---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: SUSE update for apache and apache2 SECUNIA ADVISORY ID: SA29640 VERIFY ADVISORY: http://secunia.com/advisories/29640/ CRITICAL: Less critical IMPACT: Cross Site Scripting, DoS WHERE: >From remote OPERATING SYSTEM: openSUSE 10.3 http://secunia.com/product/16124/ openSUSE 10.2 http://secunia.com/product/13375/ SUSE Linux 10.1 http://secunia.com/product/10796/ SUSE Linux Enterprise Server 10 http://secunia.com/product/12192/ SUSE Linux Enterprise Server 9 http://secunia.com/product/4118/ SOFTWARE: Novell Open Enterprise Server 1.x http://secunia.com/product/4664/ DESCRIPTION: SUSE has issued an update for apache and apache2. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and malicious users to cause a DoS (Denial of Service). For more information: SA21172 SA27906 SA28046 SOLUTION: Apply updated packages. x86 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-2.2.3-24.i586.rpm f03e4b8274d7152b45efd72e7cde61b5 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-devel-2.2.3-24.i586.rpm ef8e006c4acfea843329bf2fc12b79fd ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-doc-2.2.3-24.i586.rpm 51ecfcb9bb6d8c8f08efc97d70b8abbe ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-example-pages-2.2.3-24.i586.rpm ce37cfd168b627b540e957da18e5ec8f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-prefork-2.2.3-24.i586.rpm 0484c1e9d00bd24b5152c562da9ba047 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-worker-2.2.3-24.i586.rpm b19e229f483a737b25f2aa53c190f92a SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-2.2.3-16.17.3.i586.rpm 06c0701d4bd315fb0f644b4fb30d8a95 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-devel-2.2.3-16.17.3.i586.rpm 45718ef5161e3544321676e3dd8eca64 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-doc-2.2.3-16.17.3.i586.rpm 65bdf31d9f940c0b96f7732d0eaf9e0b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-example-pages-2.2.3-16.17.3.i586.rpm f8e44ce88c837172d82871bebb06ffd4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-prefork-2.2.3-16.17.3.i586.rpm 526d93881e73786ee7f00ef21936ddd0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-worker-2.2.3-16.17.3.i586.rpm 1b42cc7478d521000b6566bec22d4109 openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-2.2.4-70.4.i586.rpm 2922d4f0980462aa93cc93f74001f7c8 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-devel-2.2.4-70.4.i586.rpm e80c2f655b566a82ebe3a0d8b95b365e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-doc-2.2.4-70.4.i586.rpm a0f13f91c739c7e8deed206136d710ae http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-example-pages-2.2.4-70.4.i586.rpm 5970a02072fa94016f9317641c66bbf5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-prefork-2.2.4-70.4.i586.rpm 5b74451cf3b6d4c82da35b3a20cd6e4a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-utils-2.2.4-70.4.i586.rpm fecb129d6f984f502f4b96e6e74a1a4e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-worker-2.2.4-70.4.i586.rpm d5f5ff376fbe11104ee244b5fbbb3e06 Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-2.2.4-70.4.ppc.rpm a2f1e111c2f22510e37c5c6aa31644c7 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-devel-2.2.4-70.4.ppc.rpm 992fe3cb04a01a3f20ef149f22ad8dec http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-doc-2.2.4-70.4.ppc.rpm 4a1c3ecbd61659cae402818e36c6c849 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-example-pages-2.2.4-70.4.ppc.rpm 2fd3d31bea6ac3a624816f96418c8abb http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-prefork-2.2.4-70.4.ppc.rpm a6b81c7bba5e2ee49132c4e9b04849ba http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-utils-2.2.4-70.4.ppc.rpm d23423196ff4f33d6f3aafe42a2edb88 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-worker-2.2.4-70.4.ppc.rpm 98eae0b512e9758763725ecf48e87154 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-2.2.3-24.ppc.rpm 01639c47e83d965858231060b99f163a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-devel-2.2.3-24.ppc.rpm f0c506948d4662ccf850c3ef784aeb10 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-doc-2.2.3-24.ppc.rpm 7720848272448f257a9d8a5492d59119 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-example-pages-2.2.3-24.ppc.rpm bb9a072748358dbd84e9a496a634aa3a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-prefork-2.2.3-24.ppc.rpm 