--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-177326 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177326 2006-01-19 --------------------------------------------------------------------- Name : mod_auth_pgsql Versions : fc1: mod_auth_pgsql-2.0.1-3.1.legacy Versions : fc2: mod_auth_pgsql-2.0.1-4.2.legacy Summary : Basic authentication for the Apache Web server using a PostgreSQL database. Description : Mod_auth_pgsql can be used to limit access to documents served by a Web server by checking fields in a table in a PostgresQL database. --------------------------------------------------------------------- Update Information: An updated mod_auth_pgsql package that fixes a format string flaw is now available. The mod_auth_pgsql package is an httpd module that allows user authentication against information stored in a PostgreSQL database. Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. All users of mod_auth_pgsql should upgrade to these updated packages, which contain a backported patch to resolve this issue. --------------------------------------------------------------------- Changelogs fc1: * Sun Jan 15 2006 David Eisenstein <deisenst at gtw.net> 2.0.1-3.1.legacy - The following fixes lifted wholesale from FC3's .src.rpm, (Legacy Bug #177326). Changes by Joe Orton of RedHat: * add security fix for CVE-2005-3656 * don't strip .so file so debuginfo works * fix r->user handling (Mirko Streckenbach, #150087) * merge from Taroon (RHEL 3): - don't re-use database connections (#115496) - make functions static - downgrade "not configured" log message from warning to debug fc2: * Sun Jan 15 2006 David Eisenstein <deisenst at gtw.net> 2.0.1-4.2.legacy - Rebuilt for FC2 * Sun Jan 15 2006 David Eisenstein <deisenst at gtw.net> 2.0.1-3.1.legacy - The following fixes lifted wholesale from FC3's .src.rpm, (Legacy Bug #177326). Changes by Joe Orton of RedHat: * add security fix for CVE-2005-3656 * don't strip .so file so debuginfo works * fix r->user handling (Mirko Streckenbach, #150087) * merge from Taroon (RHEL 3): - don't re-use database connections (#115496) - make functions static - downgrade "not configured" log message from warning to debug --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) e6ce19c8be5f4638e2050437c4529b0d4a0f5e1f fedora/1/updates-testing/i386/mod_auth_pgsql-2.0.1-3.1.legacy.i386.rpm 119b3b6045eaa3b175ebe3d613daca8e9c81b35c fedora/1/updates-testing/SRPMS/mod_auth_pgsql-2.0.1-3.1.legacy.src.rpm 8f9c2503b417db84b73483e6daca445c4789e4e4 fedora/2/updates-testing/i386/mod_auth_pgsql-2.0.1-4.2.legacy.i386.rpm 52aabaff10fb0f862e1b96199facb7da046e94dc fedora/2/updates-testing/SRPMS/mod_auth_pgsql-2.0.1-4.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
