Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora Core 5: 2007-576 Critical: mod_perl Denial of Service

fedora
Calendar Grey June 11, 2007
Dist Fedora Esm H88
Patch released for Fedora Core 5 to mitigate a serious vulnerability in mod_perl, aimed at preventing potential denial of service attacks.
This update fixes a security issue in mod_perl. An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class

Summary

Mod_perl incorporates a Perl interpreter into the Apache web server,

so that the Apache web server can directly execute Perl code.

Mod_perl links the Perl runtime library into the Apache web server and

provides an object-oriented Perl interface for Apache's C language

API. The end result is a quicker CGI script turnaround process, since

no external Perl interpreter has to be started.

Install mod_perl if you're installing the Apache web server and you'd

like for it to directly incorporate a Perl interpreter.

This update fixes a security issue in mod_perl.

An issue was found in the "namespace_from_uri" method of the

ModPerl::RegistryCooker class. If a server implemented a

mod_perl registry module using this method, a remote

attacker requesting a carefully crafted URI can cause

resource consumption, which could lead to a denial of

service. (CVE-2007-1349)

- add security fix for CVE-2007-1349

- drop perl(warnings) provide (#228429)

- drop perl(HTTP::Request::Common) provide

1b92c1ea6bd0f91f41ec010ecb55804c551afd74 SRPMS/mod_perl-2.0.2-5.2.fc5.src.rpm

1b92c1ea6bd0f91f41ec010ecb55804c551afd74 noarch/mod_perl-2.0.2-5.2.fc5.src.rpm

c29bde551de3e22168d7ec13270632980ab35db7 ppc/debug/mod_perl-debuginfo-2.0.2-5.2.fc5.ppc.rpm

f66643fd198d576dec55ed72617b019a171ab1f6 ppc/mod_perl-devel-2.0.2-5.2.fc5.ppc.rpm

56dba75ca6a4f68116c9803e21996b7e3c7e4a9a ppc/mod_perl-2.0.2-5.2.fc5.ppc.rpm

9bf9a6e3ee0e700da174cca618e30ac84b5ec4e2 x86_64/mod_perl-devel-2.0.2-5.2.fc5.x86_64.rpm

b3ab3711356698f8aa9d626c25f78edbe0d3190a x86_64/mod_perl-2.0.2-5.2.fc5.x86_64.rpm

b3801f05e3ec4e061b5ac70ecf958fbdfd61fbeb x86_64/debug/mod_perl-debuginfo-2.0.2-5.2.fc5.x86_64.rpm

d59cb0f72b48b7e5a28e4ad4d6d7469aed05d12c i386/mod_perl-devel-2.0.2-5.2.fc5.i386.rpm

4fd5523eee7cfea55321c6630be82e9bce971b88 i386/debug/mod_perl-debuginfo-2.0.2-5.2.fc5.i386.rpm

d41ac0744c6a69d7266accd3a6336d9861bebd4b i386/mod_perl-2.0.2-5.2.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory critical issue Fedora service outage mod_perl

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mod_perl
Version: 2.0.2
Release: 5.2.fc5
Summary: An embedded Perl interpreter for the Apache Web server

Topics%20covered

Topics Covered

security advisory critical issue Fedora service outage mod_perl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here