Uočen je sigurnosni nedostatak u radu programskog paketa Apache HTTP Server. Nedostatak mogu iskoristiti udaljeni zlonamjerni korisnici kako bi izveli DoS napad.
| Paket: | Apache 2.x |
| Operacijski sustavi: | Mandriva Linux 2011 |
| Kritičnost: | 7 |
| Problem: | pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | uskraćivanje usluga (DoS) |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2011-3192 |
| Izvorni ID preporuke: | MDVSA-2011:130 |
| Izvor: | Mandriva |
| Problem: | |
| Nedostatak je posljedica pogreške u ByteRange filtru pri obradi zlonamjerno oblikovanih zahtjeva. |
|
| Posljedica: | |
| Udaljeni napadač može iskoristiti nedostatak pomoću posebno oblikovanog Range zaglavlja. Napad rezultira rušenjem aplikacije (DoS napad). |
|
| Rješenje: | |
| Svim korisnicima se savjetuje primjena dostupne nadogradnje. |
|
Izvorni tekst preporuke
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:130-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apache
Date : September 17, 2011
Affected: 2011.
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in apache:
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through
2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a
denial of service (memory and CPU consumption) via a Range header
that expresses multiple overlapping ranges, as exploited in the
wild in August 2011, a different vulnerability than CVE-2007-0086
(CVE-2011-3192).
The updated packages have been patched to correct this issue.
Update:
Packages for Mandriva Linux 2011 is now being provided as well. Enjoy!
* apache has been upgraded to the latest version (2.2.21) for 2011
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2011:
5c4825e4c63b4a06c68a5fd81517de71
2011/i586/apache-base-2.2.21-0.1-mdv2011.0.i586.rpm
b5a00191b27804f9735643cdcd704b19
2011/i586/apache-conf-2.2.21-0.1-mdv2011.0.i586.rpm
49defd7efbb4a37ec49c01c7ef9c64aa
2011/i586/apache-devel-2.2.21-0.1-mdv2011.0.i586.rpm
a023e40689777630df036eae1a84a475
2011/i586/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm
f03744bb74a3e0872cb08465799c3ee1
2011/i586/apache-htcacheclean-2.2.21-0.1-mdv2011.0.i586.rpm
bb9efa66089deef66f9434b813d41a95
2011/i586/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.i586.rpm
bb334eb7fe43927ba7c6c9196b4e1fd1
2011/i586/apache-mod_cache-2.2.21-0.1-mdv2011.0.i586.rpm
086b5ed82c064b16964fff70bf9c841e
2011/i586/apache-mod_dav-2.2.21-0.1-mdv2011.0.i586.rpm
115008b2471e10ea01689dafe5c46bcd
2011/i586/apache-mod_dbd-2.2.21-0.1-mdv2011.0.i586.rpm
6b686ec6612ff8740d1e482faa06c544
2011/i586/apache-mod_deflate-2.2.21-0.1-mdv2011.0.i586.rpm
8c8f14074bc0dbbeb2b3890611f95c6b
2011/i586/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.i586.rpm
b03569edc20c9393e0b5eea09f590368
2011/i586/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.i586.rpm
343703d3822a6757e000edeebe7e0a06
2011/i586/apache-mod_ldap-2.2.21-0.1-mdv2011.0.i586.rpm
3457011403525d40e525716c4da8e477
2011/i586/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.i586.rpm
3d060145b3665ca4c0b309f812af9370
2011/i586/apache-mod_proxy-2.2.21-0.1-mdv2011.0.i586.rpm
a0e00b0610eb5a8c5c57afabeafc07f8
2011/i586/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.i586.rpm
dd4bb38bbc2997ca398fb37225eca371
2011/i586/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.i586.rpm
2966cdfddf02fa32447711af6a3046dd
2011/i586/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.i586.rpm
48774d9c282dc476f35a0c8b2e821a7f
2011/i586/apache-mod_ssl-2.2.21-0.1-mdv2011.0.i586.rpm
7b832f85bd258abf0c7abb161f4028b4
2011/i586/apache-mod_suexec-2.2.21-0.1-mdv2011.0.i586.rpm
1c6b93eaa5b27477989bf82ea9a63685
2011/i586/apache-modules-2.2.21-0.1-mdv2011.0.i586.rpm
1e7dc0ee3fafae8a786be0cc164ebe4a
2011/i586/apache-mod_userdir-2.2.21-0.1-mdv2011.0.i586.rpm
ab2d074f2dfe57a64b022d4e6b8254ab
2011/i586/apache-mpm-event-2.2.21-0.1-mdv2011.0.i586.rpm
a22debf09366b64e236965a4091009e9
2011/i586/apache-mpm-itk-2.2.21-0.1-mdv2011.0.i586.rpm
