Debian Lenny: DSA-2035-1 Critical: Apache2 Multiple Issues
debian
April 17, 2010
Two issues have been found in the Apache HTTPD web server: CVE-2010-0408
Topics Covered
Summary
Two issues have been found in the Apache HTTPD web server:
CVE-2010-0408
mod_proxy_ajp would return the wrong status code if it encountered an
error, causing a backend server to be put into an error state until the
retry timeout expired. A remote attacker could send malicious requests
to trigger this issue, resulting in denial of service.
CVE-2010-0434
A flaw in the core subrequest process code was found, which could lead
to a daemon crash (segfault) or disclosure of sensitive information
if the headers of a subrequest were modified by modules such as
mod_headers.
For the stable distribution (lenny), these problems have been fixed in
version 2.2.9-10+lenny7.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 2.2.15-1.
This advisory also provides updated apache2-mpm-itk packages which
have been recompiled against the new apache2 packages.
We recommend that you upgrade your apache2 and apache2-mpm-itk packages.
Upgrade instructions
- ---...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!