Software Engineering Institute

Notified:  September 26, 2001 Updated: December 05, 2001

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           apache
Date:                   November 27th, 2001
Original Advisory Date: September 18th, 2001
Advisory ID:            MDKSA-2001:077-1

Affected versions:      7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1
________________________________________________________________________

Problem Description:

 A problem exists with all Apache servers prior to version 1.3.19.  The
vulnerablity could allow directory indexing and path discovery on the
vulnerable servers with a custom crafted request consisting of a long
path name created artificially by using numerous slashes.  This can
cause modules to misbehave and return a listing of the directory
contents by avoiding the error page.

 Another vulnerability found by Procheckup (www.procheckup.com) was
that all directories, by default, were configured as browseable so
an attacker could list all files in the targeted directories.  As
well, Procheckup found that the perl-proxy/management software on
port 8200 would supply dangerous information to attackers due to
a perl status script that was enabled.  We have disabled directory
browsing by default and have disabled the perl status scripts.

Update:

 The previous updates for 7.2 had some problems with mod_perl
segfaulting and with mod_ssl under 7.1.  As well, ApacheJServ was not
included for 7.2 and 8.0.

 Other security fixes were introduced in Apache 1.3.22.  A vulnerability
in the split-logfile support program would allow any file with a .log
extension on the system to be written to due to a specially crafted
Host: header.

 This update provides Apache 1.3.22 for all supported platforms, and
the packages for 7.1, 7.2, and Corporate Server 1.0.1 now use the
same modular design as 8.0 and later versions. You will be unable to
safely upgrade these packages and will need to take a few very
important manual steps to ensure a proper upgrade (this is only
applicable to 7.2 and earlier distributions; this is not required for
8.0 and later):

  1) Stop apache (service httpd stop)
 2) Completely backup /etc/httpd/conf/*
 3) Backup /var/log/httpd (the uninstall scripts of the previous
    apache versions may remove the log files)
 4) Remove the currently installed apache, mod_perl, mod_ssl, and php
    packages from the system.  You can do this using:

       urpme apache; urpme php

     or (if you are using 7.2):

       urpme apache-common; urpme php

  5) Upgrade mm/mm-devel and (if you are upgrading 7.1 or Corporate
    Server) the new perl packages
 6) Install the download upgrade packages of apache components using
    "rpm -ivh *.rpm"
 7) Restore your /var/log/httpd backup
 8) Merge your configuration backups with the new config files (most
    notably you will need to edit commonhttpd.conf)
 9) Start apache (service httpd start)

 This update also introduces PHP 4.0.6 to Linux-Mandrake 7.1, 7.2, and
Corporate Server.
________________________________________________________________________

References:

  http://www.securityfocus.com/bid/2503
 http://bugs.apache.org/index.cgi/full/7848
 http://www.apacheweek.com/issues/01-09-28#security
 http://www.securityfocus.com/bid/3009
 http://www.procheckup.com/vulnerabilities/pr0107.html
________________________________________________________________________

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
 rpm --checksig package.rpm
You can get the GPG public key of the Mandrake Linux Security Team at
 http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.