174aed4327491b83f147f3b4e76bcd1f
2011/i586/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.i586.rpm
e141881c27496e7e74ad7f3f566a1bd2
2011/i586/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.i586.rpm
97893069a3d6eb73e3773bc0ee78c9a4
2011/i586/apache-mpm-worker-2.2.21-0.1-mdv2011.0.i586.rpm
fe530e2da15b3e0bf14c617824ff82c9
2011/i586/apache-source-2.2.21-0.1-mdv2011.0.i586.rpm
4376094cd799523a1a7666f4e768707d 2011/SRPMS/apache-2.2.21-0.1.src.rpm
b37e2a1dafb6883a10cefb4140e9635e 2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm
d83c587ad4d56a31362f67334bbf9455 2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm
0b4a145fd5ff8c11a53956f750cdbd42
2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm
Mandriva Linux 2011/X86_64:
8837c56966896e10d3403956e7cf86ac
2011/x86_64/apache-base-2.2.21-0.1-mdv2011.0.x86_64.rpm
aec6da25319585e53623471734f99c57
2011/x86_64/apache-conf-2.2.21-0.1-mdv2011.0.x86_64.rpm
e8600455214ad4f2303d9f36576e4952
2011/x86_64/apache-devel-2.2.21-0.1-mdv2011.0.x86_64.rpm
90694f3211fca3d436ec4130b8bb43e2
2011/x86_64/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm
fd3f6a51c8abf8b1ff8356489ba6d6e1
2011/x86_64/apache-htcacheclean-2.2.21-0.1-mdv2011.0.x86_64.rpm
796c8129bbc160455587bc54c58c2220
2011/x86_64/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm
61add54b6e0c8306dff065a150b262e2
2011/x86_64/apache-mod_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
cb98169c29008c256662f3a08141bf95
2011/x86_64/apache-mod_dav-2.2.21-0.1-mdv2011.0.x86_64.rpm
5aa03ee54a7e40d41fd746fd1a223c72
2011/x86_64/apache-mod_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm
386a956f014fe2d64dfe38fc261abd39
2011/x86_64/apache-mod_deflate-2.2.21-0.1-mdv2011.0.x86_64.rpm
5a473bc45fa59323c4d526dd4f5a30d3
2011/x86_64/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
aaa544f7a4912c161a2c73e222ae87d6
2011/x86_64/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
f04054edc62a24ea9042c5b41074bd1d
2011/x86_64/apache-mod_ldap-2.2.21-0.1-mdv2011.0.x86_64.rpm
1c97f63c1169f483d086a94b97f5c421
2011/x86_64/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm
ca912c34fec5cf470947a7f87e9705a4
2011/x86_64/apache-mod_proxy-2.2.21-0.1-mdv2011.0.x86_64.rpm
b5ae70a8ed412e40275b4de7b639caa0
2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.x86_64.rpm
6b11b032c13277712c336405ea23a8b0
2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.x86_64.rpm
874a420342f1ea9278e014b79fe5a337
2011/x86_64/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.x86_64.rpm
2757b3d7c8261563e22c41d3f94aaa29
2011/x86_64/apache-mod_ssl-2.2.21-0.1-mdv2011.0.x86_64.rpm
6edbc6963aab9beee507f9a3c8be38a2
2011/x86_64/apache-mod_suexec-2.2.21-0.1-mdv2011.0.x86_64.rpm
fe6143eaa1acc0de751198ea19129279
2011/x86_64/apache-modules-2.2.21-0.1-mdv2011.0.x86_64.rpm
3e66fa1e1e2cf243c1c6472243cb86fe
2011/x86_64/apache-mod_userdir-2.2.21-0.1-mdv2011.0.x86_64.rpm
7d45bfd7d3aa87d45d2287fdd9507847
2011/x86_64/apache-mpm-event-2.2.21-0.1-mdv2011.0.x86_64.rpm
bce9e2cdffe45cbc4baf72f0d0c4000e
2011/x86_64/apache-mpm-itk-2.2.21-0.1-mdv2011.0.x86_64.rpm
217bd96dfa802f7d049b6fd12600b154
2011/x86_64/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.x86_64.rpm
cc304b9011d16d7f3cf5c8250e4d9f18
2011/x86_64/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.x86_64.rpm
a8bb9b62c39f98a6df728d51a4fff39a
2011/x86_64/apache-mpm-worker-2.2.21-0.1-mdv2011.0.x86_64.rpm
7d41c857be2574ac5f3ea7090a1f3c78
2011/x86_64/apache-source-2.2.21-0.1-mdv2011.0.x86_64.rpm
4376094cd799523a1a7666f4e768707d 2011/SRPMS/apache-2.2.21-0.1.src.rpm
b37e2a1dafb6883a10cefb4140e9635e 2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm
d83c587ad4d56a31362f67334bbf9455 2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm
0b4a145fd5ff8c11a53956f750cdbd42
2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOdErbmqjQ0CJFipgRArO0AJ9MeU1I/ItvY699awHPqXD7TZZ46gCeP/Lc
OVJD0GobLzQ3q1XZS8WiqdY=
=O8Ag
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke