ID

VAR-201110-0291

CVE

CVE-2011-3368

TITLE

Apache HTTP Server of mod_proxy Vulnerability in module sending requests to intranet server

DESCRIPTION

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. Apache HTTP Server is prone to an information disclosure vulnerability. An attacker can exploit this vulnerability to gain access to sensitive information. Packages for 2009.0 are provided as of the Extended Maintenance Program. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: a932d2685c4daa809378200b0524c317 2009.0/i586/apache-base-2.2.9-12.13mdv2009.0.i586.rpm 73bdf263d888a5f14964004c12f6fe56 2009.0/i586/apache-devel-2.2.9-12.13mdv2009.0.i586.rpm c708cc744997e378b405e924013d4051 2009.0/i586/apache-htcacheclean-2.2.9-12.13mdv2009.0.i586.rpm fb42f0b16e0cf0b9b99f50875fb934b0 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.13mdv2009.0.i586.rpm c150a3f0ab2f0447cc1314c561cbbb8a 2009.0/i586/apache-mod_cache-2.2.9-12.13mdv2009.0.i586.rpm 342a4ab8754a878929422d07d322db34 2009.0/i586/apache-mod_dav-2.2.9-12.13mdv2009.0.i586.rpm 150cca6180699492bbf350f1f23aa6fd 2009.0/i586/apache-mod_dbd-2.2.9-12.13mdv2009.0.i586.rpm 52f30a67eb099d7e1d20686c69fdd541 2009.0/i586/apache-mod_deflate-2.2.9-12.13mdv2009.0.i586.rpm f5b5a5039cc5f13c286d5cd55276cb70 2009.0/i586/apache-mod_disk_cache-2.2.9-12.13mdv2009.0.i586.rpm 903303f230149fbe88f8a5cc1c0ee960 2009.0/i586/apache-mod_file_cache-2.2.9-12.13mdv2009.0.i586.rpm 0df9ce8e9b3c4021d4bd0f13f8911ba1 2009.0/i586/apache-mod_ldap-2.2.9-12.13mdv2009.0.i586.rpm 7c96bb3725f64ea03820aae6b45b2a6d 2009.0/i586/apache-mod_mem_cache-2.2.9-12.13mdv2009.0.i586.rpm 2983af54ab604883a7cc64cf9972955a 2009.0/i586/apache-mod_proxy-2.2.9-12.13mdv2009.0.i586.rpm bda1fb3d243ea97a8ec115609a3c1e36 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.13mdv2009.0.i586.rpm cbe3ba0bad95f397071a9ab04a3a97c5 2009.0/i586/apache-mod_ssl-2.2.9-12.13mdv2009.0.i586.rpm 632c6ae498759436b83487afaef9f9df 2009.0/i586/apache-modules-2.2.9-12.13mdv2009.0.i586.rpm 0f0e190bf2026886f088ffeaf243b44f 2009.0/i586/apache-mod_userdir-2.2.9-12.13mdv2009.0.i586.rpm 8556f5990544d1e239565435f704015e 2009.0/i586/apache-mpm-event-2.2.9-12.13mdv2009.0.i586.rpm f69859bb9197171c5edc309031cfcd4f 2009.0/i586/apache-mpm-itk-2.2.9-12.13mdv2009.0.i586.rpm 894a436dc5bd4d4177f6de362de510a3 2009.0/i586/apache-mpm-peruser-2.2.9-12.13mdv2009.0.i586.rpm b88c688e5bf7555e44630012f1b87755 2009.0/i586/apache-mpm-prefork-2.2.9-12.13mdv2009.0.i586.rpm bcdd82b6d4846966c402a2dd5d7b641d 2009.0/i586/apache-mpm-worker-2.2.9-12.13mdv2009.0.i586.rpm 21b54c80dadc67221ad5cc0329343d55 2009.0/i586/apache-source-2.2.9-12.13mdv2009.0.i586.rpm c2b11978f4becbae462db2bf020a0bd7 2009.0/SRPMS/apache-2.2.9-12.13mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 91af9d7b14f280ccbd94d1e93c2115a5 2009.0/x86_64/apache-base-2.2.9-12.13mdv2009.0.x86_64.rpm 4289dbcf5d435f144115d37f9a118e9b 2009.0/x86_64/apache-devel-2.2.9-12.13mdv2009.0.x86_64.rpm e7e7888ed2d7e82ce4f55d319dc354d7 2009.0/x86_64/apache-htcacheclean-2.2.9-12.13mdv2009.0.x86_64.rpm 5341f9396f6860b1deaf1badfed9c6f2 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.13mdv2009.0.x86_64.rpm af81e40dab85a97d2d913b6c3a2e5ba3 2009.0/x86_64/apache-mod_cache-2.2.9-12.13mdv2009.0.x86_64.rpm bf09f623437776e4bb584ef70a58065a 2009.0/x86_64/apache-mod_dav-2.2.9-12.13mdv2009.0.x86_64.rpm d9394a8d7fa6fd9a7102599dbaa36138 2009.0/x86_64/apache-mod_dbd-2.2.9-12.13mdv2009.0.x86_64.rpm 5ad77a367640a35948e99c58ba2e9aaa 2009.0/x86_64/apache-mod_deflate-2.2.9-12.13mdv2009.0.x86_64.rpm eca18218ed5884129356e14739b4284c 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.13mdv2009.0.x86_64.rpm a1e6fe40413404fcd9e45ee862f1448d 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.13mdv2009.0.x86_64.rpm 0d3490eb0a83cd266be094a7a831926b 2009.0/x86_64/apache-mod_ldap-2.2.9-12.13mdv2009.0.x86_64.rpm 61c1baacc989919e0955c1e5714e92eb 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.13mdv2009.0.x86_64.rpm 1ff3ec27c26302c9ebe724ec699edbda 2009.0/x86_64/apache-mod_proxy-2.2.9-12.13mdv2009.0.x86_64.rpm da1080d1dfaa0e5c17736b6efc614f65 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.13mdv2009.0.x86_64.rpm c47fc6b7f4a3b4824ef9009cfc03ebf9 2009.0/x86_64/apache-mod_ssl-2.2.9-12.13mdv2009.0.x86_64.rpm 603804201a58c4bde7eeb9254d0caf6b 2009.0/x86_64/apache-modules-2.2.9-12.13mdv2009.0.x86_64.rpm 456ca4697133a089f004a1f54213c600 2009.0/x86_64/apache-mod_userdir-2.2.9-12.13mdv2009.0.x86_64.rpm b113323596d0bdb88824c9e940025dab 2009.0/x86_64/apache-mpm-event-2.2.9-12.13mdv2009.0.x86_64.rpm be041721f9abceb50d65bdb6edd37352 2009.0/x86_64/apache-mpm-itk-2.2.9-12.13mdv2009.0.x86_64.rpm 9099961b1c82d68ef972116ebe44c6f7 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.13mdv2009.0.x86_64.rpm b1ca9a27d4c02fd845ffbb62b9adb8e5 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.13mdv2009.0.x86_64.rpm d67c2ef4282309256e51163e67044d8c 2009.0/x86_64/apache-mpm-worker-2.2.9-12.13mdv2009.0.x86_64.rpm b4972efcb6cb7e4dc5263e7d1e39dea5 2009.0/x86_64/apache-source-2.2.9-12.13mdv2009.0.x86_64.rpm c2b11978f4becbae462db2bf020a0bd7 2009.0/SRPMS/apache-2.2.9-12.13mdv2009.0.src.rpm Mandriva Linux 2010.1: 050b032c27a587a8e3cc7b7f26752255 2010.1/i586/apache-base-2.2.15-3.4mdv2010.2.i586.rpm cdd5c06f86c9eb38160d95fa5e1e429b 2010.1/i586/apache-devel-2.2.15-3.4mdv2010.2.i586.rpm c390e7597d9dfe9617d70ab3f5192d43 2010.1/i586/apache-htcacheclean-2.2.15-3.4mdv2010.2.i586.rpm d96559be627d94d45775e414ec0ae524 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.4mdv2010.2.i586.rpm f3e11be1e0dd737b7a5137920912bfb1 2010.1/i586/apache-mod_cache-2.2.15-3.4mdv2010.2.i586.rpm 702df82aa3df33ac2d085f4d927e6f0d 2010.1/i586/apache-mod_dav-2.2.15-3.4mdv2010.2.i586.rpm af12753e0e90d50fbab8460d52cd70b2 2010.1/i586/apache-mod_dbd-2.2.15-3.4mdv2010.2.i586.rpm dccbb7742f2eb8bf9dd6fc6dbd4f9655 2010.1/i586/apache-mod_deflate-2.2.15-3.4mdv2010.2.i586.rpm 26757766ba1bd4a9c7148d04588fe50c 2010.1/i586/apache-mod_disk_cache-2.2.15-3.4mdv2010.2.i586.rpm d668ff48b06e5b32d455af7aaae33480 2010.1/i586/apache-mod_file_cache-2.2.15-3.4mdv2010.2.i586.rpm 4287845377dc115e5a1585729d8e6b15 2010.1/i586/apache-mod_ldap-2.2.15-3.4mdv2010.2.i586.rpm 168abd8c322604f7024a90457ced5c16 2010.1/i586/apache-mod_mem_cache-2.2.15-3.4mdv2010.2.i586.rpm 58fc1f1ae0c7028a8eac5280922482ba 2010.1/i586/apache-mod_proxy-2.2.15-3.4mdv2010.2.i586.rpm f32d9ff3f404d49b46b8b63a7597623f 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.4mdv2010.2.i586.rpm a6d6b0dc82a12609a105b7f13a60c52d 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.4mdv2010.2.i586.rpm 01ac6784b890fc3f205ab58fa2708b0c 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.4mdv2010.2.i586.rpm 7d40b5f9566bbcb5a36a240f3e2281e6 2010.1/i586/apache-mod_ssl-2.2.15-3.4mdv2010.2.i586.rpm febac785b16900b8f8630277b12f732e 2010.1/i586/apache-modules-2.2.15-3.4mdv2010.2.i586.rpm 30c0051b4519bfc682da86ef5008fee4 2010.1/i586/apache-mod_userdir-2.2.15-3.4mdv2010.2.i586.rpm b7991fb35067f7f5b8c43fef70f6c6c1 2010.1/i586/apache-mpm-event-2.2.15-3.4mdv2010.2.i586.rpm bcc42aefa1d5edc1c8b28d0e87837ba9 2010.1/i586/apache-mpm-itk-2.2.15-3.4mdv2010.2.i586.rpm 6dd2d6c2c254cdc416cb6394c3ce4642 2010.1/i586/apache-mpm-peruser-2.2.15-3.4mdv2010.2.i586.rpm b075b7a1a5db8e549513862019dc4d49 2010.1/i586/apache-mpm-prefork-2.2.15-3.4mdv2010.2.i586.rpm f0a4446d35eb202894a258137c9a39ca 2010.1/i586/apache-mpm-worker-2.2.15-3.4mdv2010.2.i586.rpm 3662189a98719d869c6cd92339037634 2010.1/i586/apache-source-2.2.15-3.4mdv2010.2.i586.rpm 3f523608f5ede71397a35e53d7a82ad9 2010.1/SRPMS/apache-2.2.15-3.4mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: c2817045a41cac3a60c6050d0c96ed2d 2010.1/x86_64/apache-base-2.2.15-3.4mdv2010.2.x86_64.rpm ba029050d298b8bf7bdfd0ff0d8dfff2 2010.1/x86_64/apache-devel-2.2.15-3.4mdv2010.2.x86_64.rpm 9ab0bb04fa5cbab380fc7f4002672f6d 2010.1/x86_64/apache-htcacheclean-2.2.15-3.4mdv2010.2.x86_64.rpm 514f0faa3e12f9a837c80d18c42f096e 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.4mdv2010.2.x86_64.rpm 869f6fc17fcb140345c6fc426f00a372 2010.1/x86_64/apache-mod_cache-2.2.15-3.4mdv2010.2.x86_64.rpm b271b637ef95644aca494751bacb305e 2010.1/x86_64/apache-mod_dav-2.2.15-3.4mdv2010.2.x86_64.rpm 8c1bf792dd53c4cf534eeb66149a021a 2010.1/x86_64/apache-mod_dbd-2.2.15-3.4mdv2010.2.x86_64.rpm 80427734c2bdcb88998cd8f00d518a63 2010.1/x86_64/apache-mod_deflate-2.2.15-3.4mdv2010.2.x86_64.rpm 9d436dfa48708ff1c67430c9f96e744a 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.4mdv2010.2.x86_64.rpm 43d6300c4cdcd128bd8713009a4b9422 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.4mdv2010.2.x86_64.rpm d26fb68836d1f1238091ef30e2a29b2b 2010.1/x86_64/apache-mod_ldap-2.2.15-3.4mdv2010.2.x86_64.rpm f2a231754bbbe745ad472418a1e68dba 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.4mdv2010.2.x86_64.rpm 69a2515e03e42ca836a7d880ae6d1048 2010.1/x86_64/apache-mod_proxy-2.2.15-3.4mdv2010.2.x86_64.rpm 2a334acc8b0e681c2523d73ba2020980 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.4mdv2010.2.x86_64.rpm 082e3a971973d41d007f6ee8d433a964 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.4mdv2010.2.x86_64.rpm d0240e4907c53cbc15c38f852f3523f2 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.4mdv2010.2.x86_64.rpm 8947c120a2346c5e608de186e0a3ee75 2010.1/x86_64/apache-mod_ssl-2.2.15-3.4mdv2010.2.x86_64.rpm 52b797f3e31ed58daff164b3f9339440 2010.1/x86_64/apache-modules-2.2.15-3.4mdv2010.2.x86_64.rpm 568ce8efc2c5d87f5a65f2c2c3f552c8 2010.1/x86_64/apache-mod_userdir-2.2.15-3.4mdv2010.2.x86_64.rpm bc0ad260619fa1513c749f44e6842bfa 2010.1/x86_64/apache-mpm-event-2.2.15-3.4mdv2010.2.x86_64.rpm 2eff14b46b530cd91d8025d0bf36970c 2010.1/x86_64/apache-mpm-itk-2.2.15-3.4mdv2010.2.x86_64.rpm c15a1dc4de6a830b3ef6151f4bab901c 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.4mdv2010.2.x86_64.rpm f016b8856f9426c49798f993197fcd64 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.4mdv2010.2.x86_64.rpm 71bc0152b74ef1a03349b275abb7145d 2010.1/x86_64/apache-mpm-worker-2.2.15-3.4mdv2010.2.x86_64.rpm c9d21030172baaedbe9bc8d438c8285b 2010.1/x86_64/apache-source-2.2.15-3.4mdv2010.2.x86_64.rpm 3f523608f5ede71397a35e53d7a82ad9 2010.1/SRPMS/apache-2.2.15-3.4mdv2010.2.src.rpm Mandriva Linux 2011: fdf647dc322f45ba25112fb18761a8ca 2011/i586/apache-base-2.2.21-0.2-mdv2011.0.i586.rpm b1cd17efb6f49779d3f1608f7ce12317 2011/i586/apache-devel-2.2.21-0.2-mdv2011.0.i586.rpm 5003144977743f8092bc2657bb8a5744 2011/i586/apache-htcacheclean-2.2.21-0.2-mdv2011.0.i586.rpm 20b63b8bad01f15558bed39ae77735ad 2011/i586/apache-mod_authn_dbd-2.2.21-0.2-mdv2011.0.i586.rpm 30d70e38df5ab5395a8fb2ded1eeb24d 2011/i586/apache-mod_cache-2.2.21-0.2-mdv2011.0.i586.rpm efecc88f522b8ceda095c150bb79b8c1 2011/i586/apache-mod_dav-2.2.21-0.2-mdv2011.0.i586.rpm 38c556b4325441228f38fb13db21334d 2011/i586/apache-mod_dbd-2.2.21-0.2-mdv2011.0.i586.rpm 8838bc6f398879fc4a012e72fa0460f6 2011/i586/apache-mod_deflate-2.2.21-0.2-mdv2011.0.i586.rpm b17372865f84422d9159cc7bec915918 2011/i586/apache-mod_disk_cache-2.2.21-0.2-mdv2011.0.i586.rpm d5a6b009940820ce886c5562c1aaec51 2011/i586/apache-mod_file_cache-2.2.21-0.2-mdv2011.0.i586.rpm 2622ca1fd2eb31d57bf7dd8739862f6f 2011/i586/apache-mod_ldap-2.2.21-0.2-mdv2011.0.i586.rpm 2b5cfd82bfe043be558c5f64b793eae4 2011/i586/apache-mod_mem_cache-2.2.21-0.2-mdv2011.0.i586.rpm 4a931dcee38c86bb12de9f0e2981c11a 2011/i586/apache-mod_proxy-2.2.21-0.2-mdv2011.0.i586.rpm 2f8fb519cb0a2617c3bc87a211af441f 2011/i586/apache-mod_proxy_ajp-2.2.21-0.2-mdv2011.0.i586.rpm 66c2411ece3b4e6d3e77526869fac866 2011/i586/apache-mod_proxy_scgi-2.2.21-0.2-mdv2011.0.i586.rpm 75eef4373837415e36372776380819f7 2011/i586/apache-mod_reqtimeout-2.2.21-0.2-mdv2011.0.i586.rpm fa70ff654b3efe6d28969aa7460a9977 2011/i586/apache-mod_ssl-2.2.21-0.2-mdv2011.0.i586.rpm dc3a2f9f654727148ec6623a7f68aa3d 2011/i586/apache-modules-2.2.21-0.2-mdv2011.0.i586.rpm 4b7d982f9a0e16c75e3d62127651bd73 2011/i586/apache-mod_userdir-2.2.21-0.2-mdv2011.0.i586.rpm 46dd5bf60e0cc8aaa098136ffbc4d1f8 2011/i586/apache-mpm-event-2.2.21-0.2-mdv2011.0.i586.rpm 750b7f77b7ac0ed715427869af54fa33 2011/i586/apache-mpm-itk-2.2.21-0.2-mdv2011.0.i586.rpm 1a67882e778e3f3bc89b0ef45f039ea6 2011/i586/apache-mpm-peruser-2.2.21-0.2-mdv2011.0.i586.rpm 7e85783e129e133a4b4de06484f50597 2011/i586/apache-mpm-prefork-2.2.21-0.2-mdv2011.0.i586.rpm b3ed18bc46d66240096aa65f5c557ff9 2011/i586/apache-mpm-worker-2.2.21-0.2-mdv2011.0.i586.rpm 1a80519a9a4a5b83d6c136506eeb5ae0 2011/i586/apache-source-2.2.21-0.2-mdv2011.0.i586.rpm 0208ab576bca6346db61084a4247c585 2011/SRPMS/apache-2.2.21-0.2.src.rpm Mandriva Linux 2011/X86_64: 87da9845764ce52f30350a2da3f1bb50 2011/x86_64/apache-base-2.2.21-0.2-mdv2011.0.x86_64.rpm 382426ba9336ddd28b26a25e3306effa 2011/x86_64/apache-devel-2.2.21-0.2-mdv2011.0.x86_64.rpm d39b4ad5420a27e886ee33102753611e 2011/x86_64/apache-htcacheclean-2.2.21-0.2-mdv2011.0.x86_64.rpm b9f07f25fada0f52f8467dc390b6c910 2011/x86_64/apache-mod_authn_dbd-2.2.21-0.2-mdv2011.0.x86_64.rpm 396f1addba810264b4d7d8eac405c05d 2011/x86_64/apache-mod_cache-2.2.21-0.2-mdv2011.0.x86_64.rpm ae6cd0e23ccd835177f060debb4c373a 2011/x86_64/apache-mod_dav-2.2.21-0.2-mdv2011.0.x86_64.rpm 75131d0a822f92b946a28f4c29925018 2011/x86_64/apache-mod_dbd-2.2.21-0.2-mdv2011.0.x86_64.rpm 88301617766cafe8e1d142ec30ff7a32 2011/x86_64/apache-mod_deflate-2.2.21-0.2-mdv2011.0.x86_64.rpm 7f03884c099d174c94ab2ca5c74ddb5f 2011/x86_64/apache-mod_disk_cache-2.2.21-0.2-mdv2011.0.x86_64.rpm ee9d59bf2fde441bdeadd810f6f624ee 2011/x86_64/apache-mod_file_cache-2.2.21-0.2-mdv2011.0.x86_64.rpm 60e5e7c1df99feaf019f5203deae62cf 2011/x86_64/apache-mod_ldap-2.2.21-0.2-mdv2011.0.x86_64.rpm c138331a28ac50ba59cab8499a6c8b5d 2011/x86_64/apache-mod_mem_cache-2.2.21-0.2-mdv2011.0.x86_64.rpm 1d8183c8b428f6a824a1f9b7a1335124 2011/x86_64/apache-mod_proxy-2.2.21-0.2-mdv2011.0.x86_64.rpm 587a07a541fb759edf6cf4e7723a8f13 2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.2-mdv2011.0.x86_64.rpm 643d55f506ddc7e2d8d9eeb370a7d5d0 2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.2-mdv2011.0.x86_64.rpm 317f850263dc7a177c7aeca49ff73c0f 2011/x86_64/apache-mod_reqtimeout-2.2.21-0.2-mdv2011.0.x86_64.rpm d13268e72655c84407bc4f84b7dfbc63 2011/x86_64/apache-mod_ssl-2.2.21-0.2-mdv2011.0.x86_64.rpm aba1a4f6b8a2e165d88dea70da96aa38 2011/x86_64/apache-modules-2.2.21-0.2-mdv2011.0.x86_64.rpm afa4e495f86f5c61994947211833eb87 2011/x86_64/apache-mod_userdir-2.2.21-0.2-mdv2011.0.x86_64.rpm c30be0170ee148a2b26bf90d56321b9c 2011/x86_64/apache-mpm-event-2.2.21-0.2-mdv2011.0.x86_64.rpm fe799582be71a26191caff516250d9bb 2011/x86_64/apache-mpm-itk-2.2.21-0.2-mdv2011.0.x86_64.rpm 901ef8c7c3e97d00d08528bf9e4711b1 2011/x86_64/apache-mpm-peruser-2.2.21-0.2-mdv2011.0.x86_64.rpm d6309de31d78ced4ddfb4cd339bda2a1 2011/x86_64/apache-mpm-prefork-2.2.21-0.2-mdv2011.0.x86_64.rpm 6e5481db63f7ee78b37bf4341f30f1e0 2011/x86_64/apache-mpm-worker-2.2.21-0.2-mdv2011.0.x86_64.rpm 976de27a1426d6d4d0eeaf3a35b44564 2011/x86_64/apache-source-2.2.21-0.2-mdv2011.0.x86_64.rpm 0208ab576bca6346db61084a4247c585 2011/SRPMS/apache-2.2.21-0.2.src.rpm Mandriva Enterprise Server 5: 362272e9ac2693eec7b635adc0d21703 mes5/i586/apache-base-2.2.9-12.13mdvmes5.2.i586.rpm d96a49a2c5e91ded681961ff6cc952a4 mes5/i586/apache-devel-2.2.9-12.13mdvmes5.2.i586.rpm 49603b007ba8170dc03d2c126c84e50d mes5/i586/apache-htcacheclean-2.2.9-12.13mdvmes5.2.i586.rpm 3380d84b972a6a463b045737ff613b49 mes5/i586/apache-mod_authn_dbd-2.2.9-12.13mdvmes5.2.i586.rpm de7fa15db92d1d30e2da0445c1809813 mes5/i586/apache-mod_cache-2.2.9-12.13mdvmes5.2.i586.rpm a8010890a6a571f95020275b6f142bca mes5/i586/apache-mod_dav-2.2.9-12.13mdvmes5.2.i586.rpm b06ae064db3f74b0f784bf2901f72c2f mes5/i586/apache-mod_dbd-2.2.9-12.13mdvmes5.2.i586.rpm 7dacb5f1cc7ba1cf990905290fdae463 mes5/i586/apache-mod_deflate-2.2.9-12.13mdvmes5.2.i586.rpm 1c8585291e70c6a3d3809bad1f79e683 mes5/i586/apache-mod_disk_cache-2.2.9-12.13mdvmes5.2.i586.rpm 3c1a95ac86df5dd6a3c1cb7b4daba63e mes5/i586/apache-mod_file_cache-2.2.9-12.13mdvmes5.2.i586.rpm 0b6c33e07fe7f4c448dba48b5750f668 mes5/i586/apache-mod_ldap-2.2.9-12.13mdvmes5.2.i586.rpm 0a5ac07dddf6dfb4f81260180f5400c7 mes5/i586/apache-mod_mem_cache-2.2.9-12.13mdvmes5.2.i586.rpm 2e88a664547e82bf0a09e7a59df3cfb1 mes5/i586/apache-mod_proxy-2.2.9-12.13mdvmes5.2.i586.rpm 02f77738b01c4fac6cbfd174aaf1f3dd mes5/i586/apache-mod_proxy_ajp-2.2.9-12.13mdvmes5.2.i586.rpm 9ccb5fbad8be4a8b854202f61bbff404 mes5/i586/apache-mod_ssl-2.2.9-12.13mdvmes5.2.i586.rpm 90b0eaa590c9ef3384d9d510b02acb0a mes5/i586/apache-modules-2.2.9-12.13mdvmes5.2.i586.rpm 139ec8c7604ff186d9a5f7211cf153e2 mes5/i586/apache-mod_userdir-2.2.9-12.13mdvmes5.2.i586.rpm 427d203744147b131faacaeda85d0c33 mes5/i586/apache-mpm-event-2.2.9-12.13mdvmes5.2.i586.rpm f05074badc58876520876f4c5030f65e mes5/i586/apache-mpm-itk-2.2.9-12.13mdvmes5.2.i586.rpm 218eb230875cef887a298886add841c5 mes5/i586/apache-mpm-peruser-2.2.9-12.13mdvmes5.2.i586.rpm b18ac1117a837c0a01b0214d34914d33 mes5/i586/apache-mpm-prefork-2.2.9-12.13mdvmes5.2.i586.rpm a61b60d3ed2d40ca20154a7720d5d700 mes5/i586/apache-mpm-worker-2.2.9-12.13mdvmes5.2.i586.rpm ba799d2f8a25748d0222ca5c22b8d77b mes5/i586/apache-source-2.2.9-12.13mdvmes5.2.i586.rpm 805742aa36cff750b99f31e180fd867d mes5/SRPMS/apache-2.2.9-12.13mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: fc201c9261c712da3f289e9b4027a5fc mes5/x86_64/apache-base-2.2.9-12.13mdvmes5.2.x86_64.rpm 5525b60c6cfba84feed38edf06e2e246 mes5/x86_64/apache-devel-2.2.9-12.13mdvmes5.2.x86_64.rpm 216f7afebeabd44b1fe3177b909bb169 mes5/x86_64/apache-htcacheclean-2.2.9-12.13mdvmes5.2.x86_64.rpm 6e113f9a73cfef3c205e15b7ab5d9c09 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.13mdvmes5.2.x86_64.rpm 6811ceefa8472b1af410f79262ec4fb6 mes5/x86_64/apache-mod_cache-2.2.9-12.13mdvmes5.2.x86_64.rpm ff747be8f132abad9629bda68dffba20 mes5/x86_64/apache-mod_dav-2.2.9-12.13mdvmes5.2.x86_64.rpm d36b00c90f690ca783ed1af88bfd07e2 mes5/x86_64/apache-mod_dbd-2.2.9-12.13mdvmes5.2.x86_64.rpm 121ed1fef89fafed42538714a0c91742 mes5/x86_64/apache-mod_deflate-2.2.9-12.13mdvmes5.2.x86_64.rpm 680c3c57565fa6937f1bd436461cf013 mes5/x86_64/apache-mod_disk_cache-2.2.9-12.13mdvmes5.2.x86_64.rpm b2c008438014163937dc4a4951d6f145 mes5/x86_64/apache-mod_file_cache-2.2.9-12.13mdvmes5.2.x86_64.rpm 149fd8345aec9b63304643717c4e3aa0 mes5/x86_64/apache-mod_ldap-2.2.9-12.13mdvmes5.2.x86_64.rpm e549c5dd75bee4df39e9c947e0724b71 mes5/x86_64/apache-mod_mem_cache-2.2.9-12.13mdvmes5.2.x86_64.rpm 784137d1caaaa974db42e54e0cbbc621 mes5/x86_64/apache-mod_proxy-2.2.9-12.13mdvmes5.2.x86_64.rpm c6dea61e1b6f8a2373741af10a9bf72a mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.13mdvmes5.2.x86_64.rpm 92e34c8dbeac34258a527dead2c362e9 mes5/x86_64/apache-mod_ssl-2.2.9-12.13mdvmes5.2.x86_64.rpm c4780606189970462d0e7063fcc356ae mes5/x86_64/apache-modules-2.2.9-12.13mdvmes5.2.x86_64.rpm 78bad1842ce68bf2a0c1fcf75a6805a2 mes5/x86_64/apache-mod_userdir-2.2.9-12.13mdvmes5.2.x86_64.rpm 29db775ba6d750c955f70ea7d8e21bed mes5/x86_64/apache-mpm-event-2.2.9-12.13mdvmes5.2.x86_64.rpm 34ba6c4d7e9f0a31cc010df6d97882c3 mes5/x86_64/apache-mpm-itk-2.2.9-12.13mdvmes5.2.x86_64.rpm b4b3ac445b8cb6bb3aaed1cad0756efc mes5/x86_64/apache-mpm-peruser-2.2.9-12.13mdvmes5.2.x86_64.rpm fc138aec05894dc918ac1a2cd93731d2 mes5/x86_64/apache-mpm-prefork-2.2.9-12.13mdvmes5.2.x86_64.rpm 5a1dcd551d4f49a39c76a1b1de709bd5 mes5/x86_64/apache-mpm-worker-2.2.9-12.13mdvmes5.2.x86_64.rpm c1908c1a28f94c61d3aced3485b64f73 mes5/x86_64/apache-source-2.2.9-12.13mdvmes5.2.x86_64.rpm 805742aa36cff750b99f31e180fd867d mes5/SRPMS/apache-2.2.9-12.13mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFOkBbQmqjQ0CJFipgRAnX4AKCegRXuoI4BSRlF/fpDsy5pYNVAgACeJKh2 XA5J3HXCFMVungHV4GyLHwQ= =k57D -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ========================================================================== Ubuntu Security Notice USN-1259-1 November 11, 2011 apache2, apache2-mpm-itk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Multiple vulnerabilities and a regression were fixed in the Apache HTTP server. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. (CVE-2011-3348) Samuel Montosa discovered that the ITK Multi-Processing Module for Apache did not properly handle certain configuration sections that specify NiceValue but not AssignUserID, preventing Apache from dropping privileges correctly. This issue only affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1176) USN 1199-1 fixed a vulnerability in the byterange filter of Apache. The upstream patch introduced a regression in Apache when handling specific byte range requests. Original advisory details: A flaw was discovered in the byterange filter in Apache. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: apache2.2-bin 2.2.20-1ubuntu1.1 Ubuntu 11.04: apache2-mpm-itk 2.2.17-1ubuntu1.4 apache2.2-bin 2.2.17-1ubuntu1.4 Ubuntu 10.10: apache2-mpm-itk 2.2.16-1ubuntu3.4 apache2.2-bin 2.2.16-1ubuntu3.4 Ubuntu 10.04 LTS: apache2-mpm-itk 2.2.14-5ubuntu8.7 apache2.2-bin 2.2.14-5ubuntu8.7 Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.22 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security and bug fix update Advisory ID: RHSA-2012:0543-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0543.html Issue date: 2012-05-07 CVE Names: CVE-2011-3348 CVE-2011-3368 CVE-2011-3607 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 ===================================================================== 1. Summary: An update for the Apache HTTP Server component for JBoss Enterprise Web Server 1.0.2 that fixes multiple security issues and one bug is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348) The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607) A NULL pointer dereference flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled, a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed Cookie header. (CVE-2012-0021) A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031) Red Hat would like to thank Context Information Security for reporting the CVE-2011-3368 issue. This update also fixes the following bug: * The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update introduced a regression in the way httpd handled certain Range HTTP header values. This update corrects this regression. (BZ#749071) All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). 4. Bugs fixed (http://bugzilla.redhat.com/): 736690 - CVE-2011-3348 httpd: mod_proxy_ajp remote temporary DoS 740045 - CVE-2011-3368 httpd: reverse web proxy vulnerability 769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow 773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling 785065 - CVE-2012-0021 httpd: NULL pointer dereference crash in mod_log_config 785069 - CVE-2012-0053 httpd: cookie exposure due to error responses 5. References: https://www.redhat.com/security/data/cve/CVE-2011-3348.html https://www.redhat.com/security/data/cve/CVE-2011-3368.html https://www.redhat.com/security/data/cve/CVE-2011-3607.html https://www.redhat.com/security/data/cve/CVE-2012-0021.html https://www.redhat.com/security/data/cve/CVE-2012-0031.html https://www.redhat.com/security/data/cve/CVE-2012-0053.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=1.0.2 https://rhn.redhat.com/errata/RHSA-2011-1330.html 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPqBfUXlSAg2UNWIIRAgp2AJ432q0jjbDmtWUkzP2pTCOTuyM5ywCcDYDy 4xGCmUQd1BJTxhSroB4/okA= =45KX -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This version of Apache is principally a security and bug fix release, including the following significant security fixes: * SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. * SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. * SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. * SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. * SECURITY: CVE-2012-0053 (cve.mitre.org) Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400. The Apache HTTP Project thanks halfdog, Context Information Security Ltd, Prutha Parikh of Qualys, and Norman Hippert for bringing these issues to the attention of the security team. We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade. Apache HTTP Server 2.2.22 is available for download from: http://httpd.apache.org/download.cgi Please see the CHANGES_2.2 file, linked from the download page, for a full list of changes. A condensed list, CHANGES_2.2.22 includes only those changes introduced since the prior 2.2 release. A summary of all of the security vulnerabilities addressed in this and earlier releases is available: http://httpd.apache.org/security/vulnerabilities_22.html This release includes the Apache Portable Runtime (APR) version 1.4.5 and APR Utility Library (APR-util) version 1.4.2, bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libapriconv version 1.2.1) must all be updated to ensure binary compatibility and address many known security and platform bugs. APR-util version 1.4 represents a minor version upgrade from earlier httpd source distributions, which previously included version 1.3. Apache 2.2 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase. For an overview of new features introduced since 2.0 please see: http://httpd.apache.org/docs/2.2/new_features_2_2.html This release builds on and extends the Apache 2.0 API. Modules written for Apache 2.0 will need to be recompiled in order to run with Apache 2.2, and require minimal or no source code changes. http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING When upgrading or installing this version of Apache, please bear in mind that if you intend to use Apache with one of the threaded MPMs (other than the Prefork MPM), you must ensure that any modules you will be using (and the libraries they depend on) are thread-safe. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03231301 Version: 1 HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-03-27 Last Updated: 2012-03-27 Potential Security Impact: Remote unauthorized disclosure of information, unauthorized modification, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache HTTP Server. The vulnerabilities could be exploited remotely resulting in unauthorized disclosure of information, unauthorized modification, or Denial of Service (DoS). References: CVE-2012-0053, CVE-2012-0031, CVE-2012-0021, CVE-2011-4317, CVE-2011-3607, CVE-2011-3368 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided a hotfix to resolve the vulnerabilities. The SSRT100772 hotfix is available by contacting the normal HP Services support channel. MANUAL ACTIONS: Yes - NonUpdate Install the hotfix for SSRT100772. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS (for HP-UX) For HP-UX OV NNM 7.53 HP-UX B.11.31 HP-UX B.11.23 (IA) HP-UX B.11.23 (PA) HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN,fr=B.07.50.00 action: install the hotfix for SSRT100772 END AFFECTED VERSIONS (for HP-UX) HISTORY Version:1 (rev.1) - 27 March 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. (BZ#736593, BZ#736594) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm ia64: httpd-2.0.52-49.ent.ia64.rpm httpd-debuginfo-2.0.52-49.ent.ia64.rpm httpd-devel-2.0.52-49.ent.ia64.rpm httpd-manual-2.0.52-49.ent.ia64.rpm httpd-suexec-2.0.52-49.ent.ia64.rpm mod_ssl-2.0.52-49.ent.ia64.rpm ppc: httpd-2.0.52-49.ent.ppc.rpm httpd-debuginfo-2.0.52-49.ent.ppc.rpm httpd-devel-2.0.52-49.ent.ppc.rpm httpd-manual-2.0.52-49.ent.ppc.rpm httpd-suexec-2.0.52-49.ent.ppc.rpm mod_ssl-2.0.52-49.ent.ppc.rpm s390: httpd-2.0.52-49.ent.s390.rpm httpd-debuginfo-2.0.52-49.ent.s390.rpm httpd-devel-2.0.52-49.ent.s390.rpm httpd-manual-2.0.52-49.ent.s390.rpm httpd-suexec-2.0.52-49.ent.s390.rpm mod_ssl-2.0.52-49.ent.s390.rpm s390x: httpd-2.0.52-49.ent.s390x.rpm httpd-debuginfo-2.0.52-49.ent.s390x.rpm httpd-devel-2.0.52-49.ent.s390x.rpm httpd-manual-2.0.52-49.ent.s390x.rpm httpd-suexec-2.0.52-49.ent.s390x.rpm mod_ssl-2.0.52-49.ent.s390x.rpm x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm ia64: httpd-2.0.52-49.ent.ia64.rpm httpd-debuginfo-2.0.52-49.ent.ia64.rpm httpd-devel-2.0.52-49.ent.ia64.rpm httpd-manual-2.0.52-49.ent.ia64.rpm httpd-suexec-2.0.52-49.ent.ia64.rpm mod_ssl-2.0.52-49.ent.ia64.rpm x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm ia64: httpd-2.0.52-49.ent.ia64.rpm httpd-debuginfo-2.0.52-49.ent.ia64.rpm httpd-devel-2.0.52-49.ent.ia64.rpm httpd-manual-2.0.52-49.ent.ia64.rpm httpd-suexec-2.0.52-49.ent.ia64.rpm mod_ssl-2.0.52-49.ent.ia64.rpm x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm i386: httpd-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm mod_ssl-2.2.3-53.el5_7.3.i386.rpm x86_64: httpd-2.2.3-53.el5_7.3.x86_64.rpm httpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm mod_ssl-2.2.3-53.el5_7.