Issued:
2007-06-14
Updated:
2007-06-14

RHSA-2007:0395 - Security Advisory

Synopsis

Low: mod_perl security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated mod_perl packages that fix a security issue are now available for Red
Hat Enterprise Linux 3, 4, 5.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

Description

Mod_perl incorporates a Perl interpreter into the Apache web server,
so that the Apache web server can directly execute Perl code.

An issue was found in the "namespace_from_uri" method of the
ModPerl::RegistryCooker class. If a server implemented a mod_perl registry
module using this method, a remote attacker requesting a carefully crafted
URI can cause resource consumption, which could lead to a denial of service
(CVE-2007-1349).

Users of mod_perl should update to these erratum packages which contain a
backported fix to correct this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 240423 - CVE-2007-1349 mod_perl PerlRun denial of service

Red Hat Enterprise Linux Server 5

SRPM
mod_perl-2.0.2-6.3.el5.src.rpm SHA-256: 1eb84438397a201fa43e8c0993a64a3f4ad538e53df12639e17f9a08924b74c8
x86_64
mod_perl-2.0.2-6.3.el5.x86_64.rpm SHA-256: 7811e7834667f1115c7cec0eeffac69bdb991474a4b8f14b2ac329cd46359b67
mod_perl-devel-2.0.2-6.3.el5.i386.rpm SHA-256: b2e9ed7366bb29276467e344d5855771086fbb11715625c2c1d7f95fb6762a2e
mod_perl-devel-2.0.2-6.3.el5.x86_64.rpm SHA-256: 5c7e2f78ad3a7509eb25f0b142842f40ecc3fd75d27fde6b2b4b069af545132e
ia64
mod_perl-2.0.2-6.3.el5.ia64.rpm SHA-256: d963deb2a5574249bcbd73710b2a103d691fd1bc5b03252d98de85ade0bba9ce
mod_perl-devel-2.0.2-6.3.el5.ia64.rpm SHA-256: 6c89c46a4d6b156fa1f2f9084bd56804d7d48531f04626d0e684402721802a97
i386
mod_perl-2.0.2-6.3.el5.i386.rpm SHA-256: 7e427bace159b0ba9dc5d9296d8059c58fa01a1e241120f7b80b8179e1fd16da
mod_perl-devel-2.0.2-6.3.el5.i386.rpm SHA-256: b2e9ed7366bb29276467e344d5855771086fbb11715625c2c1d7f95fb6762a2e

Red Hat Enterprise Linux Server 4

SRPM
mod_perl-1.99_16-4.5.src.rpm SHA-256: d19c700bbcebe22d5e7d605262114e85cfe1a32b819fd77fdba387a14b68bd77
x86_64
mod_perl-1.99_16-4.5.x86_64.rpm SHA-256: 000d9c4651357ebf90ceff46abde42fb169c9e94baa34ee6778ad626791b3f96
mod_perl-1.99_16-4.5.x86_64.rpm SHA-256: 000d9c4651357ebf90ceff46abde42fb169c9e94baa34ee6778ad626791b3f96
mod_perl-devel-1.99_16-4.5.x86_64.rpm SHA-256: 84e138e510ba5dbf3878ba6db7cc17f6ced6922f6f9d61f775358c29d2f56f54
mod_perl-devel-1.99_16-4.5.x86_64.rpm SHA-256: 84e138e510ba5dbf3878ba6db7cc17f6ced6922f6f9d61f775358c29d2f56f54
ia64
mod_perl-1.99_16-4.5.ia64.rpm SHA-256: 0958c46407c2dedfd083f83f226c835242398048384feceeba67d5db806d3fdb
mod_perl-1.99_16-4.5.ia64.rpm SHA-256: 0958c46407c2dedfd083f83f226c835242398048384feceeba67d5db806d3fdb
mod_perl-devel-1.99_16-4.5.ia64.rpm SHA-256: 77ece6468bb969437b48a625baec8ac0c9b7267a61adb5f5e7b2b66422958b06
mod_perl-devel-1.99_16-4.5.ia64.rpm SHA-256: 77ece6468bb969437b48a625baec8ac0c9b7267a61adb5f5e7b2b66422958b06
i386
mod_perl-1.99_16-4.5.i386.rpm SHA-256: 0aedab56bc6e7572395dfa47d1a1169676f5e01deca49c3cea57546dc0f8910f
mod_perl-1.99_16-4.5.i386.rpm SHA-256: 0aedab56bc6e7572395dfa47d1a1169676f5e01deca49c3cea57546dc0f8910f
mod_perl-devel-1.99_16-4.5.i386.rpm SHA-256: 81eb702cf185e7e3cd814dc4e7eb1f6022e48e1f2d8dff8422b2323e0a641215
mod_perl-devel-1.99_16-4.5.i386.rpm SHA-256: 81eb702cf185e7e3cd814dc4e7eb1f6022e48e1f2d8dff8422b2323e0a641215

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
mod_perl-1.99_16-4.5.src.rpm SHA-256: d19c700bbcebe22d5e7d605262114e85cfe1a32b819fd77fdba387a14b68bd77
x86_64
mod_perl-1.99_16-4.5.x86_64.rpm SHA-256: 000d9c4651357ebf90ceff46abde42fb169c9e94baa34ee6778ad626791b3f96
mod_perl-1.99_16-4.5.x86_64.rpm SHA-256: 000d9c4651357ebf90ceff46abde42fb169c9e94baa34ee6778ad626791b3f96
mod_perl-devel-1.99_16-4.5.x86_64.rpm SHA-256: 84e138e510ba5dbf3878ba6db7cc17f6ced6922f6f9d61f775358c29d2f56f54
mod_perl-devel-1.99_16-4.5.x86_64.rpm SHA-256: 84e138e510ba5dbf3878ba6db7cc17f6ced6922f6f9d61f775358c29d2f56f54
ia64
mod_perl-1.99_16-4.5.ia64.rpm SHA-256: 0958c46407c2dedfd083f83f226c835242398048384feceeba67d5db806d3fdb
mod_perl-1.99_16-4.5.ia64.rpm SHA-256: 0958c46407c2dedfd083f83f226c835242398048384feceeba67d5db806d3fdb
mod_perl-devel-1.99_16-4.5.ia64.rpm SHA-256: 77ece6468bb969437b48a625baec8ac0c9b7267a61adb5f5e7b2b66422958b06
mod_perl-devel-1.99_16-4.5.ia64.rpm SHA-256: 77ece6468bb969437b48a625baec8ac0c9b7267a61adb5f5e7b2b66422958b06
i386
mod_perl-1.99_16-4.5.i386.rpm SHA-256: 0aedab56bc6e7572395dfa47d1a1169676f5e01deca49c3cea57546dc0f8910f
mod_perl-1.99_16-4.5.i386.rpm SHA-256: 0aedab56bc6e7572395dfa47d1a1169676f5e01deca49c3cea57546dc0f8910f
mod_perl-devel-1.99_16-4.5.i386.rpm SHA-256: 81eb702cf185e7e3cd814dc4e7eb1f6022e48e1f2d8dff8422b2323e0a641215
mod_perl-devel-1.99_16-4.5.i386.rpm SHA-256: 81eb702cf185e7e3cd814dc4e7eb1f6022e48e1f2d8dff8422b2323e0a641215

Red Hat Enterprise Linux Workstation 5

SRPM
mod_perl-2.0.2-6.3.el5.src.rpm SHA-256: 1eb84438397a201fa43e8c0993a64a3f4ad538e53df12639e17f9a08924b74c8
x86_64
mod_perl-2.0.2-6.3.el5.x86_64.rpm SHA-256: 7811e7834667f1115c7cec0eeffac69bdb991474a4b8f14b2ac329cd46359b67
mod_perl-devel-2.0.2-6.3.el5.i386.rpm SHA-256: b2e9ed7366bb29276467e344d5855771086fbb11715625c2c1d7f95fb6762a2e
mod_perl-devel-2.0.2-6.3.el5.x86_64.rpm SHA-256: 5c7e2f78ad3a7509eb25f0b142842f40ecc3fd75d27fde6b2b4b069af545132e
i386
mod_perl-2.0.2-6.3.el5.i386.rpm SHA-256: 7e427bace159b0ba9dc5d9296d8059c58fa01a1e241120f7b80b8179e1fd16da
mod_perl-devel-2.0.2-6.3.el5.i386.rpm SHA-256: b2e9ed7366bb29276467e344d5855771086fbb11715625c2c1d7f95fb6762a2e

Red Hat Enterprise Linux Workstation 4

SRPM
mod_perl-1.99_16-4.5.src.rpm SHA-256: d19c700bbcebe22d5e7d605262114e85cfe1a32b819fd77fdba387a14b68bd77
x86_64
mod_perl-1.99_16-4.5.x86_64.rpm SHA-256: 000d9c4651357ebf90ceff46abde42fb169c9e94baa34ee6778ad626791b3f96
mod_perl-devel-1.99_16-4.5.x86_64.rpm SHA-256: 84e138e510ba5dbf3878ba6db7cc17f6ced6922f6f9d61f775358c29d2f56f54
ia64
mod_perl-1.99_16-4.5.ia64.rpm SHA-256: 0958c46407c2dedfd083f83f226c835242398048384feceeba67d5db806d3fdb
mod_perl-devel-1.99_16-4.5.ia64.rpm SHA-256: 77ece6468bb969437b48a625baec8ac0c9b7267a61adb5f5e7b2b66422958b06
i386
mod_perl-1.99_16-4.5.i386.rpm SHA-256: 0aedab56bc6e7572395dfa47d1a1169676f5e01deca49c3cea57546dc0f8910f
mod_perl-devel-1.99_16-4.5.i386.rpm SHA-256: 81eb702cf185e7e3cd814dc4e7eb1f6022e48e1f2d8dff8422b2323e0a641215

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
mod_perl-1.99_16-4.5.src.rpm SHA-256: d19c700bbcebe22d5e7d605262114e85cfe1a32b819fd77fdba387a14b68bd77
x86_64
mod_perl-1.99_16-4.5.x86_64.rpm SHA-256: 000d9c4651357ebf90ceff46abde42fb169c9e94baa34ee6778ad626791b3f96
mod_perl-devel-1.99_16-4.5.x86_64.rpm SHA-256: 84e138e510ba5dbf3878ba6db7cc17f6ced6922f6f9d61f775358c29d2f56f54
i386
mod_perl-1.99_16-4.5.i386.rpm SHA-256: 0aedab56bc6e7572395dfa47d1a1169676f5e01deca49c3cea57546dc0f8910f
mod_perl-devel-1.99_16-4.5.i386.rpm SHA-256: 81eb702cf185e7e3cd814dc4e7eb1f6022e48e1f2d8dff8422b2323e0a641215

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
mod_perl-2.0.2-6.3.el5.src.rpm SHA-256: 1eb84438397a201fa43e8c0993a64a3f4ad538e53df12639e17f9a08924b74c8
s390x
mod_perl-2.0.2-6.3.el5.s390x.rpm SHA-256: a4aacc8be043e6619bb767a8366676e741e7fd223a020eb6c2aec72ef514dd36
mod_perl-devel-2.0.2-6.3.el5.s390.rpm SHA-256: 5efafa3da1b20d26da03dc6aa60ba68de67ab298b8c99edeeb9389f955c2b025
mod_perl-devel-2.0.2-6.3.el5.s390x.rpm SHA-256: c6138fff02374430de9442a9df1a66729460f5b7925a256e5908f05678ad3eb1

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
mod_perl-1.99_16-4.5.src.rpm SHA-256: d19c700bbcebe22d5e7d605262114e85cfe1a32b819fd77fdba387a14b68bd77
s390x
mod_perl-1.99_16-4.5.s390x.rpm SHA-256: 5a9508a58af6e32223d9f511b30184831dfe02ad29b67cb769ac6c9dfc87324f
mod_perl-devel-1.99_16-4.5.s390x.rpm SHA-256: 859c048a6ce7fe1798ffb53a1fba7297a35dc9382d199737b8763c3c76f03f0e
s390
mod_perl-1.99_16-4.5.s390.rpm SHA-256: 4fbe01fb310d3fd08c681b73954ecf11d02a15e165cb2818576d17a51ebb6ded
mod_perl-devel-1.99_16-4.5.s390.rpm SHA-256: 046c1153b625f32d0831a46f628ea7e234d2dc0108a17e2da4f1bc714f4ab613

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
mod_perl-1.99_16-4.5.src.rpm SHA-256: d19c700bbcebe22d5e7d605262114e85cfe1a32b819fd77fdba387a14b68bd77
s390x
mod_perl-1.99_16-4.5.s390x.rpm SHA-256: 5a9508a58af6e32223d9f511b30184831dfe02ad29b67cb769ac6c9dfc87324f
mod_perl-devel-1.99_16-4.5.s390x.rpm SHA-256: 859c048a6ce7fe1798ffb53a1fba7297a35dc9382d199737b8763c3c76f03f0e
s390
mod_perl-1.99_16-4.5.s390.rpm SHA-256: 4fbe01fb310d3fd08c681b73954ecf11d02a15e165cb2818576d17a51ebb6ded
mod_perl-devel-1.99_16-4.5.s390.rpm SHA-256: 046c1153b625f32d0831a46f628ea7e234d2dc0108a17e2da4f1bc714f4ab613

Red Hat Enterprise Linux for Power, big endian 5

SRPM
mod_perl-2.0.2-6.3.el5.src.rpm SHA-256: 1eb84438397a201fa43e8c0993a64a3f4ad538e53df12639e17f9a08924b74c8
ppc
mod_perl-2.0.2-6.3.el5.ppc.rpm SHA-256: 64aaa31f2170e10bd6f607d11e7b88fcd5cb325976cea58ddb8a2db3b159bed7
mod_perl-devel-2.0.2-6.3.el5.ppc.rpm SHA-256: 29e036613c04b0ce7ec52a787f0bad64cca5d1c92b0bb78b78da25e329f8d7af
mod_perl-devel-2.0.2-6.3.el5.ppc64.rpm SHA-256: 0d9a4ffb1d7a2e7189ded4289c74bfc6e3e17f248599629e808e71687a323639

Red Hat Enterprise Linux for Power, big endian 4

SRPM
mod_perl-1.99_16-4.5.src.rpm SHA-256: d19c700bbcebe22d5e7d605262114e85cfe1a32b819fd77fdba387a14b68bd77
ppc
mod_perl-1.99_16-4.5.ppc.rpm SHA-256: 45f6d1a10a1276e623e8943b58330ca7f8fc17e0dbdda31930746a16439d5d02
mod_perl-devel-1.99_16-4.5.ppc.rpm SHA-256: 9444b4337ae573d1bec464f8f53b2f08deaa4f698203b0287f78a1b5dfb65eff

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
mod_perl-1.99_16-4.5.src.rpm SHA-256: d19c700bbcebe22d5e7d605262114e85cfe1a32b819fd77fdba387a14b68bd77
ppc
mod_perl-1.99_16-4.5.ppc.rpm SHA-256: 45f6d1a10a1276e623e8943b58330ca7f8fc17e0dbdda31930746a16439d5d02
mod_perl-devel-1.99_16-4.5.ppc.rpm SHA-256: 9444b4337ae573d1bec464f8f53b2f08deaa4f698203b0287f78a1b5dfb65eff

Red Hat Enterprise Linux Server from RHUI 5

SRPM
mod_perl-2.0.2-6.3.el5.src.rpm SHA-256: 1eb84438397a201fa43e8c0993a64a3f4ad538e53df12639e17f9a08924b74c8
x86_64
mod_perl-2.0.2-6.3.el5.x86_64.rpm SHA-256: 7811e7834667f1115c7cec0eeffac69bdb991474a4b8f14b2ac329cd46359b67
mod_perl-devel-2.0.2-6.3.el5.i386.rpm SHA-256: b2e9ed7366bb29276467e344d5855771086fbb11715625c2c1d7f95fb6762a2e
mod_perl-devel-2.0.2-6.3.el5.x86_64.rpm SHA-256: 5c7e2f78ad3a7509eb25f0b142842f40ecc3fd75d27fde6b2b4b069af545132e
i386
mod_perl-2.0.2-6.3.el5.i386.rpm SHA-256: 7e427bace159b0ba9dc5d9296d8059c58fa01a1e241120f7b80b8179e1fd16da
mod_perl-devel-2.0.2-6.3.el5.i386.rpm SHA-256: b2e9ed7366bb29276467e344d5855771086fbb11715625c2c1d7f95fb6762a2e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.