4cab7f565ef9b5ba23c5158b7fa16245 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-worker-2.2.3-24.ppc.rpm 71774427d3c37bf7dc3dfbdd475a3499 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-2.2.3-16.17.3.ppc.rpm f2a8afbab90fbd03ea8f197a5ce8f65e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-devel-2.2.3-16.17.3.ppc.rpm 44f8fe684f1eab3f9a6ebb65087de90b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-doc-2.2.3-16.17.3.ppc.rpm 1fe8f99590d355d60ed4cd653b23a6d7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-example-pages-2.2.3-16.17.3.ppc.rpm 2270c3c1dbddf55952d12c00e5e69217 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-prefork-2.2.3-16.17.3.ppc.rpm 81b0ded89d7109bd790081d7e734b780 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-worker-2.2.3-16.17.3.ppc.rpm d13888fba051f3d508ee8baeca99bf96 x86-64 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-2.2.3-24.x86_64.rpm cb086d72cfa22d69ffb77401a3873b27 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-devel-2.2.3-24.x86_64.rpm b13ea6a67a114d197e0f97cf83fb1712 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-doc-2.2.3-24.x86_64.rpm 6721aef0cdabf944ffdc7917bafa22db ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-example-pages-2.2.3-24.x86_64.rpm 475b95ef58b8078af54e6e0051d340c4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-prefork-2.2.3-24.x86_64.rpm 66683396a06e14ab0a6fafd3af1c1cd3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-worker-2.2.3-24.x86_64.rpm 260c25e62faf98def97d7f227d931545 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-2.2.3-16.17.3.x86_64.rpm 391a67b5fbcd657e2ecfba1a459057b2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-devel-2.2.3-16.17.3.x86_64.rpm e78d919d97960714f0bdff45cf984b70 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-doc-2.2.3-16.17.3.x86_64.rpm 52ee6e668465921cedb8ec6db723180b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-example-pages-2.2.3-16.17.3.x86_64.rpm 8400d2e78b1c2edc522c65a1b099f396 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-prefork-2.2.3-16.17.3.x86_64.rpm 17eef4da8eb3dd2eccace560d7a14e0e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-worker-2.2.3-16.17.3.x86_64.rpm da7b31c3508caf37b650e9cf47359098 openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-2.2.4-70.4.x86_64.rpm 9ff3ba6a589b6e79f603828937c5c126 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-devel-2.2.4-70.4.x86_64.rpm 56b23bc76fbfb0bc0d98b11c63daaf36 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-doc-2.2.4-70.4.x86_64.rpm 55ce8aaf6bc7c097999a93efe99da704 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-example-pages-2.2.4-70.4.x86_64.rpm 1c2d0b400948e83773ba08127ba7fa82 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-prefork-2.2.4-70.4.x86_64.rpm 537ef6542894bf7ad0bdc72ea9e73be7 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-utils-2.2.4-70.4.x86_64.rpm a9d11f6df973e9e71889acfd36ec49c3 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-worker-2.2.4-70.4.x86_64.rpm a51618285183cd0b97075be8436ea697 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/apache2-2.2.4-70.4.src.rpm 9ac4cf97f58360c61b17b177a72df991 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/apache2-2.2.3-24.src.rpm 10a8ee22535b31519d2ba876c31d5271 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apache2-2.2.3-16.17.3.src.rpm 66e2fed2bd179c17fed7b931900ef0dc Open Enterprise Server http://support.novell.com/techcenter/psdb/484f33da03a9e3e4632f40254c4a96a3.html http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/484f33da03a9e3e4632f40254c4a96a3.html http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.html Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.html Novell Linux Desktop 9 SDK http://support.novell.com/techcenter/psdb/484f33da03a9e3e4632f40254c4a96a3.html http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/484f33da03a9e3e4632f40254c4a96a3.html http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.html SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/652745fced1c4af0216a2f3d8430a472.html SLE SDK 10 SP1 http://support.novell.com/techcenter/psdb/652745fced1c4af0216a2f3d8430a472.html ORIGINAL ADVISORY: http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html OTHER REFERENCES: SA21172: http://secunia.com/advisories/21172/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------