<<< Date Index >>>     <<< Thread Index >>>

[CLA-2004:868] Conectiva Security Announcement - apache



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : apache
SUMMARY   : Several vulnerabilities in apache, mod_ssl and mod_dav
DATE      : 2004-09-23 12:10:00
ID        : CLA-2004:868
RELEVANT
RELEASES  : 9, 10

- -------------------------------------------------------------------------

DESCRIPTION
 Apache[1] is the most popular webserver in use today.
 
 This announcement fixes the following issues with apache, mod_ssl and
 mod_dav:
 
 1. Denial of service in ap_get_mime_headers_core() function
 (CAN-2004-0493[2])
 
 The ap_get_mime_headers_core() function in Apache httpd 2.0.49 allows
 remote attackers to cause a denial of service (memory exhaustion).
 
 2. Buffer overflow in .htaccess files handler (CAN-2004-0747[3])
 
 Buffer overflow in Apache 2.0.50 and earlier allows local attackers
 to gain apache privileges via a .htaccess file that causes the buffer
 overflow during expansion of environment variables.
 
 3. Denial of service in mod_ssl (CAN-2004-0748[4])
 
 mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause
 a denial of service (CPU consumption) by aborting an SSL connection
 in a way that causes an Apache child process to enter an infinite
 loop.
 
 4. Denial of service in char_buffer_read() function in mod_ssl
 (CAN-2004-0751[5])
 
 The char_buffer_read function in the mod_ssl module for Apache 2.x,
 when using reverse proxying to an SSL server, allows remote attackers
 to cause a denial of service (segmentation fault).
 
 5. Denial of service in IPv6 URI parsing routines (CAN-2004-0786[6])
 
 The IPv6 URI parsing routines in the apr-util library for Apache
 2.0.50 and earlier allow remote attackers to cause a denial of
 service (child process crash) via a certain URI, as demonstrated
 using the Codenomicon HTTP Test Tool.
 
 6. Denial of service in mod_dav (CAN-2004-0809[7])
 
 The mod_dav module in Apache 2.0.50 and earlier allows remote
 attackers to cause a denial of service (child process crash) via a
 certain sequence of LOCK requests for a location that allows WebDAV
 authoring access.


SOLUTION
 It is recommended that all Apache users upgrade their packages.
 
 IMPORTANT: it is necessary to manually restart the httpd server after
 upgrading the packages. In order to do this, execute the following as
 root:
 
 # service httpd stop
 
 (wait a few seconds and check with "pidof httpd" if there are any
 httpd processes running. On a busy webserver this could take a little
 longer)
 
 # service httpd start
 
 
 REFERENCES
 1.http://apache.httpd.org/
 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493
 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747
 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748
 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751
 6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786
 7.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/apache-2.0.49-61251U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-devel-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-doc-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-htpasswd-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-static-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr0-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_auth_ldap-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_dav-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/apache-2.0.45-28790U90_8cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_8cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions regarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFBUvgE42jd0JmAcZARAkA4AJ0ShRbvPefsmV3XGKOeeEASRs5JngCdG09c
GVaMt5qxT7qmkbmaZw5KRfs=
=yvTe
-----END PGP SIGNATURE-----