lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1YbnyC-00058I-Bi@titan.mandriva.com>
Date: Sat, 28 Mar 2015 11:28:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:093 ] apache

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:093
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : apache
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated apache packages fix security vulnerabilities:
 
 Apache HTTPD before 2.4.9 was vulnerable to a denial of service in
 mod_dav when handling DAV_WRITE requests (CVE-2013-6438).
 
 Apache HTTPD before 2.4.9 was vulnerable to a denial of service when
 logging cookies (CVE-2014-0098).
 
 A race condition flaw, leading to heap-based buffer overflows,
 was found in the mod_status httpd module. A remote attacker able to
 access a status page served by mod_status on a server using a threaded
 Multi-Processing Module (MPM) could send a specially crafted request
 that would cause the httpd child process to crash or, possibly,
 allow the attacker to execute arbitrary code with the privileges of
 the apache user (CVE-2014-0226).
 
 A denial of service flaw was found in the mod_proxy httpd module. A
 remote attacker could send a specially crafted request to a server
 configured as a reverse proxy using a threaded Multi-Processing
 Modules (MPM) that would cause the httpd child process to crash
 (CVE-2014-0117).
 
 A denial of service flaw was found in the way httpd&#039;s mod_deflate
 module handled request body decompression (configured via the DEFLATE
 input filter). A remote attacker able to send a request whose body
 would be decompressed could use this flaw to consume an excessive
 amount of system memory and CPU on the target system (CVE-2014-0118).
 
 A denial of service flaw was found in the way httpd&#039;s mod_cgid module
 executed CGI scripts that did not read data from the standard input. A
 remote attacker could submit a specially crafted request that would
 cause the httpd child process to hang indefinitely (CVE-2014-0231).
 
 A NULL pointer dereference flaw was found in the way the mod_cache
 httpd module handled Content-Type headers. A malicious HTTP server
 could cause the httpd child process to crash when the Apache HTTP
 server was configured to proxy to a server with caching enabled
 (CVE-2014-3581).
 
 mod_lua.c in the mod_lua module in the Apache HTTP Server through
 2.4.10 does not support an httpd configuration in which the same
 Lua authorization provider is used with different arguments within
 different contexts, which allows remote attackers to bypass intended
 access restrictions in opportunistic circumstances by leveraging
 multiple Require directives, as demonstrated by a configuration that
 specifies authorization for one group to access a certain directory,
 and authorization for a second group to access a second directory
 (CVE-2014-8109).
 
 In the mod_lua module in the Apache HTTP Server through 2.4.10, a
 maliciously crafted websockets PING after a script calls r:wsupgrade()
 can cause a child process crash (CVE-2015-0228).
 
 A flaw was found in the way httpd handled HTTP Trailer headers when
 processing requests using chunked encoding. A malicious client could
 use Trailer headers to set additional HTTP headers after header
 processing was performed by other modules. This could, for example,
 lead to a bypass of header restrictions defined with mod_headers
 (CVE-2013-5704).
 
 Note: With this update, httpd has been modified to not merge HTTP
 Trailer headers with other HTTP request headers. A newly introduced
 configuration directive MergeTrailers can be used to re-enable the
 old method of processing Trailer headers, which also re-introduces
 the aforementioned flaw.
 
 This update also fixes the following bug:
 
 Prior to this update, the mod_proxy_wstunnel module failed to set
 up an SSL connection when configured to use a back end server using
 the wss: URL scheme, causing proxied connections to fail. In these
 updated packages, SSL is used when proxying to wss: back end servers
 (rhbz#1141950).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5704
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
 http://advisories.mageia.org/MGASA-2014-0135.html
 http://advisories.mageia.org/MGASA-2014-0305.html
 http://advisories.mageia.org/MGASA-2014-0527.html
 http://advisories.mageia.org/MGASA-2015-0011.html
 http://advisories.mageia.org/MGASA-2015-0099.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 2/X86_64:
 8c0fc93f8b18e8d40190ef9084f2d583  mbs2/x86_64/apache-2.4.12-1.mbs2.x86_64.rpm
 6c90dd9f12f65e54ff131b0f4f2d04ee  mbs2/x86_64/apache-devel-2.4.12-1.mbs2.x86_64.rpm
 8b58ae3f9e57e02ff94a70de04ec8f23  mbs2/x86_64/apache-doc-2.4.12-1.mbs2.noarch.rpm
 fefc0679674332198f1b42d5a0240351  mbs2/x86_64/apache-htcacheclean-2.4.12-1.mbs2.x86_64.rpm
 22c39f085c7f81ba4186040aa20a79b4  mbs2/x86_64/apache-mod_cache-2.4.12-1.mbs2.x86_64.rpm
 d57f8944df9e0443ee3da9bdc2cb78d1  mbs2/x86_64/apache-mod_dav-2.4.12-1.mbs2.x86_64.rpm
 7a0e6435e3aaa22e6453dca56c47abb3  mbs2/x86_64/apache-mod_dbd-2.4.12-1.mbs2.x86_64.rpm
 30c9610763c492d3c5526e5625128aa8  mbs2/x86_64/apache-mod_ldap-2.4.12-1.mbs2.x86_64.rpm
 cdba1369c7b8dd017cf9790076bf0e15  mbs2/x86_64/apache-mod_proxy-2.4.12-1.mbs2.x86_64.rpm
 4c4e73ac608bf820a87f27d00148f265  mbs2/x86_64/apache-mod_proxy_html-2.4.12-1.mbs2.x86_64.rpm
 3103f59239d49810b16207502f271b8a  mbs2/x86_64/apache-mod_session-2.4.12-1.mbs2.x86_64.rpm
 2ef0b90590b36ca85c7103ebd02ea64b  mbs2/x86_64/apache-mod_ssl-2.4.12-1.mbs2.x86_64.rpm
 2f2855321b6554e400ba5542da3027ea  mbs2/x86_64/apache-mod_suexec-2.4.12-1.mbs2.x86_64.rpm
 b312e7cd14788b86c7088cc19473515c  mbs2/x86_64/apache-mod_userdir-2.4.12-1.mbs2.x86_64.rpm 
 dee3a16d2c36fed2716a3ed17addc1e1  mbs2/SRPMS/apache-2.4.12-1.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFnRImqjQ0CJFipgRAhbAAKDF22tbaWSxzaiqvhq0t6uM1bwWvgCfVNIJ
7XU6s8wMPlxQucpKSIVIKYI=
=4uS5
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