[SECURITY] Fedora Core 5 Update: mod_perl-2.0.2-5.2.fc5

Joe Orton jorton at redhat.com
Mon Jun 11 19:54:08 UTC 2007 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-576
2007-06-11
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : mod_perl
Version     : 2.0.2
Release     : 5.2.fc5
Summary     : An embedded Perl interpreter for the Apache Web server
Description :
Mod_perl incorporates a Perl interpreter into the Apache web server,
so that the Apache web server can directly execute Perl code.
Mod_perl links the Perl runtime library into the Apache web server and
provides an object-oriented Perl interface for Apache's C language
API.  The end result is a quicker CGI script turnaround process, since
no external Perl interpreter has to be started.

Install mod_perl if you're installing the Apache web server and you'd
like for it to directly incorporate a Perl interpreter.

---------------------------------------------------------------------
Update Information:

This update fixes a security issue in mod_perl.

An issue was found in the "namespace_from_uri" method of the
ModPerl::RegistryCooker class. If a server implemented a
mod_perl registry module using this method, a remote
attacker requesting a carefully crafted URI can cause
resource consumption, which could lead to a denial of
service. (CVE-2007-1349)
---------------------------------------------------------------------
* Fri Jun  8 2007 Joe Orton <jorton at redhat.com> 2.0.2-5.2.fc5
- add security fix for CVE-2007-1349
- drop perl(warnings) provide (#228429) 
- drop perl(HTTP::Request::Common) provide

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

1b92c1ea6bd0f91f41ec010ecb55804c551afd74  SRPMS/mod_perl-2.0.2-5.2.fc5.src.rpm
1b92c1ea6bd0f91f41ec010ecb55804c551afd74  noarch/mod_perl-2.0.2-5.2.fc5.src.rpm
c29bde551de3e22168d7ec13270632980ab35db7  ppc/debug/mod_perl-debuginfo-2.0.2-5.2.fc5.ppc.rpm
f66643fd198d576dec55ed72617b019a171ab1f6  ppc/mod_perl-devel-2.0.2-5.2.fc5.ppc.rpm
56dba75ca6a4f68116c9803e21996b7e3c7e4a9a  ppc/mod_perl-2.0.2-5.2.fc5.ppc.rpm
9bf9a6e3ee0e700da174cca618e30ac84b5ec4e2  x86_64/mod_perl-devel-2.0.2-5.2.fc5.x86_64.rpm
b3ab3711356698f8aa9d626c25f78edbe0d3190a  x86_64/mod_perl-2.0.2-5.2.fc5.x86_64.rpm
b3801f05e3ec4e061b5ac70ecf958fbdfd61fbeb  x86_64/debug/mod_perl-debuginfo-2.0.2-5.2.fc5.x86_64.rpm
d59cb0f72b48b7e5a28e4ad4d6d7469aed05d12c  i386/mod_perl-devel-2.0.2-5.2.fc5.i386.rpm
4fd5523eee7cfea55321c6630be82e9bce971b88  i386/debug/mod_perl-debuginfo-2.0.2-5.2.fc5.i386.rpm
d41ac0744c6a69d7266accd3a6336d9861bebd4b  i386/mod_perl-2.0.2-5.2.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

More information about the package-announce mailing list