Linux-Mandrake 7.1:
a0c74b9f69ad117df32f94a44e08369d  7.1/RPMS/HTML-Embperl-1.3.22_1.3.3-1.4mdk.i586.rpm
a26976127fd8d6285857c7bdb404b056  7.1/RPMS/apache-1.3.22-1.4mdk.i586.rpm
ecf3c8ff4330e3b5f557f23e7335c58d  7.1/RPMS/apache-common-1.3.22-1.4mdk.i586.rpm
98db2dff731d5bfa36deda9007f49a75  7.1/RPMS/apache-conf-1.3.22-1.4mdk.i586.rpm
3d77b52f1f66b640c2cafe24d3dc00e3  7.1/RPMS/apache-devel-1.3.22-1.4mdk.i586.rpm
1f79ad246098b463aa7f06c46aacef50  7.1/RPMS/apache-manual-1.3.22-1.4mdk.i586.rpm
f27a75a23fc49cf367b1920e6adb2eea  7.1/RPMS/apache-mod_perl-1.3.22_1.25_01-1.4mdk.i586.rpm
96f81f246aeb359c5e3840df4f5291e5  7.1/RPMS/apache-modules-1.3.22-1.4mdk.i586.rpm
4ddb0422c7c4132303986ac4e4604b68  7.1/RPMS/apache-source-1.3.22-1.4mdk.i586.rpm
d498e15cf630a20200ef9c44628cbcbe  7.1/RPMS/apache-suexec-1.3.22-1.4mdk.i586.rpm
656ab9df6cf8390e68af9e9ceab1b99e  7.1/RPMS/mm-1.1.3-8.1mdk.i586.rpm
aacc6cc46078cf0ff77af06693484b9a  7.1/RPMS/mm-devel-1.1.3-8.1mdk.i586.rpm
b44090cf5650f623ddca48cf1d16d768  7.1/RPMS/mod_perl-common-1.3.22_1.25_01-1.4mdk.i586.rpm
db5afc42b3a3cf496b8ff34bb1d8dbd4  7.1/RPMS/mod_perl-devel-1.3.22_1.25_01-1.4mdk.i586.rpm
3bebfdfba378ffd53217ae1c921a0ba4  7.1/RPMS/mod_php-4.0.6-5.1mdk.i586.rpm
d45009a853fac9ed14a5aefe7343274c  7.1/RPMS/mod_ssl-2.8.5-1.4mdk.i586.rpm
7d6bc0c02175a89d82868f9c90b14c03  7.1/RPMS/mod_sxnet-1.2.4-1.4mdk.i586.rpm
81ac490000934a9b563af2f1f300d00e  7.1/RPMS/perl-5.600-17mdk.i586.rpm
e9cc54bdd262fb04f8898a4b2b4c5dbf  7.1/RPMS/perl-base-5.600-17mdk.i586.rpm
d67e860357ba7e4b539febd73067614f  7.1/RPMS/perl-devel-5.600-17mdk.i586.rpm
4bd07a25bc52e054bbbf0cc7ee487b20  7.1/RPMS/php-4.0.6-5.1mdk.i586.rpm
f258835ad065fa5b0ccb5ae200909bd2  7.1/RPMS/php-common-4.0.6-5.1mdk.i586.rpm
412fd9e43315da1639705fc938610721  7.1/RPMS/php-dba_gdbm_db2-4.0.6-4.1mdk.i586.rpm
80e54093258c0ad73448c2fa304fd44e  7.1/RPMS/php-devel-4.0.6-5.1mdk.i586.rpm
f71c43dd49265c3ff19285705b4917f7  7.1/RPMS/php-gd-4.0.6-2.1mdk.i586.rpm
e2a8512f05f092490ba55bba23099931  7.1/RPMS/php-imap-4.0.6-2.1mdk.i586.rpm
73b085e96f3626ea900e2db04b216447  7.1/RPMS/php-ldap-4.0.6-3.1mdk.i586.rpm
339b190be55a37cc339ac74890eeca09  7.1/RPMS/php-manual_en-4.0.6-1.1mdk.i586.rpm
6fd7c59d5eb7923cbaa41941e6d60639  7.1/RPMS/php-mysql-4.0.6-3.1mdk.i586.rpm
ca9b50b2607cc74290dff5059679b3ee  7.1/RPMS/php-pgsql-4.0.6-3.1mdk.i586.rpm
b3ef0ae443fa565cea495540e8f3a2f9  7.1/RPMS/php-readline-4.0.6-2.1mdk.i586.rpm
e88d8db2d3eb08a9ba5d734ba70afea5  7.1/SRPMS/apache-1.3.22-1.4mdk.src.rpm
1f10d0440606e3fa12162ef7d90445e9  7.1/SRPMS/apache-conf-1.3.22-1.4mdk.src.rpm
520f1bbfb86bbc821dbbead04acb21f8  7.1/SRPMS/apache-mod_perl-1.3.22_1.25_01-1.4mdk.src.rpm
8907e70b755a10ec3373cefbd5ba2f06  7.1/SRPMS/mm-1.1.3-8.1mdk.src.rpm
776d3967170249f7b9f6e834247dab9b  7.1/SRPMS/mod_php-4.0.6-5.1mdk.src.rpm
95b0e84c9959ce648d0d32a2429bb446  7.1/SRPMS/mod_ssl-2.8.5-1.4mdk.src.rpm
ea836a7af8a82d466d7e44bc8672d36a  7.1/SRPMS/mod_sxnet-1.2.4-1.4mdk.src.rpm
0734fd60f0c0e240b75cac1d2aeeca0b  7.1/SRPMS/perl-5.600-17mdk.src.rpm
fb3721213ead8f4203e75bbca0f1a6fb  7.1/SRPMS/php-4.0.6-5.1mdk.src.rpm
66206da40ebfbbae1dee8b827a452f6c  7.1/SRPMS/php-dba_gdbm_db2-4.0.6-4.1mdk.src.rpm
96e6b5b2e3bc0e80cb4b0dddfbb6d625  7.1/SRPMS/php-gd-4.0.6-2.1mdk.src.rpm
cad47e6fc08748e0df4906bebc405488  7.1/SRPMS/php-imap-4.0.6-2.1mdk.src.rpm
206ca1678d9a2f6b8133ee321e2a948f  7.1/SRPMS/php-ldap-4.0.6-3.1mdk.src.rpm
d7e5c28911385fe0d571f72d4f8d887e  7.1/SRPMS/php-manual_en-4.0.6-1.1mdk.src.rpm
6c06362fc536f070f8fd9a9784c1dcac  7.1/SRPMS/php-mysql-4.0.6-3.1mdk.src.rpm
7fa7e174ef947b6c9dfb623fa28f6fd0  7.1/SRPMS/php-pgsql-4.0.6-3.1mdk.src.rpm
01b22613672059703e681dd5c004e3f6  7.1/SRPMS/php-readline-4.0.6-2.1mdk.src.rpm

Linux-Mandrake 7.2:
801122cf689e7eb01e7766972bbd9e77  7.2/RPMS/ApacheJServ-1.1.2-6.2mdk.i586.rpm
a66ab3c6031cfd0c308d56f4e1f584fb  7.2/RPMS/HTML-Embperl-1.3.22_1.3.3-1.3mdk.i586.rpm
f734630ab88911363b4512bfe5ff945a  7.2/RPMS/apache-1.3.22-1.3mdk.i586.rpm
9c4a404cb9463b9a8b9dbf35367c1b2d  7.2/RPMS/apache-common-1.3.22-1.3mdk.i586.rpm
709620bd7fe0a05f58d14d3c59071707  7.2/RPMS/apache-conf-1.3.22-1.3mdk.i586.rpm
5d45f160a65c184e0b2becfa32599082  7.2/RPMS/apache-devel-1.3.22-1.3mdk.i586.rpm
aff009a002b12c839deac63be8c978d2  7.2/RPMS/apache-manual-1.3.22-1.3mdk.i586.rpm
5f14f8ed47f3bb77610c139659822bca  7.2/RPMS/apache-mod_perl-1.3.22_1.25_01-1.3mdk.i586.rpm
61a009c24a350c340777b2aa807287e2  7.2/RPMS/apache-modules-1.3.22-1.3mdk.i586.rpm
fa5319fcad355bbd068021dadfd3b46b  7.2/RPMS/apache-source-1.3.22-1.3mdk.i586.rpm
439f559d1758f7243ab5c198f6c7a9e9  7.2/RPMS/apache-suexec-1.3.22-1.3mdk.i586.rpm
55e269403950e662d1e7d8678caa2167  7.2/RPMS/mm-1.1.3-8.2mdk.i586.rpm
3cc975f6329fd90d4a5ba4b73d02ced5  7.2/RPMS/mm-devel-1.1.3-8.2mdk.i586.rpm
d3abee4610ab4c9e19d5a9c6024c2d38  7.2/RPMS/mod_perl-common-1.3.22_1.25_01-1.3mdk.i586.rpm
490c01caf911d38cd4d8103a6474614f  7.2/RPMS/mod_perl-devel-1.3.22_1.25_01-1.3mdk.i586.rpm
9b5b8ac2534ea2ed44c2f89b0c73f8ba  7.2/RPMS/mod_php-4.0.6-5.2mdk.i586.rpm
fb287d6b5ab738136945e6ab6f4299e6  7.2/RPMS/mod_ssl-2.8.5-1.3mdk.i586.rpm
00f20cf1ee73c9145446084d86e10916  7.2/RPMS/mod_sxnet-1.2.4-1.3mdk.i586.rpm
24d60a91811067c18ae1c01aa52f8a42  7.2/RPMS/php-4.0.6-5.2mdk.i586.rpm
227d743023186b863fa59ef24e298014  7.2/RPMS/php-common-4.0.6-5.2mdk.i586.rpm
1d9f297b464f09e8aebadbddfc21415c  7.2/RPMS/php-dba_gdbm_db2-4.0.6-4.2mdk.i586.rpm
fc0909e1515aa614e2866e9bd18cc5e9  7.2/RPMS/php-devel-4.0.6-5.2mdk.i586.rpm
8ae34cca1880ac0c9dd0be74d31afd27  7.2/RPMS/php-gd-4.0.6-2.2mdk.i586.rpm
b6563e59388d61f9df14b77ac0cf9366  7.2/RPMS/php-imap-4.0.6-2.2mdk.i586.rpm
dda2a9cb09eea792c0dc37027b41bd32  7.2/RPMS/php-ldap-4.0.6-3.2mdk.i586.rpm
b7bdcd81a3988798181452a3c31478bc  7.2/RPMS/php-manual_en-4.0.6-1.2mdk.i586.rpm
45be15de48bdc7e8d06f3a1e6532044a  7.2/RPMS/php-mysql-4.0.6-3.2mdk.i586.rpm
d543cd0288e7a1227580fffbff80bc3f  7.2/RPMS/php-pgsql-4.0.6-3.2mdk.i586.rpm
c8850f691ca2d7c75048aa22609da06a  7.2/RPMS/php-readline-4.0.6-2.2mdk.i586.rpm
5878420df174676faaab784a8259c02d  7.2/SRPMS/ApacheJServ-1.1.2-6.2mdk.src.rpm
6480f176f7c1cc4f74701963d37272cf  7.2/SRPMS/apache-1.3.22-1.3mdk.src.rpm
2169c578e60c7e7f277dff53b213b09e  7.2/SRPMS/apache-conf-1.3.22-1.3mdk.src.rpm
6cb19bd40d3ae97ecdbb46c8f88983aa  7.2/SRPMS/apache-mod_perl-1.3.22_1.25_01-1.3mdk.src.rpm
546c1784c586b928cea91e4a09812209  7.2/SRPMS/mm-1.1.3-8.2mdk.src.rpm
2ed3f78b4718e58575f4dac14d88799a  7.2/SRPMS/mod_php-4.0.6-5.2mdk.src.rpm
5faf69691ee6855038599d3e125af406  7.2/SRPMS/mod_ssl-2.8.5-1.3mdk.src.rpm
f9f390b0f4c58c205d563911ddfda422  7.2/SRPMS/mod_sxnet-1.2.4-1.3mdk.src.rpm
b682a69cbaf5e5643748e8440bc7771c  7.2/SRPMS/php-4.0.6-5.2mdk.src.rpm
cdb51abb201c505862564efdc845403b  7.2/SRPMS/php-dba_gdbm_db2-4.0.6-4.2mdk.src.rpm
ee2cc2f1bd3cdb57fdcf621010233475  7.2/SRPMS/php-gd-4.0.6-2.2mdk.src.rpm
bde017f5772953831291fdc5589f5a32  7.2/SRPMS/php-imap-4.0.6-2.2mdk.src.rpm
f16fd04629e75090d97f4d9f0a861435  7.2/SRPMS/php-ldap-4.0.6-3.2mdk.src.rpm
6e3ce91674a3fa179e0b5cbf3ec6b4d6  7.2/SRPMS/php-manual_en-4.0.6-1.2mdk.src.rpm
58cff799b1a226ed194b49337a98b935  7.2/SRPMS/php-mysql-4.0.6-3.2mdk.src.rpm
a29ba3759128da2ecc4a6ef2b5fec091  7.2/SRPMS/php-pgsql-4.0.6-3.2mdk.src.rpm
545d6c2866406a557f7ff86cd701397f  7.2/SRPMS/php-readline-4.0.6-2.2mdk.src.rpm

