Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service. This issue is caused by an error in mod_perl. For additional information, see : VUPEN/ADV-2007-1150

Affected Products

Fedora Core 5
Fedora Core 6
Fedora 7

Solution

Upgrade the affected packages :

2d37b56479c23e1b5723f5f120a7d765970e64df mod_perl-2.0.3-9.1.fc7.ppc64.rpm
d78b17bda075bfcce69e69aca7f41acd59b31db6 mod_perl-devel-2.0.3-9.1.fc7.ppc64.rpm
a7d300a16e9142ef02ed3ab9b7cbce74d183c512 mod_perl-debuginfo-2.0.3-9.1.fc7.ppc64.rpm
7ea4a7a440ef6eb7a1bf80ae0c2e9af36e25ecc7 mod_perl-devel-2.0.3-9.1.fc7.i386.rpm
9a276ec845ac2d4734f0938e3514bdbf3b9ad0d1 mod_perl-debuginfo-2.0.3-9.1.fc7.i386.rpm
0fc412956075fb5acc1107e172bf971633a3f77a mod_perl-2.0.3-9.1.fc7.i386.rpm
f8d459f22742520065b4ebca06482860251140ea mod_perl-devel-2.0.3-9.1.fc7.x86_64.rpm
b93ae78e83f79103652f91379f539dee48bab706 mod_perl-2.0.3-9.1.fc7.x86_64.rpm
9c270ea82f15c8645182922b16849bb20e6d115d mod_perl-debuginfo-2.0.3-9.1.fc7.x86_64.rpm
e2e7c9cefc95e99bbfba0025a650f415797e2409 mod_perl-devel-2.0.3-9.1.fc7.ppc.rpm
76e73103d890bea6b9311e803af7faca476a3870 mod_perl-2.0.3-9.1.fc7.ppc.rpm
1e4fa33cb6f167f2d75cd531833a9c78a2110150 mod_perl-debuginfo-2.0.3-9.1.fc7.ppc.rpm
4b3920fd6508b6f424c3c10fffca77f272e904a8 mod_perl-2.0.3-9.1.fc7.src.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

1b92c1ea6bd0f91f41ec010ecb55804c551afd74 SRPMS/mod_perl-2.0.2-5.2.fc5.src.rpm
1b92c1ea6bd0f91f41ec010ecb55804c551afd74 noarch/mod_perl-2.0.2-5.2.fc5.src.rpm
c29bde551de3e22168d7ec13270632980ab35db7 ppc/debug/mod_perl-debuginfo-2.0.2-5.2.fc5.ppc.rpm
f66643fd198d576dec55ed72617b019a171ab1f6 ppc/mod_perl-devel-2.0.2-5.2.fc5.ppc.rpm
56dba75ca6a4f68116c9803e21996b7e3c7e4a9a ppc/mod_perl-2.0.2-5.2.fc5.ppc.rpm
9bf9a6e3ee0e700da174cca618e30ac84b5ec4e2 x86_64/mod_perl-devel-2.0.2-5.2.fc5.x86_64.rpm
b3ab3711356698f8aa9d626c25f78edbe0d3190a x86_64/mod_perl-2.0.2-5.2.fc5.x86_64.rpm
b3801f05e3ec4e061b5ac70ecf958fbdfd61fbeb x86_64/debug/mod_perl-debuginfo-2.0.2-5.2.fc5.x86_64.rpm
d59cb0f72b48b7e5a28e4ad4d6d7469aed05d12c i386/mod_perl-devel-2.0.2-5.2.fc5.i386.rpm
4fd5523eee7cfea55321c6630be82e9bce971b88 i386/debug/mod_perl-debuginfo-2.0.2-5.2.fc5.i386.rpm
d41ac0744c6a69d7266accd3a6336d9861bebd4b i386/mod_perl-2.0.2-5.2.fc5.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

726732fb01a6655909531d653ec3cadf2ae91ff3 SRPMS/mod_perl-2.0.2-6.2.fc6.src.rpm
726732fb01a6655909531d653ec3cadf2ae91ff3 noarch/mod_perl-2.0.2-6.2.fc6.src.rpm
8ba00317fe32992136092a2a03539b7acb918fdd ppc/debug/mod_perl-debuginfo-2.0.2-6.2.fc6.ppc.rpm
e9fc6775d76b455913d57154cb96b0d26cc7607a ppc/mod_perl-devel-2.0.2-6.2.fc6.ppc.rpm
d8a81079b6728b5c287e2769e2cf12b66747354b ppc/mod_perl-2.0.2-6.2.fc6.ppc.rpm
381912d7bfbe8256291b9991e1c138bef58eda54 x86_64/debug/mod_perl-debuginfo-2.0.2-6.2.fc6.x86_64.rpm
0442e64862ab200033d864faecc941db5361c069 x86_64/mod_perl-devel-2.0.2-6.2.fc6.x86_64.rpm
4bb05ea6885ef3b2f7788519194e2683578cb684 x86_64/mod_perl-2.0.2-6.2.fc6.x86_64.rpm
d5a9e1eb6535d36e60cc2880417ec5e00ea55b6c i386/mod_perl-2.0.2-6.2.fc6.i386.rpm
3144ff4ecc48d2c83ec2e95fff3b3c245ccd53c0 i386/mod_perl-devel-2.0.2-6.2.fc6.i386.rpm
f59ed6e434be1ff6c5c081fa41f7f2ce92a383ca i386/debug/mod_perl-debuginfo-2.0.2-6.2.fc6.i386.rpm

References

http://www.vupen.com/english/advisories/2007/2116
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00135.html
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00152.html
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00153.html

ChangeLog

2007-06-11 : Initial release
2007-06-12 : Updated Solution

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.