--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-177326 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177326 2006-01-19 ---------------------------------------------------------------------
Name : mod_auth_pgsql
Versions : fc1: mod_auth_pgsql-2.0.1-3.1.legacy
Versions : fc2: mod_auth_pgsql-2.0.1-4.2.legacy
Summary : Basic authentication for the Apache Web server using
a PostgreSQL database.
Description :
Mod_auth_pgsql can be used to limit access to documents served by a
Web server by checking fields in a table in a PostgresQL database.
---------------------------------------------------------------------
Update Information:
An updated mod_auth_pgsql package that fixes a format string flaw is now
available.
The mod_auth_pgsql package is an httpd module that allows user
authentication against information stored in a PostgreSQL database.
Several format string flaws were found in the way mod_auth_pgsql logs
information. It may be possible for a remote attacker to execute
arbitrary code as the 'apache' user if mod_auth_pgsql is used for user
authentication. The Common Vulnerabilities and Exposures project
assigned the name CVE-2005-3656 to this issue.
Please note that this issue only affects servers which have
mod_auth_pgsql installed and configured to perform user authentication
against a PostgreSQL database.
All users of mod_auth_pgsql should upgrade to these updated packages,
which contain a backported patch to resolve this issue.
---------------------------------------------------------------------
Changelogs
fc1:
* Sun Jan 15 2006 David Eisenstein <deisenst at gtw.net> 2.0.1-3.1.legacy
- The following fixes lifted wholesale from FC3's .src.rpm, (Legacy Bug
#177326). Changes by Joe Orton of RedHat:
* add security fix for CVE-2005-3656
* don't strip .so file so debuginfo works
* fix r->user handling (Mirko Streckenbach, #150087)
* merge from Taroon (RHEL 3):
- don't re-use database connections (#115496)
- make functions static
- downgrade "not configured" log message from warning to debug
fc2:
* Sun Jan 15 2006 David Eisenstein <deisenst at gtw.net> 2.0.1-4.2.legacy
- Rebuilt for FC2
* Sun Jan 15 2006 David Eisenstein <deisenst at gtw.net> 2.0.1-3.1.legacy
- The following fixes lifted wholesale from FC3's .src.rpm, (Legacy Bug
#177326). Changes by Joe Orton of RedHat:
* add security fix for CVE-2005-3656
* don't strip .so file so debuginfo works
* fix r->user handling (Mirko Streckenbach, #150087)
* merge from Taroon (RHEL 3):
- don't re-use database connections (#115496)
- make functions static
- downgrade "not configured" log message from warning to debug
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
e6ce19c8be5f4638e2050437c4529b0d4a0f5e1f
fedora/1/updates-testing/i386/mod_auth_pgsql-2.0.1-3.1.legacy.i386.rpm
119b3b6045eaa3b175ebe3d613daca8e9c81b35c
fedora/1/updates-testing/SRPMS/mod_auth_pgsql-2.0.1-3.1.legacy.src.rpm
8f9c2503b417db84b73483e6daca445c4789e4e4
fedora/2/updates-testing/i386/mod_auth_pgsql-2.0.1-4.2.legacy.i386.rpm
52aabaff10fb0f862e1b96199facb7da046e94dc
fedora/2/updates-testing/SRPMS/mod_auth_pgsql-2.0.1-4.2.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-legacy-list
