-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:083 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache-mod_perl Date : April 11, 2007 Affected: 2006.0, 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 36fc6ebd1647bf1cd0d404f19342ad7e 2006.0/i586/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.i586.rpm 02dce36084140d70e829e47d960ea576 2006.0/i586/apache-mod_perl-devel-2.0.54_2.0.1-6.1.20060mdk.i586.rpm 0b880a7578f7f0d4378f9e21204696c9 2006.0/SRPMS/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: fa69d3b6658b440e244404c8a27dc31a 2006.0/x86_64/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.x86_64.rpm e2cd324ddefb059d9e15c7cf29378dd6 2006.0/x86_64/apache-mod_perl-devel-2.0.54_2.0.1-6.1.20060mdk.x86_64.rpm 0b880a7578f7f0d4378f9e21204696c9 2006.0/SRPMS/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.src.rpm Mandriva Linux 2007.0: a5144771fa71b818e2d89f8c417c5243 2007.0/i586/apache-mod_perl-2.0.2-8.1mdv2007.0.i586.rpm a165f6820d6c1ffd2cfc671aa2a44310 2007.0/i586/apache-mod_perl-devel-2.0.2-8.1mdv2007.0.i586.rpm a3829703a55a306a1132d496e63ec652 2007.0/SRPMS/apache-mod_perl-2.0.2-8.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: af928b60d4291c583bad0f4c04ca6169 2007.0/x86_64/apache-mod_perl-2.0.2-8.1mdv2007.0.x86_64.rpm e54445500f5ca4a28a3a4bbb2223d792 2007.0/x86_64/apache-mod_perl-devel-2.0.2-8.1mdv2007.0.x86_64.rpm a3829703a55a306a1132d496e63ec652 2007.0/SRPMS/apache-mod_perl-2.0.2-8.1mdv2007.0.src.rpm Mandriva Linux 2007.1: e52c43b0f7a66915e4c76aae38d3877b 2007.1/i586/apache-mod_perl-2.0.3-3.1mdv2007.1.i586.rpm 01fcca2beb3f2c79d9f4ac8aae13c631 2007.1/i586/apache-mod_perl-devel-2.0.3-3.1mdv2007.1.i586.rpm 3d752f5e1d08baf118da6ce8407a4ee7 2007.1/SRPMS/apache-mod_perl-2.0.3-3.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: e969fb39acb7ce53cf8528fbc6283a9d 2007.1/x86_64/apache-mod_perl-2.0.3-3.1mdv2007.1.x86_64.rpm 4d43ab40be1bd7b404866ae0af6e2663 2007.1/x86_64/apache-mod_perl-devel-2.0.3-3.1mdv2007.1.x86_64.rpm 3d752f5e1d08baf118da6ce8407a4ee7 2007.1/SRPMS/apache-mod_perl-2.0.3-3.1mdv2007.1.src.rpm Corporate 3.0: e5e446755e5b3b403e573ee356bd01be corporate/3.0/i586/HTML-Embperl-1.3.29_1.3.6-3.2.C30mdk.i586.rpm 1399d977fdae6085bc59102b8577c052 corporate/3.0/i586/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.i586.rpm c49b2f2564a381aa22dd02b9d4f7c607 corporate/3.0/i586/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.i586.rpm f2534e8cd62267e0cfffb147323e816c corporate/3.0/i586/apache2-mod_perl-devel-2.0.48_1.99_11-3.1.C30mdk.i586.rpm cd85d71d94598d066a912b57ea8b1534 corporate/3.0/i586/mod_perl-common-1.3.29_1.29-3.2.C30mdk.i586.rpm 32700fd599acc6d2e012f00155586bc1 corporate/3.0/i586/mod_perl-devel-1.3.29_1.29-3.2.C30mdk.i586.rpm 0ff32be9c7e314b93142b25c0ccfc3ff corporate/3.0/SRPMS/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.src.rpm 672b33503464c59bdda5025f1004ab0b corporate/3.0/SRPMS/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.src.rpm Corporate 3.0/X86_64: afc8e04510079792d9bf6a2c43dad3cf corporate/3.0/x86_64/HTML-Embperl-1.3.29_1.3.6-3.2.C30mdk.x86_64.rpm 35977f84e3a1ce37e0f5a50814675c7a corporate/3.0/x86_64/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.x86_64.rpm a8c7bd9351bcc6c83b204646df7bffdd corporate/3.0/x86_64/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.x86_64.rpm 397ad0e9ea70f6f0bcdae436b7dd4e53 corporate/3.0/x86_64/apache2-mod_perl-devel-2.0.48_1.99_11-3.1.C30mdk.x86_64.rpm 42c4e59c5174e84b7b7659de0f6d0b3e corporate/3.0/x86_64/mod_perl-common-1.3.29_1.29-3.2.C30mdk.x86_64.rpm 7acc7a6c50b41a4c9900910a0c1b3ec0 corporate/3.0/x86_64/mod_perl-devel-1.3.29_1.29-3.2.C30mdk.x86_64.rpm 0ff32be9c7e314b93142b25c0ccfc3ff corporate/3.0/SRPMS/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.src.rpm 672b33503464c59bdda5025f1004ab0b corporate/3.0/SRPMS/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.src.rpm Corporate 4.0: c7dbc8d2b1f4a7959cc8ba28b229512c corporate/4.0/i586/apache-mod_perl-2.0.2-8.1.20060mlcs4.i586.rpm 88e16a7e0755a3a1fe987f6f2c44336c corporate/4.0/i586/apache-mod_perl-devel-2.0.2-8.1.20060mlcs4.i586.rpm b540d29b6047b936c56df54fc112840a corporate/4.0/SRPMS/apache-mod_perl-2.0.2-8.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 737b44aec85fe3177a10c95e42394f08 corporate/4.0/x86_64/apache-mod_perl-2.0.2-8.1.20060mlcs4.x86_64.rpm f0244a54e2366d511486a2b4a0243ccb corporate/4.0/x86_64/apache-mod_perl-devel-2.0.2-8.1.20060mlcs4.x86_64.rpm b540d29b6047b936c56df54fc112840a corporate/4.0/SRPMS/apache-mod_perl-2.0.2-8.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGHRdnmqjQ0CJFipgRAmM3AJ0dCUFSNgHIopnkGxxq7QmSq14USACgzUh5 ZiE5MNK/HPOqatceHTXd/fk= =VF/5 -----END PGP SIGNATURE-----
