LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openSUSE alert openSUSE-SU-2012:0314-1 (apache2)



From:
    	      opensuse-security@opensuse.org 


To:
    	      opensuse-updates@opensuse.org 


Subject:
    	      openSUSE-SU-2012:0314-1: important: apache2: fixed various security bugs 


Date:
    	      Tue, 28 Feb 2012 18:08:26 +0100 (CET)


Message-ID:
    	      <20120228170826.3BFC83216F@maintenance.suse.de>


Archive-link:
    	      Article, Thread
              


   openSUSE Security Update: apache2: fixed various security bugs
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0314-1
Rating:             important
References:         #728876 #738855 #741243 #743743 
Cross-References:   CVE-2007-6750 CVE-2012-0031 CVE-2012-0053
                   
Affected Products:
                    openSUSE 11.4
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:

   This update of apache2 fixes regressions and several
   security problems:

   bnc#728876, fix graceful reload

   bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption
   (shared mem segment) by child causes crash of privileged
   parent (invalid free()) during shutdown.

   bnc#743743, CVE-2012-0053: Fixed an issue in error
   responses that could expose "httpOnly" cookies when no
   custom ErrorDocument is specified for status code 400".

   bnc#738855, CVE-2007-6750: The "mod_reqtimeout" module was
   backported from Apache 2.2.21 to help mitigate the
   "Slowloris" Denial of Service attack.

   You need to enable the "mod_reqtimeout" module in your
   existing apache configuration to make it effective, e.g. in
   the APACHE_MODULES line in /etc/sysconfig/apache2.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch apache2-201202-5821

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4 (i586 x86_64):

      apache2-2.2.17-4.13.1
      apache2-devel-2.2.17-4.13.1
      apache2-example-certificates-2.2.17-4.13.1
      apache2-example-pages-2.2.17-4.13.1
      apache2-itk-2.2.17-4.13.1
      apache2-prefork-2.2.17-4.13.1
      apache2-utils-2.2.17-4.13.1
      apache2-worker-2.2.17-4.13.1

   - openSUSE 11.4 (noarch):

      apache2-doc-2.2.17-4.13.1


References:

   http://support.novell.com/security/cve/CVE-2007-6750.html
   http://support.novell.com/security/cve/CVE-2012-0031.html
   http://support.novell.com/security/cve/CVE-2012-0053.html
   https://bugzilla.novell.com/728876
   https://bugzilla.novell.com/738855
   https://bugzilla.novell.com/741243
   https://bugzilla.novell.com/743743
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds