[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 599/05 - Mandriva - Security Advisories Mozilla (MDKSA-2005:128); Apache2 (MDKSA-2005:129); Apache (MDKSA-2005:130)



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 599/05 dated 04.08.05  Time: 09:37
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====
Mandriva Linux Security Advisories - 
Mozilla - MDKSA-2005:128
Apache2 - MDKSA-2005:129
Apache  - MDKSA-2005:130

Detail
====== 
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           mozilla
 Advisory ID:            MDKSA-2005:128
 Date:                   August 2nd, 2005

 Affected versions:	 10.1, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A number of vulnerabilities were reported and fixed in Mozilla 1.7.9.
 The following vulnerabilities have been backported and patched for
 this update:
 
 In several places the browser UI did not correctly distinguish between
 true user events, such as mouse clicks or keystrokes, and synthetic
 events genenerated by web content. The problems ranged from minor
 annoyances like switching tabs or entering full-screen mode, to a
 variant on MFSA 2005-34 Synthetic events are now prevented from
 reaching the browser UI entirely rather than depend on each potentially
 spoofed function to protect itself from untrusted events
 (MFSA 2005-45).
 
 Scripts in XBL controls from web content continued to be run even when
 Javascript was disabled. By itself this causes no harm, but it could be
 combined with most script-based exploits to attack people running
 vulnerable versions who thought disabling javascript would protect
 them.  In the Thunderbird and Mozilla Suite mail clients Javascript is
 disabled by default for protection against denial-of-service attacks
 and worms; this vulnerability could be used to bypass that protection
 (MFSA 2005-46).
 
 The InstallTrigger.install() method for launching an install accepts a
 callback function that will be called with the final success or error
 status. By forcing a page navigation immediately after calling the
 install method this callback function can end up running in the context
 of the new page selected by the attacker. This is true even if the user
 cancels the unwanted install dialog: cancel is an error status. This
 callback script can steal data from the new page such as cookies or
 passwords, or perform actions on the user's behalf such as make a
 purchase if the user is already logged into the target site.  In
 Firefox the default settings allow only http://addons.mozilla.org to
 bring up this install dialog. This could only be exploited if users
 have added questionable sites to the install whitelist, and if a
 malicious site can convince you to install from their site that's a
 much more powerful attack vector.  In the Mozilla Suite the whitelist
 feature is turned off by default, any site can prompt the user to
 install software and exploit this vulnerability.  The browser has been
 fixed to clear any pending callback function when switching to a new
 site (MFSA 2005-48).
 
 When InstallVersion.compareTo() is passed an object rather than a
 string it assumed the object was another InstallVersion without
 verifying it. When passed a different kind of object the browser would
 generally crash with an access violation.  shutdown has demonstrated
 that different javascript objects can be passed on some OS versions to
 get control over the instruction pointer. We assume this could be
 developed further to run arbitrary machine code if the attacker can get
 exploit code loaded at a predictable address (MFSA 2005-50).
 
 The original frame-injection spoofing bug was fixed in the Mozilla
 Suite 1.7 and Firefox 0.9 releases. This protection was accidentally
 bypassed by one of the fixes in the Firefox 1.0.3 and Mozilla Suite
 1.7.7 releases (MFSA 2005-51).
 
 A child frame can call top.focus() even if the framing page comes from
 a different origin and has overridden the focus() routine. The call is
 made in the context of the child frame. The attacker would look for a
 target site with a framed page that makes this call but doesn't verify
 that its parent comes from the same site. The attacker could steal
 cookies and passwords from the framed page, or take actions on behalf
 of a signed-in user. This attack would work only against sites that use
 frames in this manner (MFSA 2005-52).
 
 Alerts and prompts created by scripts in web pages are presented with
 the generic title [JavaScript Application] which sometimes makes it
 difficult to know which site created them. A malicious page could
 attempt to cause a prompt to appear in front of a trusted site in an
 attempt to extract information such as passwords from the user.  In the
 fixed version these prompts will contain the hostname from the page
 which created it (MFSA 2005-54).
 
 Parts of the browser UI relied too much on DOM node names without
 taking different namespaces into account and verifying that nodes
 really were of the expected type. An XHTML document could be used to
 create fake <IMG> elements, for example, with content-defined
 properties that the browser would access as if they were the trusted
 built-in properties of the expected HTML elements.  The severity of the
 vulnerability would depend on what the attacker could convince the
 victim to do, but could result in executing user-supplied script with
 elevated "chrome" privileges. This could be used to install malicious
 software on the victim's machine (MFSA 2005-55).
 
 Improper cloning of base objects allowed web content scripts to walk up
 the prototype chain to get to a privileged object.  This could be used
 to execute code with enhanced privileges (MFSA 2005-56).
 
 The updated packages have been patched to address these issue.  This
 update also brings the mozilla shipped in Mandriva Linux 10.1 to
 version 1.7.8 to ease maintenance.  As a result, new galeon and
 epiphany packages are also available for 10.1, and community contribs
 packages that are built against mozilla have been rebuilt and are
 also available via contribs.
 _______________________________________________________________________

 References:

  http://www.mozilla.org/security/announce/mfsa2005-45.html
  http://www.mozilla.org/security/announce/mfsa2005-46.html
  http://www.mozilla.org/security/announce/mfsa2005-48.html
  http://www.mozilla.org/security/announce/mfsa2005-50.html
  http://www.mozilla.org/security/announce/mfsa2005-51.html
  http://www.mozilla.org/security/announce/mfsa2005-52.html
  http://www.mozilla.org/security/announce/mfsa2005-54.html
  http://www.mozilla.org/security/announce/mfsa2005-55.html
  http://www.mozilla.org/security/announce/mfsa2005-56.html
  http://secunia.com/advisories/15489/
  http://secunia.com/advisories/15549/
  http://secunia.com/advisories/15601/
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 b1ed603e1d571bf55b35dcf3934715f0  10.1/RPMS/epiphany-1.2.8-4.3.101mdk.i586.rpm
 1b7a293fd2ad206ccbc8774c439c0a4f  10.1/RPMS/epiphany-devel-1.2.8-4.3.101mdk.i586.rpm
 b749ecba69520e77411144fb1019acd3  10.1/RPMS/galeon-1.3.17-3.3.101mdk.i586.rpm
 0f50b3f9e0c34be38517114f488da47e  10.1/RPMS/libnspr4-1.7.8-0.2.101mdk.i586.rpm
 c7e2ffd0049ee31f24462406990521be  10.1/RPMS/libnspr4-devel-1.7.8-0.2.101mdk.i586.rpm
 5afe6299791f9b02ebe9ca50ad5af4f2  10.1/RPMS/libnss3-1.7.8-0.2.101mdk.i586.rpm
 08dacfc4d6041f0ad91effb7620bfbb4  10.1/RPMS/libnss3-devel-1.7.8-0.2.101mdk.i586.rpm
 b13923d572288eaf34db5ce21f84ca8a  10.1/RPMS/mozilla-1.7.8-0.2.101mdk.i586.rpm
 f9434ca544adf8c81b5269206323e49d  10.1/RPMS/mozilla-devel-1.7.8-0.2.101mdk.i586.rpm
 bb6fa6a7a6320a494f7406c97d56e18b  10.1/RPMS/mozilla-dom-inspector-1.7.8-0.2.101mdk.i586.rpm
 a3f4980a03dba6247483413402605e1f  10.1/RPMS/mozilla-enigmail-1.7.8-0.2.101mdk.i586.rpm
 94d9b3e19fe4386918dba744691d5e23  10.1/RPMS/mozilla-enigmime-1.7.8-0.2.101mdk.i586.rpm
 904c348ecbee1bf452de597df8f59062  10.1/RPMS/mozilla-irc-1.7.8-0.2.101mdk.i586.rpm
 ff0ca565c69e6773fd83d8b7cc625245  10.1/RPMS/mozilla-js-debugger-1.7.8-0.2.101mdk.i586.rpm
 2a6f2bb208251f8d47697eb25e856d02  10.1/RPMS/mozilla-mail-1.7.8-0.2.101mdk.i586.rpm
 cdd099b62c2b2144ac9c9f129f1256f1  10.1/RPMS/mozilla-spellchecker-1.7.8-0.2.101mdk.i586.rpm
 b7f5fe1866b17d72281aacefce238eab  10.1/SRPMS/epiphany-1.2.8-4.3.101mdk.src.rpm
 8464ea621f75482c3a08fedb00729767  10.1/SRPMS/galeon-1.3.17-3.3.101mdk.src.rpm
 9c8dea4d7f4b532329afb3cc945c654b  10.1/SRPMS/mozilla-1.7.8-0.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 66b5ba7351c0dde849b78fb41720f7b3  x86_64/10.1/RPMS/epiphany-1.2.8-4.3.101mdk.x86_64.rpm
 8d6f0504e88642e71104aa38dfdb801d  x86_64/10.1/RPMS/epiphany-devel-1.2.8-4.3.101mdk.x86_64.rpm
 9ed6595f414b7595c3e8c6b5c70fc8cd  x86_64/10.1/RPMS/galeon-1.3.17-3.3.101mdk.x86_64.rpm
 e781ff913b57bb5f1becce7934d03691  x86_64/10.1/RPMS/lib64nspr4-1.7.8-0.2.101mdk.x86_64.rpm
 26c709082cb2a8dfc62603a5ee4226bc  x86_64/10.1/RPMS/lib64nspr4-devel-1.7.8-0.2.101mdk.x86_64.rpm
 0f50b3f9e0c34be38517114f488da47e  x86_64/10.1/RPMS/libnspr4-1.7.8-0.2.101mdk.i586.rpm
 2d53455b98bd04cc956bf76e7ca03fdf  x86_64/10.1/RPMS/lib64nss3-1.7.8-0.2.101mdk.x86_64.rpm
 fe938a6a0af7244498b117705185351c  x86_64/10.1/RPMS/lib64nss3-devel-1.7.8-0.2.101mdk.x86_64.rpm
 5afe6299791f9b02ebe9ca50ad5af4f2  x86_64/10.1/RPMS/libnss3-1.7.8-0.2.101mdk.i586.rpm
 6c4326edda0d2a238b10cceccafa315a  x86_64/10.1/RPMS/mozilla-1.7.8-0.2.101mdk.x86_64.rpm
 2e04f350de4c50d8ce0c08a8802358d3  x86_64/10.1/RPMS/mozilla-devel-1.7.8-0.2.101mdk.x86_64.rpm
 625797aba9d415f5a1e82f976491faf4  x86_64/10.1/RPMS/mozilla-dom-inspector-1.7.8-0.2.101mdk.x86_64.rpm
 a6b9add7c5e4a9047f53cae48d7cc8ad  x86_64/10.1/RPMS/mozilla-enigmail-1.7.8-0.2.101mdk.x86_64.rpm
 d8ec50e909d4870d8123ce945c4cf70e  x86_64/10.1/RPMS/mozilla-enigmime-1.7.8-0.2.101mdk.x86_64.rpm
 ea35499ad0e70efa833a3acf1ea4a2c1  x86_64/10.1/RPMS/mozilla-irc-1.7.8-0.2.101mdk.x86_64.rpm
 493381959561ef841fc6335cb8bdace8  x86_64/10.1/RPMS/mozilla-js-debugger-1.7.8-0.2.101mdk.x86_64.rpm
 d39ad6dbe8fb3684ae2fbc511dd227b4  x86_64/10.1/RPMS/mozilla-mail-1.7.8-0.2.101mdk.x86_64.rpm
 89ed0af6fbd5f8353bf0c359499280a3  x86_64/10.1/RPMS/mozilla-spellchecker-1.7.8-0.2.101mdk.x86_64.rpm
 b7f5fe1866b17d72281aacefce238eab  x86_64/10.1/SRPMS/epiphany-1.2.8-4.3.101mdk.src.rpm
 8464ea621f75482c3a08fedb00729767  x86_64/10.1/SRPMS/galeon-1.3.17-3.3.101mdk.src.rpm
 9c8dea4d7f4b532329afb3cc945c654b  x86_64/10.1/SRPMS/mozilla-1.7.8-0.2.101mdk.src.rpm

 Corporate 3.0:
 8481048cca68509bad7bec7298dbb984  corporate/3.0/RPMS/libnspr4-1.7.8-0.2.C30mdk.i586.rpm
 7bf9e70298786c06a13dd8cd07a85421  corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.2.C30mdk.i586.rpm
 1c07227eafcb128b05f885120aacaa94  corporate/3.0/RPMS/libnss3-1.7.8-0.2.C30mdk.i586.rpm
 c691c7d158de44ebc0123cbf30bb3ba1  corporate/3.0/RPMS/libnss3-devel-1.7.8-0.2.C30mdk.i586.rpm
 44df63b1c3460ad588e8b3f8834880b5  corporate/3.0/RPMS/mozilla-1.7.8-0.2.C30mdk.i586.rpm
 f1f9d9153ecbb4085680920b09cc7148  corporate/3.0/RPMS/mozilla-devel-1.7.8-0.2.C30mdk.i586.rpm
 710865bf9ed1fe59fe3f8bda48bc9330  corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.2.C30mdk.i586.rpm
 8b1830ef05ef943a6472aaf643feef5e  corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.2.C30mdk.i586.rpm
 b48ed83052a17e52b6fceaf326be1c78  corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.2.C30mdk.i586.rpm
 d87d974c52fb46bacc24920d8ca4f621  corporate/3.0/RPMS/mozilla-irc-1.7.8-0.2.C30mdk.i586.rpm
 115ce3ac351361140a8169b0b34db304  corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.2.C30mdk.i586.rpm
 43f2921fafc8c9d822d381380ea1b919  corporate/3.0/RPMS/mozilla-mail-1.7.8-0.2.C30mdk.i586.rpm
 9fa6f4ee933d024cf38caa5e0575d263  corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.2.C30mdk.i586.rpm
 2a768ee57f740885cf246a9e466c1b71  corporate/3.0/SRPMS/mozilla-1.7.8-0.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 9e3cdf2eeafbe11ff0c8509916661276  x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.2.C30mdk.x86_64.rpm
 6330410729f516564d598494f81a4a44  x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.2.C30mdk.x86_64.rpm
 d35b405b54428febe6d9545ef5104fce  x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.2.C30mdk.x86_64.rpm
 2b3e8b026301699e213492f34fe79428  x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.2.C30mdk.x86_64.rpm
 f28fc77e7d2af12c6579b0511fcad969  x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.2.C30mdk.x86_64.rpm
 218b54e477e066bcdc4500e8bdf90c13  x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.2.C30mdk.x86_64.rpm
 00c9c9d1bfca743e6be4edd1fab0fb5d  x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.2.C30mdk.x86_64.rpm
 23ccbc4b1d1572a0bda25c8497a83a5d  x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.2.C30mdk.x86_64.rpm
 3ae747ee09d81dcceb435032db500c41  x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.2.C30mdk.x86_64.rpm
 178e7551a893522351cdb633b3a251ff  x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.2.C30mdk.x86_64.rpm
 1431f59d6dfaabfcf9c74f0e52f30527  x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.2.C30mdk.x86_64.rpm
 996537a7b1b60bbe53557a1da658470a  x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.2.C30mdk.x86_64.rpm
 d95814a734933529dd23656837e080f9  x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.2.C30mdk.x86_64.rpm
 2a768ee57f740885cf246a9e466c1b71  x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC8GeZmqjQ0CJFipgRAivVAKCNvYuAeAB+Ygiwc5aq2P5mZmAotACg27oY
FjcBIx8uWUD+ikThITCswII=
=4AU1
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           apache2
 Advisory ID:            MDKSA-2005:129
 Date:                   August 3rd, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Marc Stern reported an off-by-one overflow in the mod_ssl CRL
 verification callback which can only be exploited if the Apache server
 is configured to use a malicious certificate revocation list
 (CAN-2005-1268).
 
 Watchfire reported a flaw that occured when using the Apache server as
 a HTTP proxy.  A remote attacker could send an HTTP request with both a
 "Transfer-Encoding: chunked" header and a "Content-Length" header which
 would cause Apache to incorrectly handle and forward the body of the
 request in a way that the receiving server processed it as a separate
 HTTP request.  This could be used to allow the bypass of web application
 firewall protection or lead to cross-site scripting (XSS) attacks
 (CAN-2005-2088).
 
 The updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 db011ebbe2f6af2c15d5cc00a7ec57db  10.0/RPMS/apache2-2.0.48-6.9.100mdk.i586.rpm
 56be5a7ebf1a857fc850f12b8a966804  10.0/RPMS/apache2-common-2.0.48-6.9.100mdk.i586.rpm
 2a2a7659e74ca24b671e253e0b0a6739  10.0/RPMS/apache2-devel-2.0.48-6.9.100mdk.i586.rpm
 c275c2858a0cd53d869bbebefcf9aadc  10.0/RPMS/apache2-manual-2.0.48-6.9.100mdk.i586.rpm
 f1556470e4d676ae449890f748bb14d1  10.0/RPMS/apache2-mod_cache-2.0.48-6.9.100mdk.i586.rpm
 bd167f7e3d977275342cef51e91c2120  10.0/RPMS/apache2-mod_dav-2.0.48-6.9.100mdk.i586.rpm
 ce097a184f899faca51cccbc92c7a5cd  10.0/RPMS/apache2-mod_deflate-2.0.48-6.9.100mdk.i586.rpm
 2e5f211efdfa2e5d2d284742f936e074  10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.100mdk.i586.rpm
 31303fa7f3cc1fd1c62263180c78a2e2  10.0/RPMS/apache2-mod_file_cache-2.0.48-6.9.100mdk.i586.rpm
 b3038c4dee15fca38447895df92d21ec  10.0/RPMS/apache2-mod_ldap-2.0.48-6.9.100mdk.i586.rpm
 d2660486ae85e3d4b6891c1f90684191  10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.9.100mdk.i586.rpm
 5922750acc8dae9b452ed022eeb4506d  10.0/RPMS/apache2-mod_proxy-2.0.48-6.9.100mdk.i586.rpm
 1d8df60bf49e3347f0f902b17e8b4537  10.0/RPMS/apache2-mod_ssl-2.0.48-6.9.100mdk.i586.rpm
 1641514604f52069ccc72210e160202f  10.0/RPMS/apache2-modules-2.0.48-6.9.100mdk.i586.rpm
 6fa60c33625eb3b6ab78e3aef64b3402  10.0/RPMS/apache2-source-2.0.48-6.9.100mdk.i586.rpm
 e876c2150532f8516941fedad3d5f880  10.0/RPMS/libapr0-2.0.48-6.9.100mdk.i586.rpm
 fde6b2d1a9fea0cb99d965b1cc431de6  10.0/SRPMS/apache2-2.0.48-6.9.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 bc016b31f98ec4e7bbf34f4d987bf294  amd64/10.0/RPMS/apache2-2.0.48-6.9.100mdk.amd64.rpm
 793330fe7dde37952ec192cec49839a5  amd64/10.0/RPMS/apache2-common-2.0.48-6.9.100mdk.amd64.rpm
 85cb508e4d82f86ce27f227e84348266  amd64/10.0/RPMS/apache2-devel-2.0.48-6.9.100mdk.amd64.rpm
 a182c95d9e95707da1de2556107f3669  amd64/10.0/RPMS/apache2-manual-2.0.48-6.9.100mdk.amd64.rpm
 1e6bdb5e7bcbcfa148146e7318600519  amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.9.100mdk.amd64.rpm
 bfe3085c937a747721b53c19502bafa2  amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.9.100mdk.amd64.rpm
 68e8b111eefe41bbeec6d34ffe00c826  amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.9.100mdk.amd64.rpm
 2e1115aec2cea497b5871f0c632b7486  amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.100mdk.amd64.rpm
 4734d75962c456ceceaecc591aaa2ba7  amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.9.100mdk.amd64.rpm
 4d71b5036171d773f71618290496de05  amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.9.100mdk.amd64.rpm
 5e8263605352c365a5b533cea2af6482  amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.9.100mdk.amd64.rpm
 a1d4b30b9007d8ce6d3f14827f71105c  amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.9.100mdk.amd64.rpm
 c2a0cbf927cad0737273fc5c7376ae1f  amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.9.100mdk.amd64.rpm
 b25727c42f74d12f51016f2dbbc2877a  amd64/10.0/RPMS/apache2-modules-2.0.48-6.9.100mdk.amd64.rpm
 8488740c4bbf88228c94c85c69a179ff  amd64/10.0/RPMS/apache2-source-2.0.48-6.9.100mdk.amd64.rpm
 b6c8158c5f99c5700b351579749f5ed1  amd64/10.0/RPMS/lib64apr0-2.0.48-6.9.100mdk.amd64.rpm
 fde6b2d1a9fea0cb99d965b1cc431de6  amd64/10.0/SRPMS/apache2-2.0.48-6.9.100mdk.src.rpm

 Mandrakelinux 10.1:
 dfc22a83dc0fa3954130396056b3fcb4  10.1/RPMS/apache2-2.0.50-7.3.101mdk.i586.rpm
 5a957baf5d3b3a4e23c9f753209a7cb8  10.1/RPMS/apache2-common-2.0.50-7.3.101mdk.i586.rpm
 bbb22f539624def5a6834b3a2f41f151  10.1/RPMS/apache2-devel-2.0.50-7.3.101mdk.i586.rpm
 1f8f5bd9629ef5b1007239d264e0163b  10.1/RPMS/apache2-manual-2.0.50-7.3.101mdk.i586.rpm
 3e3d9a633fc64249a6c2ffc4a34312bd  10.1/RPMS/apache2-mod_cache-2.0.50-7.3.101mdk.i586.rpm
 7b4c85871bd02ca5a16285adb4b6b0e1  10.1/RPMS/apache2-mod_dav-2.0.50-7.3.101mdk.i586.rpm
 e9099625fdd18a375a2a5dfb50466a34  10.1/RPMS/apache2-mod_deflate-2.0.50-7.3.101mdk.i586.rpm
 a01faaa30912a50b8b05578bd09906db  10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.3.101mdk.i586.rpm
 e0afe6bcc497bc7675ca19e302edee54  10.1/RPMS/apache2-mod_file_cache-2.0.50-7.3.101mdk.i586.rpm
 d7625aae3dd70d31a4e018c47d8c752a  10.1/RPMS/apache2-mod_ldap-2.0.50-7.3.101mdk.i586.rpm
 2875579dbbb6fb2275888eb82edd2405  10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.3.101mdk.i586.rpm
 1038eaae39e9bf271c5e291cf2f1e9c2  10.1/RPMS/apache2-mod_proxy-2.0.50-7.3.101mdk.i586.rpm
 1180740c23a017aa18657b84ecbf3185  10.1/RPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.i586.rpm
 af7be1db9940b8a9cf6227365bfe4953  10.1/RPMS/apache2-modules-2.0.50-7.3.101mdk.i586.rpm
 de97b3d4332e1971d0a53f4556a56106  10.1/RPMS/apache2-source-2.0.50-7.3.101mdk.i586.rpm
 7478ba1527f37f5d0d45b09c6c956892  10.1/RPMS/apache2-worker-2.0.50-7.3.101mdk.i586.rpm
 7dfb5acdff36dbba754f553d52ad7fd0  10.1/SRPMS/apache2-2.0.50-7.3.101mdk.src.rpm
 59099063cd9ce08dd4919047a3fabbea  10.1/SRPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 9b123ac403579bddd160c2e004e4474a  x86_64/10.1/RPMS/apache2-2.0.50-7.3.101mdk.x86_64.rpm
 d177b0a39048150fdcbe1c76ca06b76c  x86_64/10.1/RPMS/apache2-common-2.0.50-7.3.101mdk.x86_64.rpm
 f0543159b56b949cefda9d371953710b  x86_64/10.1/RPMS/apache2-devel-2.0.50-7.3.101mdk.x86_64.rpm
 e5cd3e4d5783c9d9c8bc6e3507cbcf55  x86_64/10.1/RPMS/apache2-manual-2.0.50-7.3.101mdk.x86_64.rpm
 28cb57e08c8507632f33fb4f93bff147  x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.3.101mdk.x86_64.rpm
 10a1467eb3467f24d47c418fa474e354  x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.3.101mdk.x86_64.rpm
 2231db9e54fd0751c9535f65d92b8204  x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.3.101mdk.x86_64.rpm
 dd8055fed5ab3a973b7564bbda69b85b  x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.3.101mdk.x86_64.rpm
 99420a62c756726d1f2943dc114e2252  x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.3.101mdk.x86_64.rpm
 7f6b63a9aae218b5facac164cfc373df  x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.3.101mdk.x86_64.rpm
 f2c31e3c06f1a724452a312638e289e9  x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.3.101mdk.x86_64.rpm
 65ca005aa9da5ca0217bab1ab160e3f0  x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.3.101mdk.x86_64.rpm
 5e628b11db17519443b99ffbf9ee15d1  x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.x86_64.rpm
 87e0dcda381114284edcde89abad618b  x86_64/10.1/RPMS/apache2-modules-2.0.50-7.3.101mdk.x86_64.rpm
 c9129e8f3250b988a54f12422ae8b19e  x86_64/10.1/RPMS/apache2-source-2.0.50-7.3.101mdk.x86_64.rpm
 767b15ae30336bfd2234c1321f6f66d2  x86_64/10.1/RPMS/apache2-worker-2.0.50-7.3.101mdk.x86_64.rpm
 7dfb5acdff36dbba754f553d52ad7fd0  x86_64/10.1/SRPMS/apache2-2.0.50-7.3.101mdk.src.rpm
 59099063cd9ce08dd4919047a3fabbea  x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.2.101mdk.src.rpm

 Mandrakelinux 10.2:
 1ca2ae50d22638a31c8af6c734a10708  10.2/RPMS/apache2-2.0.53-9.1.102mdk.i586.rpm
 cb37acc10b2cb54fd1c130eb9bc1c91b  10.2/RPMS/apache2-common-2.0.53-9.1.102mdk.i586.rpm
 81f76caa697c70bd1664f6b8d2240b48  10.2/RPMS/apache2-devel-2.0.53-9.1.102mdk.i586.rpm
 187ef5bee839462b228c27b0e3030bc1  10.2/RPMS/apache2-manual-2.0.53-9.1.102mdk.i586.rpm
 341212271ce65e34e45c6387cc8db140  10.2/RPMS/apache2-mod_cache-2.0.53-9.1.102mdk.i586.rpm
 80481386b09d14db6bc003fe63478d7b  10.2/RPMS/apache2-mod_dav-2.0.53-9.1.102mdk.i586.rpm
 35f7d8092a015ede56dc839e959b1b48  10.2/RPMS/apache2-mod_deflate-2.0.53-9.1.102mdk.i586.rpm
 5def4e1615db9c737bf2e0ddb3006e86  10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.1.102mdk.i586.rpm
 f583040aef7deaa580ab9ba62073d2bf  10.2/RPMS/apache2-mod_file_cache-2.0.53-9.1.102mdk.i586.rpm
 6f1e9594d1505ab09306a4c62f954465  10.2/RPMS/apache2-mod_ldap-2.0.53-9.1.102mdk.i586.rpm
 05b9a88df5ea49d99d39afca7406424f  10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.1.102mdk.i586.rpm
 93aefd71936b00b41b12ef94b2ce2846  10.2/RPMS/apache2-mod_proxy-2.0.53-9.1.102mdk.i586.rpm
 ed2df774035eb0dbe59068072aeeec79  10.2/RPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.i586.rpm
 7ee623fb31b7f376b39975dfee0f31c0  10.2/RPMS/apache2-modules-2.0.53-9.1.102mdk.i586.rpm
 59051fb0fe21645879fe0281e91db3e8  10.2/RPMS/apache2-peruser-2.0.53-9.1.102mdk.i586.rpm
 ad69e3d21133523c91636385000d3bda  10.2/RPMS/apache2-source-2.0.53-9.1.102mdk.i586.rpm
 a54b95b2c62f2fd8027576b26cf37c18  10.2/RPMS/apache2-worker-2.0.53-9.1.102mdk.i586.rpm
 2b0c98cc0b33008809b0598548449765  10.2/SRPMS/apache2-2.0.53-9.1.102mdk.src.rpm
 d661143590371366ed74be65d5e425ad  10.2/SRPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 e9af8fb208bd208b7ffa481643b8469b  x86_64/10.2/RPMS/apache2-2.0.53-9.1.102mdk.x86_64.rpm
 2cd3a72352db34a00186618d3f81b426  x86_64/10.2/RPMS/apache2-common-2.0.53-9.1.102mdk.x86_64.rpm
 44bfc9125cf981b85c58b4d7550444a7  x86_64/10.2/RPMS/apache2-devel-2.0.53-9.1.102mdk.x86_64.rpm
 3a5dcbd5883c8fd8b82fc29511ab49a4  x86_64/10.2/RPMS/apache2-manual-2.0.53-9.1.102mdk.x86_64.rpm
 966050237bfa99fb5b12c219c2c92828  x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.1.102mdk.x86_64.rpm
 c5b4cd5f4b13fa715f864b16fe93aa57  x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.1.102mdk.x86_64.rpm
 951c80d965d5d726c24c25dc1a8a16df  x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.1.102mdk.x86_64.rpm
 70e59f70873401e6f6860037b7e4aed3  x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.1.102mdk.x86_64.rpm
 2c908e5104d4b82e0f022f4ac626b4f2  x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.1.102mdk.x86_64.rpm
 21433e67d76597d40f861ccb4cbfe87a  x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.1.102mdk.x86_64.rpm
 0d0eb089f16df8bdae792a07afe14bcf  x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.1.102mdk.x86_64.rpm
 cdf79606f5a389626a617bb3c686da33  x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.1.102mdk.x86_64.rpm
 b4773216a19e79e54784f9e9ff096ddf  x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.x86_64.rpm
 7182963429a49b17c5bea219b04a2206  x86_64/10.2/RPMS/apache2-modules-2.0.53-9.1.102mdk.x86_64.rpm
 26c382f742185b98696043ef49477527  x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.1.102mdk.x86_64.rpm
 0a075ac9d255c6973696fbd8235b59a8  x86_64/10.2/RPMS/apache2-source-2.0.53-9.1.102mdk.x86_64.rpm
 095fef6176f224c42145827b344946f2  x86_64/10.2/RPMS/apache2-worker-2.0.53-9.1.102mdk.x86_64.rpm
 2b0c98cc0b33008809b0598548449765  x86_64/10.2/SRPMS/apache2-2.0.53-9.1.102mdk.src.rpm
 d661143590371366ed74be65d5e425ad  x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.1.102mdk.src.rpm

 Multi Network Firewall 2.0:
 1a18dfe450b2f222bd303d699f9d6ad2  mnf/2.0/RPMS/apache2-2.0.48-6.9.M20mdk.i586.rpm
 501464d0d433addc3bb4f40184c3c087  mnf/2.0/RPMS/apache2-common-2.0.48-6.9.M20mdk.i586.rpm
 88d2c5d67cc53bce6681e6c155c97a04  mnf/2.0/RPMS/apache2-mod_cache-2.0.48-6.9.M20mdk.i586.rpm
 59c231b8ca8fa4ac0e231e1cb0ab581d  mnf/2.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.M20mdk.i586.rpm
 30df96dcea309c22fa35501455692dc5  mnf/2.0/RPMS/apache2-mod_proxy-2.0.48-6.9.M20mdk.i586.rpm
 82ca0e9319ef4ce1c0e4035affbc3f77  mnf/2.0/RPMS/apache2-mod_ssl-2.0.48-6.9.M20mdk.i586.rpm
 69a57868e0bb930aa1f80a2a52ce66ed  mnf/2.0/RPMS/apache2-modules-2.0.48-6.9.M20mdk.i586.rpm
 d68d321fa52e1fda5740130d1bc73821  mnf/2.0/RPMS/libapr0-2.0.48-6.9.M20mdk.i586.rpm
 e23874e9cec97aa3f720d00fe9694619  mnf/2.0/SRPMS/apache2-2.0.48-6.9.M20mdk.src.rpm

 Corporate 3.0:
 1c89b3ad77c737313acb5f1d5f48129b  corporate/3.0/RPMS/apache2-2.0.48-6.9.C30mdk.i586.rpm
 35e9f3b14c4de61538770009015a9554  corporate/3.0/RPMS/apache2-common-2.0.48-6.9.C30mdk.i586.rpm
 55c0c1c976e29e79b44df58de2fea4ab  corporate/3.0/RPMS/apache2-manual-2.0.48-6.9.C30mdk.i586.rpm
 e65aa8841fc1a7bc3146c7370ca55e5b  corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.9.C30mdk.i586.rpm
 b6b5d352206a7643688e64d6a72219da  corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.9.C30mdk.i586.rpm
 2b281f5ab46acca21ead65966e46fbc4  corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.C30mdk.i586.rpm
 715c79fd4f46883621a099c4124a8f68  corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.9.C30mdk.i586.rpm
 64eca9c3242e64a98bbd7d0f20eb9ce0  corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.9.C30mdk.i586.rpm
 589a154565d218cfaecb31992df1516e  corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.9.C30mdk.i586.rpm
 5ee73292109ad86649cd7345de4a895d  corporate/3.0/RPMS/apache2-modules-2.0.48-6.9.C30mdk.i586.rpm
 19dca123d4f2680b42972c438d57c6c5  corporate/3.0/RPMS/libapr0-2.0.48-6.9.C30mdk.i586.rpm
 49e85703438cbe2e91a6c9cdf114b68c  corporate/3.0/SRPMS/apache2-2.0.48-6.9.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 ecb414e090a0f9fa94286960b5802a18  x86_64/corporate/3.0/RPMS/apache2-2.0.48-6.9.C30mdk.x86_64.rpm
 af212e22e9fd393fc20a571ce7b5ef0a  x86_64/corporate/3.0/RPMS/apache2-common-2.0.48-6.9.C30mdk.x86_64.rpm
 dc68ff259e52b77291649ab877a4e8ca  x86_64/corporate/3.0/RPMS/apache2-manual-2.0.48-6.9.C30mdk.x86_64.rpm
 adc6238e04c25e2cacd27970c0c2127b  x86_64/corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.9.C30mdk.x86_64.rpm
 9487b688732a0da0ccef34527dac2b99  x86_64/corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.9.C30mdk.x86_64.rpm
 59f097e6e3f07b4ab9d98d8399da2a11  x86_64/corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.9.C30mdk.x86_64.rpm
 e2be8dce1adfb811af8a84595c5ab383  x86_64/corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.9.C30mdk.x86_64.rpm
 bfba74b829509c6031e5ba0bae21ebd7  x86_64/corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.9.C30mdk.x86_64.rpm
 5bf5d2e8968de23e9d80d187210ee1ba  x86_64/corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.9.C30mdk.x86_64.rpm
 c33572e8d8a3468531ee59f6e37e0f4f  x86_64/corporate/3.0/RPMS/apache2-modules-2.0.48-6.9.C30mdk.x86_64.rpm
 c9e65871380ca2fd72be75f532081bad  x86_64/corporate/3.0/RPMS/lib64apr0-2.0.48-6.9.C30mdk.x86_64.rpm
 49e85703438cbe2e91a6c9cdf114b68c  x86_64/corporate/3.0/SRPMS/apache2-2.0.48-6.9.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC8T1gmqjQ0CJFipgRAn6DAKDHB3K+s0nDuipxAA4F3XxbmKxp/QCdG3uN
xy77h+USZx+5zZ+MPFQMiic=
=z2MB
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           apache
 Advisory ID:            MDKSA-2005:130
 Date:                   August 3rd, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Watchfire reported a flaw that occured when using the Apache server as
 a HTTP proxy.  A remote attacker could send an HTTP request with both a
 "Transfer-Encoding: chunked" header and a "Content-Length" header which
 would cause Apache to incorrectly handle and forward the body of the
 request in a way that the receiving server processed it as a separate
 HTTP request.  This could be used to allow the bypass of web application
 firewall protection or lead to cross-site scripting (XSS) attacks
 (CAN-2005-2088).
 
 The updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 7b647c45b60004470689faf9a461be6c  10.0/RPMS/apache-1.3.29-1.4.100mdk.i586.rpm
 8b185dee42649dd3a56d5cffdd47f31c  10.0/RPMS/apache-devel-1.3.29-1.4.100mdk.i586.rpm
 991592ab1cb3accd8456f748d8dd1d32  10.0/RPMS/apache-modules-1.3.29-1.4.100mdk.i586.rpm
 a8bc7aee751c8a84584fbcc45d24e5d1  10.0/RPMS/apache-source-1.3.29-1.4.100mdk.i586.rpm
 7dde17d7931fcbb2c24fdae964c7d2e1  10.0/SRPMS/apache-1.3.29-1.4.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 38a8d4da07d15367f3b6a47507edd4ef  amd64/10.0/RPMS/apache-1.3.29-1.4.100mdk.amd64.rpm
 fdb2f8fe48ac0f99dd7b06a77d6df5eb  amd64/10.0/RPMS/apache-devel-1.3.29-1.4.100mdk.amd64.rpm
 ac6018c0c08d7c2e77ae7df8744f5cf0  amd64/10.0/RPMS/apache-modules-1.3.29-1.4.100mdk.amd64.rpm
 0cc565a8b52aa6aaea33041a1a33b535  amd64/10.0/RPMS/apache-source-1.3.29-1.4.100mdk.amd64.rpm
 7dde17d7931fcbb2c24fdae964c7d2e1  amd64/10.0/SRPMS/apache-1.3.29-1.4.100mdk.src.rpm

 Mandrakelinux 10.1:
 37fd0fb92592efe5a3fe5d5fa89b0c8c  10.1/RPMS/apache-1.3.31-7.2.101mdk.i586.rpm
 3fcc7e95d9def7cb64aeb6d702563498  10.1/RPMS/apache-devel-1.3.31-7.2.101mdk.i586.rpm
 47a376032b85aeabc5370bebbac51e38  10.1/RPMS/apache-modules-1.3.31-7.2.101mdk.i586.rpm
 cd6757a1cc0270243fbc63c10508da0b  10.1/RPMS/apache-source-1.3.31-7.2.101mdk.i586.rpm
 99461fdd6a1955961867fa888cc68d8f  10.1/SRPMS/apache-1.3.31-7.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 ac16e81572c092fe5d6448df9442ca8e  x86_64/10.1/RPMS/apache-1.3.31-7.2.101mdk.x86_64.rpm
 28de6be2c20737d3819a787e310b2707  x86_64/10.1/RPMS/apache-devel-1.3.31-7.2.101mdk.x86_64.rpm
 c02b7724a815cfd4cd8e49a1fb016620  x86_64/10.1/RPMS/apache-modules-1.3.31-7.2.101mdk.x86_64.rpm
 8dca2b8497dd582eb732a23933e43a0f  x86_64/10.1/RPMS/apache-source-1.3.31-7.2.101mdk.x86_64.rpm
 99461fdd6a1955961867fa888cc68d8f  x86_64/10.1/SRPMS/apache-1.3.31-7.2.101mdk.src.rpm

 Mandrakelinux 10.2:
 72a644da1a2b6ca9b108f169f0dcb683  10.2/RPMS/apache-1.3.33-6.1.102mdk.i586.rpm
 9b715d3b8013f3c475ccd2225a70989a  10.2/RPMS/apache-devel-1.3.33-6.1.102mdk.i586.rpm
 9eaa3fa994130d1de447cab50db7d66f  10.2/RPMS/apache-modules-1.3.33-6.1.102mdk.i586.rpm
 3a2908d244f78eb80f529f843ce5c1ac  10.2/RPMS/apache-source-1.3.33-6.1.102mdk.i586.rpm
 4711227c7c38a014663194c198913907  10.2/SRPMS/apache-1.3.33-6.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 d8d495e7b7fc8aa9c1fb15614ae04e34  x86_64/10.2/RPMS/apache-1.3.33-6.1.102mdk.x86_64.rpm
 830b2e4bf1b3f9a390c8e7a7846b1353  x86_64/10.2/RPMS/apache-devel-1.3.33-6.1.102mdk.x86_64.rpm
 a8b1adc69eaf5dc2b83bf49e84935a81  x86_64/10.2/RPMS/apache-modules-1.3.33-6.1.102mdk.x86_64.rpm
 38bd01fe2513c2c10499689d6fe4f1b1  x86_64/10.2/RPMS/apache-source-1.3.33-6.1.102mdk.x86_64.rpm
 4711227c7c38a014663194c198913907  x86_64/10.2/SRPMS/apache-1.3.33-6.1.102mdk.src.rpm

 Corporate Server 2.1:
 9ce162ffa4d94c527ab84e668ae17a78  corporate/2.1/RPMS/apache-1.3.26-7.4.C21mdk.i586.rpm
 4bddd4119a520be80ddd577c0f45acca  corporate/2.1/RPMS/apache-common-1.3.26-7.4.C21mdk.i586.rpm
 132604f1487d76a5f5d7ace3ee10c040  corporate/2.1/RPMS/apache-devel-1.3.26-7.4.C21mdk.i586.rpm
 920f9e8aa639db5e55224db2a75e908d  corporate/2.1/RPMS/apache-manual-1.3.26-7.4.C21mdk.i586.rpm
 fe919175f6898834f3372f20d76f55df  corporate/2.1/RPMS/apache-modules-1.3.26-7.4.C21mdk.i586.rpm
 64cf8b3d566d5010da1273f1ceeb9416  corporate/2.1/RPMS/apache-source-1.3.26-7.4.C21mdk.i586.rpm
 9a7d8ecb5a9530d17347c5490fe5df87  corporate/2.1/SRPMS/apache-1.3.26-7.4.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 0dffe139277b76e135e535b4bd4fa79a  x86_64/corporate/2.1/RPMS/apache-1.3.26-7.4.C21mdk.x86_64.rpm
 8226b7fd08c890401944c5aa490600d2  x86_64/corporate/2.1/RPMS/apache-common-1.3.26-7.4.C21mdk.x86_64.rpm
 69e8a4f73342352b52bf828b2304af18  x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-7.4.C21mdk.x86_64.rpm
 112bde1b90f4741699c5618894c61f99  x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-7.4.C21mdk.x86_64.rpm
 d732d8e462489a368d3c1b237b29570a  x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-7.4.C21mdk.x86_64.rpm
 b40b4e4b81a090015754136d8eeb2e58  x86_64/corporate/2.1/RPMS/apache-source-1.3.26-7.4.C21mdk.x86_64.rpm
 9a7d8ecb5a9530d17347c5490fe5df87  x86_64/corporate/2.1/SRPMS/apache-1.3.26-7.4.C21mdk.src.rpm

 Corporate 3.0:
 9b2d7101aa263e860ea3839260620fe6  corporate/3.0/RPMS/apache-1.3.29-1.4.C30mdk.i586.rpm
 be9d739b634cf93d229ad7b65bbf6c28  corporate/3.0/RPMS/apache-modules-1.3.29-1.4.C30mdk.i586.rpm
 7c9f246c832fec1cf3487e516ff334f4  corporate/3.0/SRPMS/apache-1.3.29-1.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 58bb5e99baa148f0bedf1d8982b3301f  x86_64/corporate/3.0/RPMS/apache-1.3.29-1.4.C30mdk.x86_64.rpm
 b7de432d1647f4ffe0661e9a921251dd  x86_64/corporate/3.0/RPMS/apache-modules-1.3.29-1.4.C30mdk.x86_64.rpm
 7c9f246c832fec1cf3487e516ff334f4  x86_64/corporate/3.0/SRPMS/apache-1.3.29-1.4.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC8T3amqjQ0CJFipgRAhcRAJ9SkX4ucOM7W6WZdSVDqvSNPfVkIwCg9KVb
kkzYIeE8rAfKpPdxKGbbKVY=
=fAs6
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>




-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBQvHUeYpao72zK539AQEyKAP+J+SXaKxykFGaI2g1RzJ7pQa2wOTWKSkv
8U9PXcz4afZWiDpK4guQyglJ6b+EXox/ElR2FBZepZRy8x9tk9IiR1CffFyibbe/
LX+iUa6i3KxtQmvTX25sDkYsTqOPkRcjsbFG4PUKzgUA3mwbbuljk1tJTnS679P7
Hhsjqr32n/c=
=+g+g
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________