-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : apache SUMMARY : Several vulnerabilities in apache, mod_ssl and mod_dav DATE : 2004-09-23 12:10:00 ID : CLA-2004:868 RELEVANT RELEASES : 9, 10 - ------------------------------------------------------------------------- DESCRIPTION Apache[1] is the most popular webserver in use today. This announcement fixes the following issues with apache, mod_ssl and mod_dav: 1. Denial of service in ap_get_mime_headers_core() function (CAN-2004-0493[2]) The ap_get_mime_headers_core() function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion). 2. Buffer overflow in .htaccess files handler (CAN-2004-0747[3]) Buffer overflow in Apache 2.0.50 and earlier allows local attackers to gain apache privileges via a .htaccess file that causes the buffer overflow during expansion of environment variables. 3. Denial of service in mod_ssl (CAN-2004-0748[4]) mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop. 4. Denial of service in char_buffer_read() function in mod_ssl (CAN-2004-0751[5]) The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). 5. Denial of service in IPv6 URI parsing routines (CAN-2004-0786[6]) The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool. 6. Denial of service in mod_dav (CAN-2004-0809[7]) The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. SOLUTION It is recommended that all Apache users upgrade their packages. IMPORTANT: it is necessary to manually restart the httpd server after upgrading the packages. In order to do this, execute the following as root: # service httpd stop (wait a few seconds and check with "pidof httpd" if there are any httpd processes running. On a busy webserver this could take a little longer) # service httpd start REFERENCES 1.http://apache.httpd.org/ 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786 7.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809 UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/10/SRPMS/apache-2.0.49-61251U10_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-2.0.49-61251U10_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-devel-2.0.49-61251U10_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-doc-2.0.49-61251U10_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-htpasswd-2.0.49-61251U10_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-2.0.49-61251U10_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-static-2.0.49-61251U10_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr0-2.0.49-61251U10_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_auth_ldap-2.0.49-61251U10_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_dav-2.0.49-61251U10_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/apache-2.0.45-28790U90_8cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_8cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U90_8cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_8cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-28790U90_8cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U90_8cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45-28790U90_8cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_8cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U90_8cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_8cl.i386.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- Copyright (c) 2004 Conectiva Inc. http://www.conectiva.com - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFBUvgE42jd0JmAcZARAkA4AJ0ShRbvPefsmV3XGKOeeEASRs5JngCdG09c GVaMt5qxT7qmkbmaZw5KRfs= =yvTe -----END PGP SIGNATURE-----
