ArchLinux: 201904-3: apache: multiple issues

    Date11 Apr 2019
    CategoryArchLinux
    793
    Posted ByLinuxSecurity Advisories
    The package apache before version 2.4.39-1 is vulnerable to multiple issues including privilege escalation, access restriction bypass and denial of service.
    Arch Linux Security Advisory ASA-201904-3
    =========================================
    
    Severity: Critical
    Date    : 2019-04-05
    CVE-ID  : CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0215
              CVE-2019-0217 CVE-2019-0220
    Package : apache
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-946
    
    Summary
    =======
    
    The package apache before version 2.4.39-1 is vulnerable to multiple
    issues including privilege escalation, access restriction bypass and
    denial of service.
    
    Resolution
    ==========
    
    Upgrade to 2.4.39-1.
    
    # pacman -Syu "apache>=2.4.39-1"
    
    The problems have been fixed upstream in version 2.4.39.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-0196 (denial of service)
    
    A use-after-free issue has been found in the http/2 request handling
    code of Apache HTTPd <= 2.4.18 and <= 2.4.38. Using crafted network
    input, the http/2 request handling could be made to access freed memory
    in string comparison when determining the method of a request and thus
    process the request incorrectly.
    
    - CVE-2019-0197 (denial of service)
    
    An issue has been found in Apache HTTPd >= 2.4.34 and <= 2.4.38. When
    HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on
    a https: host, an Upgrade request from http/1.1 to http/2 that was not
    the first request on a connection could lead to a misconfiguration and
    crash. A server that never enabled the h2 protocol or that only enabled
    it for https: and did not configure the "H2Upgrade on" is unaffected by
    this.
    
    - CVE-2019-0211 (privilege escalation)
    
    In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event,
    worker or prefork, code executing in less-privileged child processes or
    threads (including scripts executed by an in-process scripting
    interpreter) could execute arbitrary code with the privileges of the
    parent process (usually root) by manipulating the scoreboard.
    
    - CVE-2019-0215 (access restriction bypass)
    
    In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl
    when using per-location client certificate verification with TLSv1.3
    allowed a client supporting Post-Handshake Authentication to bypass
    configured access control restrictions.
    
    - CVE-2019-0217 (access restriction bypass)
    
    In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in
    mod_auth_digest when running in a threaded server could allow a user
    with valid credentials to authenticate using another username,
    bypassing configured access control restrictions.
    
    - CVE-2019-0220 (access restriction bypass)
    
    A security issue has been found in Apache HTTPd 2.4.x before 2.4.39.
    When the path component of a request URL contains multiple consecutive
    slashes ('/'), directives such as LocationMatch and RewriteRule must
    account for duplicates in regular expressions while other aspects of
    the servers processing will implicitly collapse them.
    
    Impact
    ======
    
    A remote attacker can bypass access control restrictions, or crash a
    server via a crafted HTTP/2 query. A local attacker can elevate
    privileges to root by manipulating the scoreboard.
    
    References
    ==========
    
    https://httpd.apache.org/security/vulnerabilities_24.html
    https://security.archlinux.org/CVE-2019-0196
    https://security.archlinux.org/CVE-2019-0197
    https://security.archlinux.org/CVE-2019-0211
    https://security.archlinux.org/CVE-2019-0215
    https://security.archlinux.org/CVE-2019-0217
    https://security.archlinux.org/CVE-2019-0220
    
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"5","type":"x","order":"1","pct":83.33,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.