Mandrake Linux 8.0:
fe143a1dbf0859cea63d6c58609c7662  8.0/RPMS/ApacheJServ-1.1.2-6.3mdk.i586.rpm
3fac1685955e659b8518ded546d2d04b  8.0/RPMS/HTML-Embperl-1.3.22_1.3.3-1.2mdk.i586.rpm
cf5dda6f0ed91a1459bd1fb031ea336b  8.0/RPMS/apache-1.3.22-1.2mdk.i586.rpm
ae468745a38484cbe54648415f413934  8.0/RPMS/apache-common-1.3.22-1.2mdk.i586.rpm
a0ce3a665fdbf577c38928fea2acff08  8.0/RPMS/apache-conf-1.3.22-1.2mdk.i586.rpm
0762398b203d68e39be433978e9f6b35  8.0/RPMS/apache-devel-1.3.22-1.2mdk.i586.rpm
74884229bf9da460e2e38f9479dcd3de  8.0/RPMS/apache-manual-1.3.22-1.2mdk.i586.rpm
9d24b0449c251111990c641161daf0b9  8.0/RPMS/apache-mod_perl-1.3.22_1.25_01-1.2mdk.i586.rpm
10751958ee0792d4cba523f56c04297a  8.0/RPMS/apache-modules-1.3.22-1.2mdk.i586.rpm
e70c94d028c64d87eb7babefebcecae4  8.0/RPMS/apache-source-1.3.22-1.2mdk.i586.rpm
7bf73fbe5c942f345d47273bc56e39e4  8.0/RPMS/apache-suexec-1.3.22-1.2mdk.i586.rpm
47ea80c0f1c55e76ac943c20dc6030a3  8.0/RPMS/mod_frontpage-1.5.1-5.2mdk.i586.rpm
2ff1581456a758999a6e60546e11c4ee  8.0/RPMS/mod_perl-common-1.3.22_1.25_01-1.2mdk.i586.rpm
f63912bd18764c9f1970acdb47622f2d  8.0/RPMS/mod_perl-devel-1.3.22_1.25_01-1.2mdk.i586.rpm
bf919188b77bd6e82eec229707839abb  8.0/RPMS/mod_php-4.0.6-3.2mdk.i586.rpm
542cdc4d7876f03374a4545653bb8141  8.0/RPMS/mod_ssl-2.8.5-1.2mdk.i586.rpm
84e812c6278b3dd7cc40a76eb96c2a01  8.0/RPMS/mod_sxnet-1.2.4-1.2mdk.i586.rpm
17559ce3c7c92441da5d342e92ae552d  8.0/SRPMS/ApacheJServ-1.1.2-6.3mdk.src.rpm
c6032d96a2d5cd09b969f6fe6da9ce1b  8.0/SRPMS/apache-1.3.22-1.2mdk.src.rpm
83179487059a65dc2d5afd281a9b9af5  8.0/SRPMS/apache-conf-1.3.22-1.2mdk.src.rpm
123e12b8e2d179f1ebefaa9a7149c497  8.0/SRPMS/apache-mod_perl-1.3.22_1.25_01-1.2mdk.src.rpm
0f89aa1741c44814d3291813a92d7915  8.0/SRPMS/mod_frontpage-1.5.1-5.2mdk.src.rpm
dc927153d4430bc09a0173fb65c74867  8.0/SRPMS/mod_php-4.0.6-3.2mdk.src.rpm
6f3829348e2eb94680b93876bdb4ebca  8.0/SRPMS/mod_ssl-2.8.5-1.2mdk.src.rpm
70036be62dec65cd78777dc638e87866  8.0/SRPMS/mod_sxnet-1.2.4-1.2mdk.src.rpm

