a8feb
corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.14.C30mdk.x86_64.rpm
ea0051d179e89eb578784da0a06ba515
corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.14.C30mdk.x86_64.rpm
cedc742db5f95e6cfa514ca272a0beb8
corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.14.C30mdk.x86_64.rpm
52ea68be3a7d00bfcfb295bf7c838fd8
corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.14.C30mdk.x86_64.rpm
a34a7ef7a90245843abd29a901982458
corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.14.C30mdk.x86_64.rpm
ebf80868b29fbcec3cfe98f97c9c039a
corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.14.C30mdk.x86_64.rpm
9498d52515df024b731c77e86ec8ca80
corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.14.C30mdk.x86_64.rpm
4d2f6004a024770a542110ddb458d331
corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.14.C30mdk.x86_64.rpm
0ba5b39fe791c256f1bcfc31f0283244
corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.14.C30mdk.x86_64.rpm
da4637c7b4465764f4813d2c2aee33c2
corporate/3.0/x86_64/apache2-modules-2.0.48-6.14.C30mdk.x86_64.rpm
8404598ff3c49d98ba12067f32cce34c
corporate/3.0/x86_64/apache2-source-2.0.48-6.14.C30mdk.x86_64.rpm
6fcf4bc783925e54682204f364bfd8ff
corporate/3.0/x86_64/lib64apr0-2.0.48-6.14.C30mdk.x86_64.rpm
412819e938a35e65159856b6df26d0a3
corporate/3.0/SRPMS/apache2-2.0.48-6.14.C30mdk.src.rpm

Multi Network Firewall 2.0:
3b66d4eaf4091aede0930ec9301064a0
mnf/2.0/i586/apache2-2.0.48-6.14.M20mdk.i586.rpm
c94a8966ab3b67071429c14c1eb899f2
mnf/2.0/i586/apache2-common-2.0.48-6.14.M20mdk.i586.rpm
dadac33ef4982ab11d5598997d4e4d1d
mnf/2.0/i586/apache2-devel-2.0.48-6.14.M20mdk.i586.rpm
9dbe03b9bebae8ce4e4703e210e2c1fa
mnf/2.0/i586/apache2-manual-2.0.48-6.14.M20mdk.i586.rpm
7c977a7a26bbeaafa3a799ebd0559ea5
mnf/2.0/i586/apache2-mod_cache-2.0.48-6.14.M20mdk.i586.rpm
2e47db770a1a974710d5dae1ca290936
mnf/2.0/i586/apache2-mod_dav-2.0.48-6.14.M20mdk.i586.rpm
e0319ec65d680b04fc0768dcb62e009c
mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.14.M20mdk.i586.rpm
56487fcc42cf1213f629eb8e2c0166a8
mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.14.M20mdk.i586.rpm
f04b85763fe99b9a8675693540abbba9
mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.14.M20mdk.i586.rpm
d64c6bb4f71752fffcfea7fa6df6e9d5
mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.14.M20mdk.i586.rpm
032d38f08b994e8056b7a45b41d6779b
mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.14.M20mdk.i586.rpm
4daa1573e3b352ae0876ced8a816ddc1
mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.14.M20mdk.i586.rpm
68aa23dad66ad710e96750abab87c359
mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.14.M20mdk.i586.rpm
95b0de0c80b432e4fe82e745408417e6
mnf/2.0/i586/apache2-modules-2.0.48-6.14.M20mdk.i586.rpm
d80dca1b0b2a7870f3d65424342b8f1b
mnf/2.0/i586/apache2-source-2.0.48-6.14.M20mdk.i586.rpm
4ef56c99d09113cb3139bf3b89b35d86
mnf/2.0/i586/libapr0-2.0.48-6.14.M20mdk.i586.rpm
542f190bea765d0d80dc660396078538
mnf/2.0/SRPMS/apache2-2.0.48-6.14.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of
md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG
public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGjEEPmqjQ0CJFipgRAuYaAJ49WMOSIRzYWAfA2I5MZqJ5UHOCiQCfWKIT
MjP/AAbsJuhDQISFHH01wow=
=xNXK
-----END PGP SIGNATURE-----




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:142
http://www.mandriva.com/security/
_______________________________________________________________________

Package : apache
Date : July 4, 2007
Affected: Corporate 3.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered in the the Apache mod_status module that
could lead to a cross-site scripting attack on sites where the server-status
page was publically accessible and ExtendedStatus was enabled
(CVE-2006-5752).

The Apache server also did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to run
scripts on the server could manipulate the scoreboard and cause arbitrary
processes to be terminated (CVE-2007-3304).

Updated packages have been patched to prevent the above issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
f5e889bd8e60e51e3083c469fe45819b
corporate/3.0/i586/apache-1.3.29-1.6.C30mdk.i586.rpm
b93136eed561695b1e08bc8928ae2ed5
corporate/3.0/i586/apache-devel-1.3.29-1.6.C30mdk.i586.rpm
d3020b612ea5ba6608cb31fb9d36b2e3
corporate/3.0/i586/apache-modules-1.3.29-1.6.C30mdk.i586.rpm
7d388f0149dd885c836c0122daf3da8c
corporate/3.0/i586/apache-source-1.3.29-1.6.C30mdk.i586.rpm
d380c7a6bb60735195479677bf9873d5
corporate/3.0/SRPMS/apache-1.3.29-1.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
6afb4426581fe816df087d4c08f40384
corporate/3.0/x86_64/apache-1.3.29-1.6.C30mdk.x86_64.rpm
c71d91796cfa58cca1988bd7500d4982
corporate/3.0/x86_64/apache-devel-1.3.29-1.6.C30mdk.x86_64.rpm
4e75d741e641f29b7a78a32dc7ff5e2c
corporate/3.0/x86_64/apache-modules-1.3.29-1.6.C30mdk.x86_64.rpm
bce6cac0aaa62358779c65a67902fe64
corporate/3.0/x86_64/apache-source-1.3.29-1.6.C30mdk.x86_64.rpm
d380c7a6bb60735195479677bf9873d5
corporate/3.0/SRPMS/apache-1.3.29-1.6.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of
md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG
public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGjEPymqjQ0CJFipgRAiqsAJ9/1qGMlTFhwawadwHNlrvwU0E82wCfWh1g
KiF+cUWLSzhCxnMa0dTB5UU=
=4/IQ
-----END PGP SIGNATURE-----



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:143
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mplayer
Date : July 10, 2007
Affected: 2007.0, 2007.1, Corporate 3.0
_______________________________________________________________________

Problem Description:

Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer
before 1.0rc1try3 allow remote attackers to execute arbitrary code via a
CDDB entry with a long (1) album title or (2) category.

Updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2948
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
25e2f7434923c54e22a15817ec58174e
2007.0/i586/libdha1.0-1.0-1.pre8.13.4mdv2007.0.i586.rpm
a062d432719daa5ba6f1d5d7307a1ba8
2007.0/i586/mencoder-1.0-1.pre8.13.4mdv2007.0.i586.rpm
17a8adca674bece173ea1ddb6301eaa5
2007.0/i586/mplayer-1.0-1.pre8.13.4mdv2007.0.i586.rpm
27ccf8fa2715d44bfe183603767c56a7
2007.0/i586/mplayer-gui-1.0-1.pre8.13.4mdv2007.0.i586.rpm
0cb86683e6e5c38381fb3cd6ccb62240
2007.0/SRPMS/mplayer-1.0-1.pre8.13.4mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
0eb841778648537762f458fa39e29f6c
2007.0/x86_64/mencoder-1.0-1.pre8.13.4mdv2007.0.x86_64.rpm
51039a3929e9f208fd9e82be957a98de
2007.0/x86_64/mplayer-1.0-1.pre8.13.4mdv2007.0.x86_64.rpm
6288f99b19ff5b871c2183c7c77fea8f
2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.4mdv2007.0.x86_64.rpm
0cb86683e6e5c38381fb3cd6ccb62240
2007.0/SRPMS/mplayer-1.0-1.pre8.13.4mdv2007.0.src.rpm

