FSA/F7/FEDORA-2007-0316

From FedoraProject

< FSA | F7
Revision as of 16:38, 24 May 2008 by Admin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

[SECURITY] Fedora 7 Update: mod_perl-2.0.3-9.1.fc7

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-0316
2007-06-09 12:19:05.825516
--------------------------------------------------------------------------------

Name        : mod_perl
Product     : Fedora 7
Version     : 2.0.3
Release     : 9.1.fc7
Summary     : An embedded Perl interpreter for the Apache Web server
Description :
Mod_perl incorporates a Perl interpreter into the Apache web server,
so that the Apache web server can directly execute Perl code.
Mod_perl links the Perl runtime library into the Apache web server and
provides an object-oriented Perl interface for Apache's C language
API.  The end result is a quicker CGI script turnaround process, since
no external Perl interpreter has to be started.

Install mod_perl if you're installing the Apache web server and you'd
like for it to directly incorporate a Perl interpreter.

--------------------------------------------------------------------------------
Update Information:

This update fixes a security issue in mod_perl.

An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class.
If a server implemented a mod_perl registry module using this method, a remote attacker
requesting a carefully crafted URI can cause resource consumption, which could lead to
a denial of service. (CVE-2007-1349)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun  8 2007 Joe Orton <jorton redhat com> 2.0.3-9.1.fc7
- add security fix for CVE-2007-1349
* Fri Apr 20 2007 Joe Orton <jorton redhat com> 2.0.3-8
- filter provide of perl(warnings) (#228429)
--------------------------------------------------------------------------------
References:

[ 1 ]  CVE-2007-1349
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349
--------------------------------------------------------------------------------
Updated packages:

2d37b56479c23e1b5723f5f120a7d765970e64df mod_perl-2.0.3-9.1.fc7.ppc64.rpm
d78b17bda075bfcce69e69aca7f41acd59b31db6 mod_perl-devel-2.0.3-9.1.fc7.ppc64.rpm
a7d300a16e9142ef02ed3ab9b7cbce74d183c512 mod_perl-debuginfo-2.0.3-9.1.fc7.ppc64.rpm
7ea4a7a440ef6eb7a1bf80ae0c2e9af36e25ecc7 mod_perl-devel-2.0.3-9.1.fc7.i386.rpm
9a276ec845ac2d4734f0938e3514bdbf3b9ad0d1 mod_perl-debuginfo-2.0.3-9.1.fc7.i386.rpm
0fc412956075fb5acc1107e172bf971633a3f77a mod_perl-2.0.3-9.1.fc7.i386.rpm
f8d459f22742520065b4ebca06482860251140ea mod_perl-devel-2.0.3-9.1.fc7.x86_64.rpm
b93ae78e83f79103652f91379f539dee48bab706 mod_perl-2.0.3-9.1.fc7.x86_64.rpm
9c270ea82f15c8645182922b16849bb20e6d115d mod_perl-debuginfo-2.0.3-9.1.fc7.x86_64.rpm
e2e7c9cefc95e99bbfba0025a650f415797e2409 mod_perl-devel-2.0.3-9.1.fc7.ppc.rpm
76e73103d890bea6b9311e803af7faca476a3870 mod_perl-2.0.3-9.1.fc7.ppc.rpm
1e4fa33cb6f167f2d75cd531833a9c78a2110150 mod_perl-debuginfo-2.0.3-9.1.fc7.ppc.rpm
4b3920fd6508b6f424c3c10fffca77f272e904a8 mod_perl-2.0.3-9.1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------