Mandrake Linux 8.0 (PPC):
e571c1875eb9497bbf3f99cd192d1754  ppc/8.0/RPMS/HTML-Embperl-1.3.22_1.3.3-1.2mdk.ppc.rpm
5ceed1e9517aa7ea4539a66261b3d07c  ppc/8.0/RPMS/apache-1.3.22-1.2mdk.ppc.rpm
24701866a0a9ce02b5f1fc0a635f8940  ppc/8.0/RPMS/apache-common-1.3.22-1.2mdk.ppc.rpm
3d3c25f15f60c007fe4c892f019de3a2  ppc/8.0/RPMS/apache-conf-1.3.22-1.2mdk.ppc.rpm
d55f8d8da77bf935c96f2713c0f39675  ppc/8.0/RPMS/apache-devel-1.3.22-1.2mdk.ppc.rpm
047b159512abd6ddb3f147d8bef33014  ppc/8.0/RPMS/apache-manual-1.3.22-1.2mdk.ppc.rpm
2fa2bbaa3089369ad8633904fac017ea  ppc/8.0/RPMS/apache-mod_perl-1.3.22_1.25_01-1.2mdk.ppc.rpm
730d420eeec80f907531a1d54fc86f62  ppc/8.0/RPMS/apache-modules-1.3.22-1.2mdk.ppc.rpm
9d4ceb8988fda0fde877554d0196cfd4  ppc/8.0/RPMS/apache-source-1.3.22-1.2mdk.ppc.rpm
f867712c6dd435dda8a628f56d1c1302  ppc/8.0/RPMS/apache-suexec-1.3.22-1.2mdk.ppc.rpm
36898ee6969dfd499f3f003a8dc3c429  ppc/8.0/RPMS/mod_frontpage-1.5.1-5.2mdk.ppc.rpm
eb77585d715c38e999156db6028123e0  ppc/8.0/RPMS/mod_perl-common-1.3.22_1.25_01-1.2mdk.ppc.rpm
d3552b52130972e39d93f7c80a1d5458  ppc/8.0/RPMS/mod_perl-devel-1.3.22_1.25_01-1.2mdk.ppc.rpm
0ab21a1589c099ee3b22a3dee73b0fc7  ppc/8.0/RPMS/mod_php-4.0.6-3.2mdk.ppc.rpm
bd1d9db540eed60ca0c9e777c4985597  ppc/8.0/RPMS/mod_ssl-2.8.5-1.2mdk.ppc.rpm
b1511f703fd6a6dd4fa37ac85ff343ef  ppc/8.0/RPMS/mod_sxnet-1.2.4-1.2mdk.ppc.rpm
c6032d96a2d5cd09b969f6fe6da9ce1b  ppc/8.0/SRPMS/apache-1.3.22-1.2mdk.src.rpm
83179487059a65dc2d5afd281a9b9af5  ppc/8.0/SRPMS/apache-conf-1.3.22-1.2mdk.src.rpm
123e12b8e2d179f1ebefaa9a7149c497  ppc/8.0/SRPMS/apache-mod_perl-1.3.22_1.25_01-1.2mdk.src.rpm
0f89aa1741c44814d3291813a92d7915  ppc/8.0/SRPMS/mod_frontpage-1.5.1-5.2mdk.src.rpm
dc927153d4430bc09a0173fb65c74867  ppc/8.0/SRPMS/mod_php-4.0.6-3.2mdk.src.rpm
6f3829348e2eb94680b93876bdb4ebca  ppc/8.0/SRPMS/mod_ssl-2.8.5-1.2mdk.src.rpm
70036be62dec65cd78777dc638e87866  ppc/8.0/SRPMS/mod_sxnet-1.2.4-1.2mdk.src.rpm

