Uočen je sigurnosni propust paketa Apache kojeg udaljeni napadač može iskoristiti za izvođenje DoS napada.
| Paket: | Apache 2.x |
| Operacijski sustavi: | Mandriva Linux 2010.1, Mandriva Linux Enterprise Server 5.0 |
| Kritičnost: | 3.2 |
| Problem: | pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | uskraćivanje usluga (DoS) |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2011-3348 |
| Izvorni ID preporuke: | MDVSA-2011:168 |
| Izvor: | Mandriva |
| Problem: | |
| Propust se javlja u dodatku "mod_proxy_ajp" ukoliko se koristi "mod_proxy_balancer". |
|
| Posljedica: | |
| Udaljeni napadač može iskoristiti propust slanjem posebno oblikovanog HTTP zahtjeva koji uzrokuje DoS (eng. Denial of Service) napad. |
|
| Rješenje: | |
| Preporuča se primjena nadogradnje. |
|
Izvorni tekst preporuke
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:168
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apache
Date : November 9, 2011
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in apache:
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21,
when used with mod_proxy_balancer in certain configurations, allows
remote attackers to cause a denial of service (temporary error state
in the backend server) via a malformed HTTP request (CVE-2011-3348).
The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory
introduced regressions in the way httpd handled certain Range HTTP
header values.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348
https://issues.apache.org/bugzilla/show_bug.cgi?id=51878
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
efa3019014628e3c480750c1f2004a7c 2010.1/i586/apache-base-2.2.15-3.5mdv2010.2.i586.rpm
3087616095041b2a0ec35a4f07b0db39 2010.1/i586/apache-devel-2.2.15-3.5mdv2010.2.i586.rpm
f64f79810c740c6ea48a62b6efaa2e57 2010.1/i586/apache-htcacheclean-2.2.15-3.5mdv2010.2.i586.rpm
54193e742de9f3c09033686110dbcf12 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.5mdv2010.2.i586.rpm
5190c0b547fdabd83f11f2c0b3c4c59c 2010.1/i586/apache-mod_cache-2.2.15-3.5mdv2010.2.i586.rpm
797c23a6d7bd773b56f12ef80e598bd3 2010.1/i586/apache-mod_dav-2.2.15-3.5mdv2010.2.i586.rpm
2489ede1721764643b2942292de4e43a 2010.1/i586/apache-mod_dbd-2.2.15-3.5mdv2010.2.i586.rpm
32132cdd5a453e1d35b34ad86756469b 2010.1/i586/apache-mod_deflate-2.2.15-3.5mdv2010.2.i586.rpm
bb94bf4569a6979b23bbf29e51172deb 2010.1/i586/apache-mod_disk_cache-2.2.15-3.5mdv2010.2.i586.rpm
c0465fd2bf450d8229c92ebd7b96e796 2010.1/i586/apache-mod_file_cache-2.2.15-3.5mdv2010.2.i586.rpm
8fe0536c0567db805b18eee9b6fbae4c 2010.1/i586/apache-mod_ldap-2.2.15-3.5mdv2010.2.i586.rpm
f9f7679d70d4c06573737e401c9efa56 2010.1/i586/apache-mod_mem_cache-2.2.15-3.5mdv2010.2.i586.rpm
bb61c23cadc265c1182e4d08beaf6834 2010.1/i586/apache-mod_proxy-2.2.15-3.5mdv2010.2.i586.rpm
