U radu programskog paketa Apache uočene su nove sigurnosne ranjivosti. Udaljeni napadač ih može iskoristiti za DoS (eng. Denial of Service) napad.

   SUSE Security Update: Security update for Apache 2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1216-1
Rating:             important
References:         #555098 #627030 #661597 #663359 #690734 #713966 
                    
Cross-References:   CVE-2011-3192
Affected Products:
                    SUSE Linux Enterprise Server 10 SP2
______________________________________________________________________________

   An update that solves one vulnerability and has 5 fixes is
   now available.

Description:


   This update fixes a remote denial of service bug (memory
   exhaustion) in the  Apache 2 HTTP server, that could be
   triggered by remote attackers using  multiple overlapping
   Request Ranges . (CVE-2011-3192)

   The fix introduces a new config option: Allow MaxRanges
   Number of ranges requested, if exceeded, the complete
   content is served. default: 200 0|unlimited: unlimited
   none: Range headers are ignored. (This option is a backport
   from 2.2.21.)

   It fixes also the minor security issue in the mod_cache
   modules in the  Apache HTTP Server that allowed remote
   attackers to cause a denial of  service (process crash) via
   a request that lacks a path. (CVE-2010-1452)

   It also fixes some non-security bugs: - take
   LimitRequestFieldsize config  option into account when
   parsing headers from backend. Thereby avoid that  the
   receiving buffers are too small. bnc#690734. - add / when
   on a  directory to feed correctly linked listings.
   bnc#661597 - a2enmod shalt not  disable a module in query
   mode. bnc#663359 - New option SSLRenegBufferSize  fixes
   "413 Request Entity Too Large occur" problem. - fixes
   graceful  restart hangs, bnc#555098.

   Security Issues:

   * CVE-2011-3192
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
   >

Indications:

   Please install this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64):

      apache2-2.2.3-16.25.40
      apache2-devel-2.2.3-16.25.40
      apache2-doc-2.2.3-16.25.40
      apache2-example-pages-2.2.3-16.25.40
      apache2-prefork-2.2.3-16.25.40
      apache2-worker-2.2.3-16.25.40


References:

   http://support.novell.com/security/cve/CVE-2011-3192.html
   https://bugzilla.novell.com/555098
   https://bugzilla.novell.com/627030
   https://bugzilla.novell.com/661597
   https://bugzilla.novell.com/663359
   https://bugzilla.novell.com/690734
   https://bugzilla.novell.com/713966
  
http://download.novell.com/patch/finder/?keywords=5e275ea53de9c9e1156fe626e80e6066

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.