Mandrake Linux 8.1:
ef502b8ec60df3c2130f5789a69b98dc  8.1/RPMS/HTML-Embperl-1.3.22_2.0b3-2.1mdk.i586.rpm
b4f41890583efd7a87051c6262df8b33  8.1/RPMS/apache-1.3.22-1.1mdk.i586.rpm
0d70e3e603abdbec0a368c14861cfa93  8.1/RPMS/apache-common-1.3.22-1.1mdk.i586.rpm
2ee8683cad7f43b38fa983ac972da49d  8.1/RPMS/apache-conf-1.3.22-1.1mdk.i586.rpm
8aa692a34d0a37c537062c3ba902340b  8.1/RPMS/apache-devel-1.3.22-1.1mdk.i586.rpm
34f8b3b4b3f17f7d4511d9babfcdd0bc  8.1/RPMS/apache-manual-1.3.22-1.1mdk.i586.rpm
ea5d510a0992dcce53957731578ca46f  8.1/RPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.i586.rpm
caa45ea41fa522ef2222bb15263f68c5  8.1/RPMS/apache-modules-1.3.22-1.1mdk.i586.rpm
cf9dd1df8f78d6c270b371a299be7557  8.1/RPMS/apache-source-1.3.22-1.1mdk.i586.rpm
4d44cfebdc7e8f2b241cdb57ae82cb95  8.1/RPMS/apache-suexec-1.3.22-1.1mdk.i586.rpm
6ccc68195b198334375ca17ba85f4719  8.1/RPMS/mod_auth_external-2.1.12-1.1mdk.i586.rpm
1b927afda67a5859e70950a7c9b37215  8.1/RPMS/mod_auth_radius-1.5.2-3.1mdk.i586.rpm
1785a32f5dc1bc5e31cc5f3079dbb18e  8.1/RPMS/mod_frontpage-1.5.1-5.1mdk.i586.rpm
d9ad7413fc73410166d1c25715ac8f80  8.1/RPMS/mod_gzip-1.3.19.1a-4.1mdk.i586.rpm
4ed70d8dd515b835d809b222480a9993  8.1/RPMS/mod_perl-common-1.3.22_1.26-2.1mdk.i586.rpm
8bcdb6d6cd6550ff77cf01e158cb34d1  8.1/RPMS/mod_perl-devel-1.3.22_1.26-2.1mdk.i586.rpm
2b522913dba5dd9e9cecd88fc8cfe2b3  8.1/RPMS/mod_php-4.0.6-7.1mdk.i586.rpm
532511ba921a166a4de8b053badc379e  8.1/RPMS/mod_ssl-2.8.5-1.1mdk.i586.rpm
d3a8fb09258a33508547e76bff12cfd0  8.1/RPMS/mod_sxnet-1.2.4-7.1mdk.i586.rpm
7c1f0b2afb8adc24ccf9f223c86df209  8.1/SRPMS/apache-1.3.22-1.1mdk.src.rpm
07a4f5c549ae21d4aa1a20dd9317eb83  8.1/SRPMS/apache-conf-1.3.22-1.1mdk.src.rpm
7515522259c801baf03280d2e75ad755  8.1/SRPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.src.rpm
0130d2cd2734f6ef4e1d7f9ab241eee1  8.1/SRPMS/mod_auth_external-2.1.12-1.1mdk.src.rpm
dce34a89cce9bf51866412a340f50b81  8.1/SRPMS/mod_auth_radius-1.5.2-3.1mdk.src.rpm
563390dc257414c2c58ae9488a9cc0dd  8.1/SRPMS/mod_frontpage-1.5.1-5.1mdk.src.rpm
438d6418a8480eefe7856929a769e89c  8.1/SRPMS/mod_gzip-1.3.19.1a-4.1mdk.src.rpm
98e0c4fd6ddee6fe819572db0480ee26  8.1/SRPMS/mod_php-4.0.6-7.1mdk.src.rpm
0e70480b620ec355508b6346ab94eaa9  8.1/SRPMS/mod_ssl-2.8.5-1.1mdk.src.rpm
a504506de3284b4fc8e890d0c3b05d8c  8.1/SRPMS/mod_sxnet-1.2.4-7.1mdk.src.rpm

Corporate Server 1.0.1:
a0c74b9f69ad117df32f94a44e08369d  1.0.1/RPMS/HTML-Embperl-1.3.22_1.3.3-1.4mdk.i586.rpm
a26976127fd8d6285857c7bdb404b056  1.0.1/RPMS/apache-1.3.22-1.4mdk.i586.rpm
ecf3c8ff4330e3b5f557f23e7335c58d  1.0.1/RPMS/apache-common-1.3.22-1.4mdk.i586.rpm
98db2dff731d5bfa36deda9007f49a75  1.0.1/RPMS/apache-conf-1.3.22-1.4mdk.i586.rpm
3d77b52f1f66b640c2cafe24d3dc00e3  1.0.1/RPMS/apache-devel-1.3.22-1.4mdk.i586.rpm
1f79ad246098b463aa7f06c46aacef50  1.0.1/RPMS/apache-manual-1.3.22-1.4mdk.i586.rpm
f27a75a23fc49cf367b1920e6adb2eea  1.0.1/RPMS/apache-mod_perl-1.3.22_1.25_01-1.4mdk.i586.rpm
96f81f246aeb359c5e3840df4f5291e5  1.0.1/RPMS/apache-modules-1.3.22-1.4mdk.i586.rpm
4ddb0422c7c4132303986ac4e4604b68  1.0.1/RPMS/apache-source-1.3.22-1.4mdk.i586.rpm
d498e15cf630a20200ef9c44628cbcbe  1.0.1/RPMS/apache-suexec-1.3.22-1.4mdk.i586.rpm
656ab9df6cf8390e68af9e9ceab1b99e  1.0.1/RPMS/mm-1.1.3-8.1mdk.i586.rpm
aacc6cc46078cf0ff77af06693484b9a  1.0.1/RPMS/mm-devel-1.1.3-8.1mdk.i586.rpm
b44090cf5650f623ddca48cf1d16d768  1.0.1/RPMS/mod_perl-common-1.3.22_1.25_01-1.4mdk.i586.rpm
db5afc42b3a3cf496b8ff34bb1d8dbd4  1.0.1/RPMS/mod_perl-devel-1.3.22_1.25_01-1.4mdk.i586.rpm
3bebfdfba378ffd53217ae1c921a0ba4  1.0.1/RPMS/mod_php-4.0.6-5.1mdk.i586.rpm
d45009a853fac9ed14a5aefe7343274c  1.0.1/RPMS/mod_ssl-2.8.5-1.4mdk.i586.rpm
7d6bc0c02175a89d82868f9c90b14c03  1.0.1/RPMS/mod_sxnet-1.2.4-1.4mdk.i586.rpm
81ac490000934a9b563af2f1f300d00e  1.0.1/RPMS/perl-5.600-17mdk.i586.rpm
e9cc54bdd262fb04f8898a4b2b4c5dbf  1.0.1/RPMS/perl-base-5.600-17mdk.i586.rpm
d67e860357ba7e4b539febd73067614f  1.0.1/RPMS/perl-devel-5.600-17mdk.i586.rpm
4bd07a25bc52e054bbbf0cc7ee487b20  1.0.1/RPMS/php-4.0.6-5.1mdk.i586.rpm
f258835ad065fa5b0ccb5ae200909bd2  1.0.1/RPMS/php-common-4.0.6-5.1mdk.i586.rpm
412fd9e43315da1639705fc938610721  1.0.1/RPMS/php-dba_gdbm_db2-4.0.6-4.1mdk.i586.rpm
80e54093258c0ad73448c2fa304fd44e  1.0.1/RPMS/php-devel-4.0.6-5.1mdk.i586.rpm
f71c43dd49265c3ff19285705b4917f7  1.0.1/RPMS/php-gd-4.0.6-2.1mdk.i586.rpm
e2a8512f05f092490ba55bba23099931  1.0.1/RPMS/php-imap-4.0.6-2.1mdk.i586.rpm
73b085e96f3626ea900e2db04b216447  1.0.1/RPMS/php-ldap-4.0.6-3.1mdk.i586.rpm
339b190be55a37cc339ac74890eeca09  1.0.1/RPMS/php-manual_en-4.0.6-1.1mdk.i586.rpm
6fd7c59d5eb7923cbaa41941e6d60639  1.0.1/RPMS/php-mysql-4.0.6-3.1mdk.i586.rpm
ca9b50b2607cc74290dff5059679b3ee  1.0.1/RPMS/php-pgsql-4.0.6-3.1mdk.i586.rpm
b3ef0ae443fa565cea495540e8f3a2f9  1.0.1/RPMS/php-readline-4.0.6-2.1mdk.i586.rpm
e88d8db2d3eb08a9ba5d734ba70afea5  1.0.1/SRPMS/apache-1.3.22-1.4mdk.src.rpm
1f10d0440606e3fa12162ef7d90445e9  1.0.1/SRPMS/apache-conf-1.3.22-1.4mdk.src.rpm
520f1bbfb86bbc821dbbead04acb21f8  1.0.1/SRPMS/apache-mod_perl-1.3.22_1.25_01-1.4mdk.src.rpm
8907e70b755a10ec3373cefbd5ba2f06  1.0.1/SRPMS/mm-1.1.3-8.1mdk.src.rpm
776d3967170249f7b9f6e834247dab9b  1.0.1/SRPMS/mod_php-4.0.6-5.1mdk.src.rpm
95b0e84c9959ce648d0d32a2429bb446  1.0.1/SRPMS/mod_ssl-2.8.5-1.4mdk.src.rpm
ea836a7af8a82d466d7e44bc8672d36a  1.0.1/SRPMS/mod_sxnet-1.2.4-1.4mdk.src.rpm
0734fd60f0c0e240b75cac1d2aeeca0b  1.0.1/SRPMS/perl-5.600-17mdk.src.rpm
fb3721213ead8f4203e75bbca0f1a6fb  1.0.1/SRPMS/php-4.0.6-5.1mdk.src.rpm
66206da40ebfbbae1dee8b827a452f6c  1.0.1/SRPMS/php-dba_gdbm_db2-4.0.6-4.1mdk.src.rpm
96e6b5b2e3bc0e80cb4b0dddfbb6d625  1.0.1/SRPMS/php-gd-4.0.6-2.1mdk.src.rpm
cad47e6fc08748e0df4906bebc405488  1.0.1/SRPMS/php-imap-4.0.6-2.1mdk.src.rpm
206ca1678d9a2f6b8133ee321e2a948f  1.0.1/SRPMS/php-ldap-4.0.6-3.1mdk.src.rpm
d7e5c28911385fe0d571f72d4f8d887e  1.0.1/SRPMS/php-manual_en-4.0.6-1.1mdk.src.rpm
6c06362fc536f070f8fd9a9784c1dcac  1.0.1/SRPMS/php-mysql-4.0.6-3.1mdk.src.rpm
7fa7e174ef947b6c9dfb623fa28f6fd0  1.0.1/SRPMS/php-pgsql-4.0.6-3.1mdk.src.rpm
01b22613672059703e681dd5c004e3f6  1.0.1/SRPMS/php-readline-4.0.6-2.1mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".