724885ee3820d7b0ae7c20a188fb8c54 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.5mdv2010.2.i586.rpm
2582960ff8ed44b516dba77a8ca3f79e 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.5mdv2010.2.i586.rpm
54829077b157f55baa47bcb05769c039 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.5mdv2010.2.i586.rpm
2e977bb1f6a182a2c70912167265ce50 2010.1/i586/apache-mod_ssl-2.2.15-3.5mdv2010.2.i586.rpm
a5bf2b114ee2d72336adce28811c3037 2010.1/i586/apache-modules-2.2.15-3.5mdv2010.2.i586.rpm
83b2206a476ef960dd2267e42b2121af 2010.1/i586/apache-mod_userdir-2.2.15-3.5mdv2010.2.i586.rpm
e5c81b0d5dee76dfe644188c719208fd 2010.1/i586/apache-mpm-event-2.2.15-3.5mdv2010.2.i586.rpm
1f565927f0329db6a6dcbfc146862d7d 2010.1/i586/apache-mpm-itk-2.2.15-3.5mdv2010.2.i586.rpm
9fe74c5aa75109bd04e60278d3ce4f27 2010.1/i586/apache-mpm-peruser-2.2.15-3.5mdv2010.2.i586.rpm
3a253e811772ae2eeed3ed028bb05dec 2010.1/i586/apache-mpm-prefork-2.2.15-3.5mdv2010.2.i586.rpm
ada4b77b392aa8a5b6c283d1d3394f19 2010.1/i586/apache-mpm-worker-2.2.15-3.5mdv2010.2.i586.rpm
f777f009148573676e3bda6fa9d3472a 2010.1/i586/apache-source-2.2.15-3.5mdv2010.2.i586.rpm
30b49a94b9485639515c5323a58a87b2 2010.1/SRPMS/apache-2.2.15-3.5mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
904ac3e39e1544ac03201c638f272461 2010.1/x86_64/apache-base-2.2.15-3.5mdv2010.2.x86_64.rpm
48164409c194bc836764f105d332b9b2 2010.1/x86_64/apache-devel-2.2.15-3.5mdv2010.2.x86_64.rpm
7f9ba9d3b24e352fd9c6dbb770d1c0e2 2010.1/x86_64/apache-htcacheclean-2.2.15-3.5mdv2010.2.x86_64.rpm
bfc5629f34ceec77cc9f63cbacedec8b 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.5mdv2010.2.x86_64.rpm
e4f47be08c6bf1e1e12f8f8263014238 2010.1/x86_64/apache-mod_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
01f8ba996efc43df6e94cf3ba7b960ee 2010.1/x86_64/apache-mod_dav-2.2.15-3.5mdv2010.2.x86_64.rpm
07b4081d62a107a075f1b2e13a505496 2010.1/x86_64/apache-mod_dbd-2.2.15-3.5mdv2010.2.x86_64.rpm
42dc96e272815486f57db1fc5b5006c3 2010.1/x86_64/apache-mod_deflate-2.2.15-3.5mdv2010.2.x86_64.rpm
5ab4bcddcd345aee9938a53f8c66f652 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
8bc139a4c4ce0381292885d35e0dc9a8 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
d7add6101b8b2393c9e16bbe4570e474 2010.1/x86_64/apache-mod_ldap-2.2.15-3.5mdv2010.2.x86_64.rpm
4276d115ba3061e90c55b3614fc094e9 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.5mdv2010.2.x86_64.rpm
f12d0cfb139cfe7b46b2a6d6d0dbea74 2010.1/x86_64/apache-mod_proxy-2.2.15-3.5mdv2010.2.x86_64.rpm
527aa8011d33407b6e7419f51b1ba1f4 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.5mdv2010.2.x86_64.rpm
4b4fbeb9ae7243582d7a6d0f702c2f22 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.5mdv2010.2.x86_64.rpm
fc812b63a2078aa8ee8cd6bbee447589 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.5mdv2010.2.x86_64.rpm
5b13aaae983d8d37ade193afe05f97d0 2010.1/x86_64/apache-mod_ssl-2.2.15-3.5mdv2010.2.x86_64.rpm
c00c4fd9fd7bb6179f96e65567c6197d 2010.1/x86_64/apache-modules-2.2.15-3.5mdv2010.2.x86_64.rpm
0280efe603339cea73a9989d1e216d2e 2010.1/x86_64/apache-mod_userdir-2.2.15-3.5mdv2010.2.x86_64.rpm
53d1ba40692126ce9d98110e754bdece 2010.1/x86_64/apache-mpm-event-2.2.15-3.5mdv2010.2.x86_64.rpm
74caa9e8aee48eb0506d91acd2c8075e 2010.1/x86_64/apache-mpm-itk-2.2.15-3.5mdv2010.2.x86_64.rpm
73e3ada13fe3df988d00ae0a7c31a8e4 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.5mdv2010.2.x86_64.rpm
81ab4347551eb3c860b01985e614e309 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.5mdv2010.2.x86_64.rpm
16164f1d9cbaf6e4d80874ef53a8b6fa 2010.1/x86_64/apache-mpm-worker-2.2.15-3.5mdv2010.2.x86_64.rpm
990b96231afbdc851ff03ccbb0e1203d 2010.1/x86_64/apache-source-2.2.15-3.5mdv2010.2.x86_64.rpm
30b49a94b9485639515c5323a58a87b2 2010.1/SRPMS/apache-2.2.15-3.5mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
000a1b64448acad341d2bead5a7b2b40 mes5/i586/apache-base-2.2.9-12.14mdvmes5.2.i586.rpm
4c904a9851b0a6b54c936952e21d4f9a mes5/i586/apache-devel-2.2.9-12.14mdvmes5.2.i586.rpm
f8772da8100473cdb73c580764a052ff mes5/i586/apache-htcacheclean-2.2.9-12.14mdvmes5.2.i586.rpm
df5ff9f23abbf7bfdfe3290dd229fa3c mes5/i586/apache-mod_authn_dbd-2.2.9-12.14mdvmes5.2.i586.rpm
495e3856b6a6c6deed0879a74ff96e91 mes5/i586/apache-mod_cache-2.2.9-12.14mdvmes5.2.i586.rpm
19bf954e5808bb55904eb15e0da83eaa mes5/i586/apache-mod_dav-2.2.9-12.14mdvmes5.2.i586.rpm
69b7ed150f649056ca9ed5c8dbb69ab9 mes5/i586/apache-mod_dbd-2.2.9-12.14mdvmes5.2.i586.rpm
e0ef096233b8ab089944bd97a636d984 mes5/i586/apache-mod_deflate-2.2.9-12.14mdvmes5.2.i586.rpm
ba8efbb0753f0c4b9e0542714c0dc38d mes5/i586/apache-mod_disk_cache-2.2.9-12.14mdvmes5.2.i586.rpm
778ee556b1cccf580aafe55104718ced mes5/i586/apache-mod_file_cache-2.2.9-12.14mdvmes5.2.i586.rpm
7e779a0c3ab9bf94a0f07a37b5a1ad76 mes5/i586/apache-mod_ldap-2.2.9-12.14mdvmes5.2.i586.rpm
f1a30b1609adfd75a1d1aa81145cc2b1 mes5/i586/apache-mod_mem_cache-2.2.9-12.14mdvmes5.2.i586.rpm
fe9fcfd8ca9b7129de9535aee2917f3f mes5/i586/apache-mod_proxy-2.2.9-12.14mdvmes5.2.i586.rpm
95943de5218e180dcdc4088e5757f6db mes5/i586/apache-mod_proxy_ajp-2.2.9-12.14mdvmes5.2.i586.rpm
318c98c15a80c6f54b5eafcb0f35c3dd mes5/i586/apache-mod_ssl-2.2.9-12.14mdvmes5.2.i586.rpm
a4d215acc80c76d8fa7296a1a9e71e66 mes5/i586/apache-modules-2.2.9-12.14mdvmes5.2.i586.rpm
6dd522fae06c5b507125966862f3baeb mes5/i586/apache-mod_userdir-2.2.9-12.14mdvmes5.2.i586.rpm
f142012531d29a89eb26bdf94fed9e77 mes5/i586/apache-mpm-event-2.2.9-12.14mdvmes5.2.i586.rpm
12f441381a02a93615f570de2984296d mes5/i586/apache-mpm-itk-2.2.9-12.14mdvmes5.2.i586.rpm
e6fe55d8db2ea5fb88ea1b39f76b0bdb mes5/i586/apache-mpm-peruser-2.2.9-12.14mdvmes5.2.i586.rpm
74ba90b3e16d7dc1bf44f28e83666086 mes5/i586/apache-mpm-prefork-2.2.9-12.14mdvmes5.2.i586.rpm