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm i386: httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-manual-2.2.3-53.el5_7.3.i386.rpm x86_64: httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.x86_64.rpm httpd-manual-2.2.3-53.el5_7.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm i386: httpd-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-manual-2.2.3-53.el5_7.3.i386.rpm mod_ssl-2.2.3-53.el5_7.3.i386.rpm ia64: httpd-2.2.3-53.el5_7.3.ia64.rpm httpd-debuginfo-2.2.3-53.el5_7.3.ia64.rpm httpd-devel-2.2.3-53.el5_7.3.ia64.rpm httpd-manual-2.2.3-53.el5_7.3.ia64.rpm mod_ssl-2.2.3-53.el5_7.3.ia64.rpm ppc: httpd-2.2.3-53.el5_7.3.ppc.rpm httpd-debuginfo-2.2.3-53.el5_7.3.ppc.rpm httpd-debuginfo-2.2.3-53.el5_7.3.ppc64.rpm httpd-devel-2.2.3-53.el5_7.3.ppc.rpm httpd-devel-2.2.3-53.el5_7.3.ppc64.rpm httpd-manual-2.2.3-53.el5_7.3.ppc.rpm mod_ssl-2.2.3-53.el5_7.3.ppc.rpm s390x: httpd-2.2.3-53.el5_7.3.s390x.rpm httpd-debuginfo-2.2.3-53.el5_7.3.s390.rpm httpd-debuginfo-2.2.3-53.el5_7.3.s390x.rpm httpd-devel-2.2.3-53.el5_7.3.s390.rpm httpd-devel-2.2.3-53.el5_7.3.s390x.rpm httpd-manual-2.2.3-53.el5_7.3.s390x.rpm mod_ssl-2.2.3-53.el5_7.3.s390x.rpm x86_64: httpd-2.2.3-53.el5_7.3.x86_64.rpm httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.x86_64.rpm httpd-manual-2.2.3-53.el5_7.3.x86_64.rpm mod_ssl-2.2.3-53.el5_7.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.22 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A remote attacker may be able to cause a denial of service in systems configured to run BIND as a DNS nameserver Description: A reachable assertion issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4313 BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: A remote attacker may be able to cause a denial of service, data corruption, or obtain sensitive information from process memory in systems configured to run BIND as a DNS nameserver Description: A memory management issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. CVE-ID CVE-2012-1667 CoreText Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A bounds checking issue existed in the handling of text glyphs, which may lead to out of bounds memory reads or writes. This issue was addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-3716 : Jesse Ruderman of Mozilla Corporation Data Security Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update adds the involved sub-CA certificate to OS X's list of untrusted certificates. DirectoryService Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: If the DirectoryService Proxy is used, a remote attacker may cause a denial of service or arbitrary code execution Description: A buffer overflow existed in the DirectoryService Proxy. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion and Mountain Lion systems. CVE-ID CVE-2012-0650 : aazubel working with HP's Zero Day Initiative ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. These issues do not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048 ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative Installer Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Remote admins and persons with physical access to the system may obtain account information Description: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented user passwords from being recorded in the system log, but did not remove the old log entries. This issue was addressed by deleting log files that contained passwords. This issue does not affect Mac OS X 10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-0652 International Components for Unicode Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4599 Kernel Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. This issue was addressed by disabling handling of addresses in PT_STEP and PT_CONTINUE. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0643 : iOS Jailbreak Dream Team LoginWindow Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A local user may be able to obtain other user's login passwords Description: A user-installed input method could intercept password keystrokes from Login Window or Screen Saver Unlock. This issue was addressed by preventing user-installed methods from being used when the system is handling login information. CVE-ID CVE-2012-3718 : An anonymous researcher Mail Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing an e-mail message may lead to execution of web plugins Description: An input validation issue existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third- party plug-ins in Mail. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3719 : Will Dormann of the CERT/CC Mobile Accounts Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A user with access to the contents of a mobile account may obtain the account password Description: Creating a mobile account saved a hash of the password in the account, which was used to login when the mobile account was used as an external account. The password hash could be used to determine the user's password. This issue was addressed by creating the password hash only if external accounts are enabled on the system where the mobile account is created. CVE-ID CVE-2012-3720 : Harald Wagener of Google, Inc. PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: Multiple vulnerabilities in PHP Description: >PHP is updated to version 5.3.15 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2386 CVE-2012-2688 PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: PHP scripts which use libpng may be vulnerable to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PNG files. This issue was addressed by updating PHP's copy of libpng to version 1.5.10. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3048 Profile Manager Available for: OS X Lion Server v10.7 to v10.7.4 Impact: An unauthenticated user could enumerate managed devices Description: An authentication issue existed in the Device Management private interface. This issue was addressed by removing the interface. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3721 : Derick Cassidy of XEquals Corporation QuickLook Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. This issue was addressed through improved validation of .pict files. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL) QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The Ruby OpenSSL module disabled the 'empty fragment' countermeasure which prevented these attacks. This issue was addressed by enabling empty fragments. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3389 USB Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Attaching a USB device may lead to an unexpected system termination or arbitrary code execution Description: A memory corruption issue existed in the handling of USB hub descriptors. This issue was addressed through improved handling of the bNbrPorts descriptor field. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3723 : Andy Davis of NGS Secure Note: OS X Mountain Lion v10.8.2 includes the content of Safari 6.0.1. For further details see "About the security content of Safari 6.0.1" at http://http//support.apple.com/kb/HT5502 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update 2012-004. For OS X Mountain Lion v10.8.1 The download file is named: OSXUpd10.8.2.dmg Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33 For OS X Mountain Lion v10.8 The download file is named: OSXUpdCombo10.8.2.dmg Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c For OS X Lion v10.7.4 The download file is named: MacOSXUpd10.7.5.dmg Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532 For OS X Lion v10.7 and v10.7.3 The download file is named: MacOSXUpdCombo10.7.5.dmg Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b For OS X Lion Server v10.7.4 The download file is named: MacOSXServerUpd10.7.5.dmg Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a For OS X Lion Server v10.7 and v10.7.3 The download file is named: MacOSXServerUpdCombo10.7.5.dmg Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e For Mac OS X v10.6.8 The download file is named: SecUpd2012-004.dmg Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-004.dmg Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e Qm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW pc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE DQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO QyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n 7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm 7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO BOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5 w4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3 +9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK q5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2 xyBfrQfG/dsif6jGHaot =8joH -----END PGP SIGNATURE-----

AFFECTED PRODUCTS