Описание
Security update for apache2
This update for apache2 fixes the following issues:
- Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. (bsc#1052830)
- Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561)
Following security issue has been fixed:
- CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058)
Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added:
- CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (bsc#1045061)
- CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062)
- CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065)
- CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header. (bsc#1045060)
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Studio Onsite 1.3
Ссылки
- Link for SUSE-SU-2017:2907-1
- E-Mail link for SUSE-SU-2017:2907-1
- SUSE Security Ratings
- SUSE Bug 1045060
- SUSE Bug 1045061
- SUSE Bug 1045062
- SUSE Bug 1045065
- SUSE Bug 1052830
- SUSE Bug 1058058
- SUSE Bug 1064561
- SUSE CVE CVE-2009-2699 page
- SUSE CVE CVE-2010-0425 page
- SUSE CVE CVE-2012-0021 page
- SUSE CVE CVE-2014-0118 page
- SUSE CVE CVE-2017-3167 page
- SUSE CVE CVE-2017-3169 page
- SUSE CVE CVE-2017-7668 page
- SUSE CVE CVE-2017-7679 page
- SUSE CVE CVE-2017-9798 page
Описание
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
Затронутые продукты
Ссылки
- CVE-2009-2699
- SUSE Bug 1078450
Описание
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
Затронутые продукты
Ссылки
- CVE-2010-0425
- SUSE Bug 1078450
- SUSE Bug 586572
- SUSE Bug 601151
Описание
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
Затронутые продукты
Ссылки
- CVE-2012-0021
- SUSE Bug 1078450
- SUSE Bug 743744
Описание
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.
Затронутые продукты
Ссылки
- CVE-2014-0118
- SUSE Bug 1078450
- SUSE Bug 887769
Описание
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
Затронутые продукты
Ссылки
- CVE-2017-3167
- SUSE Bug 1045065
- SUSE Bug 1078450
Описание
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
Затронутые продукты
Ссылки
- CVE-2017-3169
- SUSE Bug 1045062
- SUSE Bug 1078450
Описание
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
Затронутые продукты
Ссылки
- CVE-2017-7668
- SUSE Bug 1045061
- SUSE Bug 1078450
Описание
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
Затронутые продукты
Ссылки
- CVE-2017-7679
- SUSE Bug 1045060
- SUSE Bug 1057861
- SUSE Bug 1078450
Описание
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
Затронутые продукты
Ссылки
- CVE-2017-9798
- SUSE Bug 1058058
- SUSE Bug 1060757
- SUSE Bug 1077582
- SUSE Bug 1078450
- SUSE Bug 1089997