[SECURITY] Fedora Core 6 Update: mod_perl-2.0.2-6.2.fc6

Joe Orton jorton at redhat.com
Mon Jun 11 19:54:38 UTC 2007


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-577
2007-06-11
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : mod_perl
Version     : 2.0.2
Release     : 6.2.fc6
Summary     : An embedded Perl interpreter for the Apache Web server
Description :
Mod_perl incorporates a Perl interpreter into the Apache web server,
so that the Apache web server can directly execute Perl code.
Mod_perl links the Perl runtime library into the Apache web server and
provides an object-oriented Perl interface for Apache's C language
API.  The end result is a quicker CGI script turnaround process, since
no external Perl interpreter has to be started.

Install mod_perl if you're installing the Apache web server and you'd
like for it to directly incorporate a Perl interpreter.

---------------------------------------------------------------------
Update Information:

This update fixes a security issue in mod_perl.

An issue was found in the "namespace_from_uri" method of the
ModPerl::RegistryCooker class. If a server implemented a
mod_perl registry module using this method, a remote
attacker requesting a carefully crafted URI can cause
resource consumption, which could lead to a denial of
service. (CVE-2007-1349)
---------------------------------------------------------------------
* Fri Jun  8 2007 Joe Orton <jorton at redhat.com> 2.0.2-6.2.fc6
- add security fix for CVE-2007-1349
- drop perl(warnings) provide (#228429) 
- drop perl(HTTP::Request::Common) provide

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

726732fb01a6655909531d653ec3cadf2ae91ff3  SRPMS/mod_perl-2.0.2-6.2.fc6.src.rpm
726732fb01a6655909531d653ec3cadf2ae91ff3  noarch/mod_perl-2.0.2-6.2.fc6.src.rpm
8ba00317fe32992136092a2a03539b7acb918fdd  ppc/debug/mod_perl-debuginfo-2.0.2-6.2.fc6.ppc.rpm
e9fc6775d76b455913d57154cb96b0d26cc7607a  ppc/mod_perl-devel-2.0.2-6.2.fc6.ppc.rpm
d8a81079b6728b5c287e2769e2cf12b66747354b  ppc/mod_perl-2.0.2-6.2.fc6.ppc.rpm
381912d7bfbe8256291b9991e1c138bef58eda54  x86_64/debug/mod_perl-debuginfo-2.0.2-6.2.fc6.x86_64.rpm
0442e64862ab200033d864faecc941db5361c069  x86_64/mod_perl-devel-2.0.2-6.2.fc6.x86_64.rpm
4bb05ea6885ef3b2f7788519194e2683578cb684  x86_64/mod_perl-2.0.2-6.2.fc6.x86_64.rpm
d5a9e1eb6535d36e60cc2880417ec5e00ea55b6c  i386/mod_perl-2.0.2-6.2.fc6.i386.rpm
3144ff4ecc48d2c83ec2e95fff3b3c245ccd53c0  i386/mod_perl-devel-2.0.2-6.2.fc6.i386.rpm
f59ed6e434be1ff6c5c081fa41f7f2ce92a383ca  i386/debug/mod_perl-debuginfo-2.0.2-6.2.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------




More information about the Fedora-package-announce mailing list