You can download the updates directly from one of the mirror sites
listed at:

  http://www.linux-mandrake.com/en/ftp.php3.

Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Mandrake Linux 8.0, look for it in "updates/8.0/RPMS/".  Updated source
RPMs are available as well, but you generally do not need to download
them.

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other security advisories for Mandrake Linux at:

  http://www.linux-mandrake.com/en/security/

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com
________________________________________________________________________

Mandrake Linux has two security-related mailing list services that
anyone can subscribe to:

security-announce@linux-mandrake.com

  Mandrake Linux's security announcements mailing list.  Only
 announcements are sent to this list and it is read-only.

security-discuss@linux-mandrake.com

  Mandrake Linux's security discussion mailing list.  This list is open
 to anyone to discuss Mandrake Linux security specifically and Linux
 security in general.

To subscribe to either list, send a message to
 sympa@linux-mandrake.com
with "subscribe [listname]" in the body of the message.

To remove yourself from either list, send a message to
 sympa@linux-mandrake.com
with "unsubscribe [listname]" in the body of the message.

To get more information on either list, send a message to
 sympa@linux-mandrake.com
with "info [listname]" in the body of the message.

Optionally, you can use the web interface to subscribe to or unsubscribe
from either list:

  http://www.linux-mandrake.com/en/flists.php3#security
________________________________________________________________________

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
 <security@linux-mandrake.com>


- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPa5AQ0EOWnn
7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77
9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV
Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s
+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX
Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl
3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi
RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX
lA==
=0ahQ
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8BBzymqjQ0CJFipgRAsskAJ4lpJb6gm7ldx5VRWs+Kx8CIwZf2wCbBbxn
J9E1SOi+LkHlw1PMtT8T+tc=
=lEME
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.