Fedora Legacy Test Update Notification: mod_auth_pgsql
Marc Deslauriers
marcdeslauriers at videotron.ca
Thu Jan 19 23:46:47 UTC 2006
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-177326
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177326
2006-01-19
---------------------------------------------------------------------
Name : mod_auth_pgsql
Versions : fc1: mod_auth_pgsql-2.0.1-3.1.legacy
Versions : fc2: mod_auth_pgsql-2.0.1-4.2.legacy
Summary : Basic authentication for the Apache Web server using
a PostgreSQL database.
Description :
Mod_auth_pgsql can be used to limit access to documents served by a
Web server by checking fields in a table in a PostgresQL database.
---------------------------------------------------------------------
Update Information:
An updated mod_auth_pgsql package that fixes a format string flaw is now
available.
The mod_auth_pgsql package is an httpd module that allows user
authentication against information stored in a PostgreSQL database.
Several format string flaws were found in the way mod_auth_pgsql logs
information. It may be possible for a remote attacker to execute
arbitrary code as the 'apache' user if mod_auth_pgsql is used for user
authentication. The Common Vulnerabilities and Exposures project
assigned the name CVE-2005-3656 to this issue.
Please note that this issue only affects servers which have
mod_auth_pgsql installed and configured to perform user authentication
against a PostgreSQL database.
All users of mod_auth_pgsql should upgrade to these updated packages,
which contain a backported patch to resolve this issue.
---------------------------------------------------------------------
Changelogs
fc1:
* Sun Jan 15 2006 David Eisenstein <deisenst at gtw.net> 2.0.1-3.1.legacy
- The following fixes lifted wholesale from FC3's .src.rpm, (Legacy Bug
#177326). Changes by Joe Orton of RedHat:
* add security fix for CVE-2005-3656
* don't strip .so file so debuginfo works
* fix r->user handling (Mirko Streckenbach, #150087)
* merge from Taroon (RHEL 3):
- don't re-use database connections (#115496)
- make functions static
- downgrade "not configured" log message from warning to debug
fc2:
* Sun Jan 15 2006 David Eisenstein <deisenst at gtw.net> 2.0.1-4.2.legacy
- Rebuilt for FC2
* Sun Jan 15 2006 David Eisenstein <deisenst at gtw.net> 2.0.1-3.1.legacy
- The following fixes lifted wholesale from FC3's .src.rpm, (Legacy Bug
#177326). Changes by Joe Orton of RedHat:
* add security fix for CVE-2005-3656
* don't strip .so file so debuginfo works
* fix r->user handling (Mirko Streckenbach, #150087)
* merge from Taroon (RHEL 3):
- don't re-use database connections (#115496)
- make functions static
- downgrade "not configured" log message from warning to debug
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
e6ce19c8be5f4638e2050437c4529b0d4a0f5e1f
fedora/1/updates-testing/i386/mod_auth_pgsql-2.0.1-3.1.legacy.i386.rpm
119b3b6045eaa3b175ebe3d613daca8e9c81b35c
fedora/1/updates-testing/SRPMS/mod_auth_pgsql-2.0.1-3.1.legacy.src.rpm
8f9c2503b417db84b73483e6daca445c4789e4e4
fedora/2/updates-testing/i386/mod_auth_pgsql-2.0.1-4.2.legacy.i386.rpm
52aabaff10fb0f862e1b96199facb7da046e94dc
fedora/2/updates-testing/SRPMS/mod_auth_pgsql-2.0.1-4.2.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060119/d9e197f4/attachment.sig>
More information about the fedora-legacy-list
mailing list