Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0689-1

Опубликовано: 11 сент. 2014
Источник: suse-cvrf

Описание

Recommended update for apache2

This update for the Apache Web Server introduces directives to control two protocol options:

* HttpContentLengthHeadZero: Allow responses to HEAD request with Content-Length of 0 * HttpExpectStrict: Allow the administrator to control whether clients must send '100-continue'

MODULE_MAGIC_NUMBER_MINOR has been increased to 24, as this change is not forward-compatible. Modules built against this release might not work correctly with older releases of the Apache Web Server.

Список пакетов

SUSE Linux Enterprise Server 11 SP3
apache2-2.2.12-1.50.1
apache2-doc-2.2.12-1.50.1
apache2-example-pages-2.2.12-1.50.1
apache2-prefork-2.2.12-1.50.1
apache2-utils-2.2.12-1.50.1
apache2-worker-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
apache2-2.2.12-1.50.1
apache2-doc-2.2.12-1.50.1
apache2-example-pages-2.2.12-1.50.1
apache2-prefork-2.2.12-1.50.1
apache2-utils-2.2.12-1.50.1
apache2-worker-2.2.12-1.50.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
apache2-2.2.12-1.50.1
apache2-doc-2.2.12-1.50.1
apache2-example-pages-2.2.12-1.50.1
apache2-prefork-2.2.12-1.50.1
apache2-utils-2.2.12-1.50.1
apache2-worker-2.2.12-1.50.1
SUSE Linux Enterprise Software Development Kit 11 SP3
apache2-2.2.12-1.50.1
apache2-devel-2.2.12-1.50.1
apache2-doc-2.2.12-1.50.1
apache2-example-pages-2.2.12-1.50.1
apache2-prefork-2.2.12-1.50.1
apache2-utils-2.2.12-1.50.1
apache2-worker-2.2.12-1.50.1

Ссылки

Описание

Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1
Ссылки

Описание

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1
Ссылки

Описание

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1
Ссылки

Описание

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1
Ссылки

Описание

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1
Ссылки

Описание

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1
Ссылки

Описание

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1
Ссылки

Описание

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1
Ссылки

Описание

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.12-1.50.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.12-1.50.1
Ссылки
Уязвимость SUSE-SU-2015:0689-1