89059e7700f61272a5a1bed0a5aa9854 mes5/i586/apache-mpm-worker-2.2.9-12.14mdvmes5.2.i586.rpm
dceffe55d15d99932e04cf2b1f8f12c3 mes5/i586/apache-source-2.2.9-12.14mdvmes5.2.i586.rpm
1803c43f9aaa75ba96abb9b82b3f9cfd mes5/SRPMS/apache-2.2.9-12.14mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
050aa909a942ddf054f913066552fbcc mes5/x86_64/apache-base-2.2.9-12.14mdvmes5.2.x86_64.rpm
2d9fa3f4003f8577fc372493a216ff4a mes5/x86_64/apache-devel-2.2.9-12.14mdvmes5.2.x86_64.rpm
68305995effc2bd9a1cc6c234da9ce88 mes5/x86_64/apache-htcacheclean-2.2.9-12.14mdvmes5.2.x86_64.rpm
895e327ff7b75ba1489904c7f50c9219 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.14mdvmes5.2.x86_64.rpm
92f1a4e37e02079b707844c119f396cf mes5/x86_64/apache-mod_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
61c1d304dd3fc85717d1fdc74c62402a mes5/x86_64/apache-mod_dav-2.2.9-12.14mdvmes5.2.x86_64.rpm
b4f161ec2d9745ea40e6be83ec670ad4 mes5/x86_64/apache-mod_dbd-2.2.9-12.14mdvmes5.2.x86_64.rpm
b3dd2d1cd1d3a4236c022254e7f5dae5 mes5/x86_64/apache-mod_deflate-2.2.9-12.14mdvmes5.2.x86_64.rpm
6992b43e842ff1a77132c1667204a1f1 mes5/x86_64/apache-mod_disk_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
68885f5adf906884bfede7be9b98c0de mes5/x86_64/apache-mod_file_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
38152f4ed136292e725f0cac2a836a23 mes5/x86_64/apache-mod_ldap-2.2.9-12.14mdvmes5.2.x86_64.rpm
d4e4ab43908f41d33106e069e85e19f0 mes5/x86_64/apache-mod_mem_cache-2.2.9-12.14mdvmes5.2.x86_64.rpm
4c54f275dd6dc1f4ef56c0fa26f1f262 mes5/x86_64/apache-mod_proxy-2.2.9-12.14mdvmes5.2.x86_64.rpm
ab35ab1aedb6b0fe30143af8ebb1c51b mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.14mdvmes5.2.x86_64.rpm
86d6ca8156a2ec224dd2c8f064bfa685 mes5/x86_64/apache-mod_ssl-2.2.9-12.14mdvmes5.2.x86_64.rpm
f0771cbbcad7bbbbb230ba17b49a00ec mes5/x86_64/apache-modules-2.2.9-12.14mdvmes5.2.x86_64.rpm
9d6ed0960614673c4085a2d9a90876b9 mes5/x86_64/apache-mod_userdir-2.2.9-12.14mdvmes5.2.x86_64.rpm
2dfc496e8aea977d133823ccbb72f754 mes5/x86_64/apache-mpm-event-2.2.9-12.14mdvmes5.2.x86_64.rpm
f1a306cc23d666161058585337e598e6 mes5/x86_64/apache-mpm-itk-2.2.9-12.14mdvmes5.2.x86_64.rpm
ede25d1a607e03b8e65b3ecb46fd7b2b mes5/x86_64/apache-mpm-peruser-2.2.9-12.14mdvmes5.2.x86_64.rpm
67c5a299b3ed4c15341a54cbbc06a2bc mes5/x86_64/apache-mpm-prefork-2.2.9-12.14mdvmes5.2.x86_64.rpm
abd16d61836ee16d267d3cf29c68bdbf mes5/x86_64/apache-mpm-worker-2.2.9-12.14mdvmes5.2.x86_64.rpm
07dcbb776ca1b4261aa945b9daed5c3c mes5/x86_64/apache-source-2.2.9-12.14mdvmes5.2.x86_64.rpm
1803c43f9aaa75ba96abb9b82b3f9cfd mes5/SRPMS/apache-2.2.9-12.14mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOuoyXmqjQ0CJFipgRAnR9AKCyVUZGycLkHzYaojJWEYZEDJHEFgCfU3oa
SBbMFvjmZIC1PWkEhcd2oiU=
=HxW0
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke