[CLA-2004:868] Conectiva Security Announcement - apache
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : apache
SUMMARY : Several vulnerabilities in apache, mod_ssl and mod_dav
DATE : 2004-09-23 12:10:00
ID : CLA-2004:868
RELEVANT
RELEASES : 9, 10
- -------------------------------------------------------------------------
DESCRIPTION
Apache[1] is the most popular webserver in use today.
This announcement fixes the following issues with apache, mod_ssl and
mod_dav:
1. Denial of service in ap_get_mime_headers_core() function
(CAN-2004-0493[2])
The ap_get_mime_headers_core() function in Apache httpd 2.0.49 allows
remote attackers to cause a denial of service (memory exhaustion).
2. Buffer overflow in .htaccess files handler (CAN-2004-0747[3])
Buffer overflow in Apache 2.0.50 and earlier allows local attackers
to gain apache privileges via a .htaccess file that causes the buffer
overflow during expansion of environment variables.
3. Denial of service in mod_ssl (CAN-2004-0748[4])
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause
a denial of service (CPU consumption) by aborting an SSL connection
in a way that causes an Apache child process to enter an infinite
loop.
4. Denial of service in char_buffer_read() function in mod_ssl
(CAN-2004-0751[5])
The char_buffer_read function in the mod_ssl module for Apache 2.x,
when using reverse proxying to an SSL server, allows remote attackers
to cause a denial of service (segmentation fault).
5. Denial of service in IPv6 URI parsing routines (CAN-2004-0786[6])
The IPv6 URI parsing routines in the apr-util library for Apache
2.0.50 and earlier allow remote attackers to cause a denial of
service (child process crash) via a certain URI, as demonstrated
using the Codenomicon HTTP Test Tool.
6. Denial of service in mod_dav (CAN-2004-0809[7])
The mod_dav module in Apache 2.0.50 and earlier allows remote
attackers to cause a denial of service (child process crash) via a
certain sequence of LOCK requests for a location that allows WebDAV
authoring access.
SOLUTION
It is recommended that all Apache users upgrade their packages.
IMPORTANT: it is necessary to manually restart the httpd server after
upgrading the packages. In order to do this, execute the following as
root:
# service httpd stop
(wait a few seconds and check with "pidof httpd" if there are any
httpd processes running. On a busy webserver this could take a little
longer)
# service httpd start
REFERENCES
1.http://apache.httpd.org/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493
3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748
5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751
6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786
7.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/apache-2.0.49-61251U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-devel-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-doc-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-htpasswd-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-static-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr0-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_auth_ldap-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_dav-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/apache-2.0.45-28790U90_8cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_8cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions regarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFBUvgE42jd0JmAcZARAkA4AJ0ShRbvPefsmV3XGKOeeEASRs5JngCdG09c
GVaMt5qxT7qmkbmaZw5KRfs=
=yvTe
-----END PGP SIGNATURE-----