Mandriva Linux 2007.1:
ef28e39e802fa8a234f86df2ad95c45c
2007.1/i586/libdha1.0-1.0-1.rc1.11.2mdv2007.1.i586.rpm
afe898096241784c90501d8a7a6ccd88
2007.1/i586/mencoder-1.0-1.rc1.11.2mdv2007.1.i586.rpm
9b94c89b98f7f6303bb113873d6c74e2
2007.1/i586/mplayer-1.0-1.rc1.11.2mdv2007.1.i586.rpm
3b4a54447411d32ac010e75943fc5493
2007.1/i586/mplayer-doc-1.0-1.rc1.11.2mdv2007.1.i586.rpm
eedbff57903999e78f3ebc31695fd632
2007.1/i586/mplayer-gui-1.0-1.rc1.11.2mdv2007.1.i586.rpm
9aca58cedd97a632d671e550e2abe3ee
2007.1/SRPMS/mplayer-1.0-1.rc1.11.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
674516b36f851b06ade955dcc2ccdb6c
2007.1/x86_64/mencoder-1.0-1.rc1.11.2mdv2007.1.x86_64.rpm
bf5722fa05f82f79e298830226a995fd
2007.1/x86_64/mplayer-1.0-1.rc1.11.2mdv2007.1.x86_64.rpm
910a0878c17d0f936b6e669032bc6d36
2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.2mdv2007.1.x86_64.rpm
c572ce827d290621654bd8c57587f76d
2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.2mdv2007.1.x86_64.rpm
9aca58cedd97a632d671e550e2abe3ee
2007.1/SRPMS/mplayer-1.0-1.rc1.11.2mdv2007.1.src.rpm

Corporate 3.0:
34534b724ef48b53d706949f448978ad
corporate/3.0/i586/libdha0.1-1.0-0.pre3.14.12.C30mdk.i586.rpm
7f60b9f3ef33ea7e2f131d570c658d10
corporate/3.0/i586/libpostproc0-1.0-0.pre3.14.12.C30mdk.i586.rpm
bd302e5db44860753ada86b1229a8d5d
corporate/3.0/i586/libpostproc0-devel-1.0-0.pre3.14.12.C30mdk.i586.rpm
828c20f259283b69aadf064c56fad11f
corporate/3.0/i586/mencoder-1.0-0.pre3.14.12.C30mdk.i586.rpm
cb41721c4bb550af139ac3b8e44d73a6
corporate/3.0/i586/mplayer-1.0-0.pre3.14.12.C30mdk.i586.rpm
0df3b055e8dec142b7041d3e2454688b
corporate/3.0/i586/mplayer-gui-1.0-0.pre3.14.12.C30mdk.i586.rpm
15197a8db2b41eb6051e976c5411341a
corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.12.C30mdk.src.rpm

Corporate 3.0/X86_64:
f74386a58305e0f50cdbecbcd5c3f0b3
corporate/3.0/x86_64/lib64postproc0-1.0-0.pre3.14.12.C30mdk.x86_64.rpm
656b76d2ad1fdd78daaa5bca0a3d014f
corporate/3.0/x86_64/lib64postproc0-devel-1.0-0.pre3.14.12.C30mdk.x86_64.rpm
de8581bfb537adaac8a0eb47f96fe4bd
corporate/3.0/x86_64/mencoder-1.0-0.pre3.14.12.C30mdk.x86_64.rpm
5a4e7cccb601485889ed3619492ec839
corporate/3.0/x86_64/mplayer-1.0-0.pre3.14.12.C30mdk.x86_64.rpm
f3ea84ee2e18f7457674daff97646bb1
corporate/3.0/x86_64/mplayer-gui-1.0-0.pre3.14.12.C30mdk.x86_64.rpm
15197a8db2b41eb6051e976c5411341a
corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.12.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of
md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG
public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGky0GmqjQ0CJFipgRAlMNAJ9S0Y8nRlK9mZR9yDn8oQ3C7KiSTwCgt2w2
jRuM+Q/iusy2bfe9XlHXCxU=
=NSYO
-----END PGP SIGNATURE-----

___________________________________________________________________________

CPNI wishes to acknowledge the contributions of Mandriva for the
information contained in this advisory.
___________________________________________________________________________

This advisory contains information released by the original author. Some of
the information may have changed since it was released. If the issue affects
you, it may be prudent to retrieve the advisory from the site of the original
source to ensure that
you receive the most current
information concerning that problem.

Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply its
endorsement, recommendation, or favouring by CPNI. The views and opinions of
authors expressed within
this notice shall not be used for advertising or product endorsement purposes.

CPNI shall not accept responsibility for any errors or omissions
contained within this advisory. In particular, they shall not be liable for
any loss or damage whatsoever, arising from or in connection with the usage of
information contained within this advisory.

CPNI is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to
incidents, and to promote
information sharing amongst its members and the community at large.
___________________________________________________________________________

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |