Objavljena je nadogradnja programskog paketa httpd koja ispravlja nov sigurnosni propust. Riječ je o nedostatku koji zlonamjernim korisnicima omogućuje pokretanje napada uskraćivanja usluge.
Paket:
HTTPD 2.x
Operacijski sustavi:
CentOS
Kritičnost:
7
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-3192
Izvorni ID preporuke:
CESA-2011:1245
Izvor:
CentOS
Problem:
Radi se o propustu koji se javlja zbog načina na koji Apache HTTP poslužitelj obrađuje Range HTTP zaglavlja.
Posljedica:
Udaljeni, zlonamjerni korisnici mogu iskoristiti ovaj propust za pokretanje napada uskraćivanja usluge.
Rješenje:
Svim se korisnicima savjetuje primjena objavljene nadogradnje kako bi uočen propust uklonili.
CentOS Errata and Security Advisory CESA-2011:1245
httpd security update for CentOS 4 x86_64:
https://rhn.redhat.com/errata/RHSA-2011-1245.html
The following updated file has been uploaded and is currently syncing to
the mirrors:
x86_64:
updates/x86_64/RPMS/httpd-2.0.52-48.ent.centos4.x86_64.rpm
updates/x86_64/RPMS/httpd-devel-2.0.52-48.ent.centos4.x86_64.rpm
updates/x86_64/RPMS/httpd-manual-2.0.52-48.ent.centos4.x86_64.rpm
updates/x86_64/RPMS/httpd-suexec-2.0.52-48.ent.centos4.x86_64.rpm
updates/x86_64/RPMS/mod_ssl-2.0.52-48.ent.centos4.x86_64.rpm
source:
updates/SRPMS/httpd-2.0.52-48.ent.centos4.src.rpm
You may update your CentOS-4 x86_64 installations by running the command:
yum update httpd\*
Tru
--
Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
CentOS Errata and Security Advisory CESA-2011:1245
httpd security update for CentOS 4 i386:
https://rhn.redhat.com/errata/RHSA-2011-1245.html
The following updated file has been uploaded and is currently syncing to
the mirrors:
i386:
updates/i386/RPMS/httpd-2.0.52-48.ent.centos4.i386.rpm
updates/i386/RPMS/httpd-devel-2.0.52-48.ent.centos4.i386.rpm
updates/i386/RPMS/httpd-manual-2.0.52-48.ent.centos4.i386.rpm
updates/i386/RPMS/httpd-suexec-2.0.52-48.ent.centos4.i386.rpm
updates/i386/RPMS/mod_ssl-2.0.52-48.ent.centos4.i386.rpm
source:
updates/SRPMS/httpd-2.0.52-48.ent.centos4.src.rpm
You may update your CentOS-4 i386 installations by running the command:
yum update httpd*
Tru
--
Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
Posljednje sigurnosne preporuke