Advisories | Mandriva

Navigation

Package name	apache2-mod_auth_pgsql
Date	January 6th, 2006
Advisory ID	MDKSA-2006:009
Affected versions	10.1, 10.2, 2006.0

Problem Description

iDefense discovered several format string vulnerabilities in the way
that mod_auth_pgsql logs information which could potentially be used
by a remote attacker to execute arbitrary code as the apache user if
mod_auth_pgsql is used for user authentication.

The provided packages have been patched to prevent this problem.

Updated Packages

Mandrakelinux 10.1

 5fd1e2329146f2c03845fe516acaa123  10.1/RPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.i586.rpm
 c7cfefd7de46d13ee74f25e35f2fd76a  10.1/SRPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 631ed3b26fddd6f5198d4a33aa31326c  x86_64/10.1/RPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.x86_64.rpm
 c7cfefd7de46d13ee74f25e35f2fd76a  x86_64/10.1/SRPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm

Mandriva Linux LE2005

 477fd516e48926f13a66cc0a92366598  10.2/RPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.i586.rpm
 12baf2fcd6739141f29c4f6000f83e28  10.2/SRPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 7d5ba837da8f1681587c431fe219f9fa  x86_64/10.2/RPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.x86_64.rpm
 12baf2fcd6739141f29c4f6000f83e28  x86_64/10.2/SRPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.src.rpm

Mandriva Linux 2006

 abe116d3afce2e1dd6c29a4a922ecf0a  2006.0/RPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.i586.rpm
 c6755d865f6de4cf51a9f6918798aafc  2006.0/SRPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 a8e95a35a1eda50cc392193496c15721  x86_64/2006.0/RPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.x86_64.rpm
 c6755d865f6de4cf51a9f6918798aafc  x86_64/2006.0/SRPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3656

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.