Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Fedora Core 6: 2007-577 Critical: mod_perl DoS Risk Fix

fedora
Calendar Grey June 11, 2007
Dist Fedora Esm H88
Addresses vulnerability in mod_perl, mitigating denial of service caused by specially designed URI for users on Fedora Core 6.
This update fixes a security issue in mod_perl. An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class

Summary

Mod_perl incorporates a Perl interpreter into the Apache web server,

so that the Apache web server can directly execute Perl code.

Mod_perl links the Perl runtime library into the Apache web server and

provides an object-oriented Perl interface for Apache's C language

API. The end result is a quicker CGI script turnaround process, since

no external Perl interpreter has to be started.

Install mod_perl if you're installing the Apache web server and you'd

like for it to directly incorporate a Perl interpreter.

This update fixes a security issue in mod_perl.

An issue was found in the "namespace_from_uri" method of the

ModPerl::RegistryCooker class. If a server implemented a

mod_perl registry module using this method, a remote

attacker requesting a carefully crafted URI can cause

resource consumption, which could lead to a denial of

service. (CVE-2007-1349)

- add security fix for CVE-2007-1349

- drop perl(warnings) provide (#228429)

- drop perl(HTTP::Request::Common) provide

726732fb01a6655909531d653ec3cadf2ae91ff3 SRPMS/mod_perl-2.0.2-6.2.fc6.src.rpm

726732fb01a6655909531d653ec3cadf2ae91ff3 noarch/mod_perl-2.0.2-6.2.fc6.src.rpm

8ba00317fe32992136092a2a03539b7acb918fdd ppc/debug/mod_perl-debuginfo-2.0.2-6.2.fc6.ppc.rpm

e9fc6775d76b455913d57154cb96b0d26cc7607a ppc/mod_perl-devel-2.0.2-6.2.fc6.ppc.rpm

d8a81079b6728b5c287e2769e2cf12b66747354b ppc/mod_perl-2.0.2-6.2.fc6.ppc.rpm

381912d7bfbe8256291b9991e1c138bef58eda54 x86_64/debug/mod_perl-debuginfo-2.0.2-6.2.fc6.x86_64.rpm

0442e64862ab200033d864faecc941db5361c069 x86_64/mod_perl-devel-2.0.2-6.2.fc6.x86_64.rpm

4bb05ea6885ef3b2f7788519194e2683578cb684 x86_64/mod_perl-2.0.2-6.2.fc6.x86_64.rpm

d5a9e1eb6535d36e60cc2880417ec5e00ea55b6c i386/mod_perl-2.0.2-6.2.fc6.i386.rpm

3144ff4ecc48d2c83ec2e95fff3b3c245ccd53c0 i386/mod_perl-devel-2.0.2-6.2.fc6.i386.rpm

f59ed6e434be1ff6c5c081fa41f7f2ce92a383ca i386/debug/mod_perl-debuginfo-2.0.2-6.2.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mod_perl
Version: 2.0.2
Release: 6.2.fc6
Summary: An embedded Perl interpreter for the Apache Web server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.