Debian: DSA-2298-2 Moderate: Apache2 DoS Regression Fix
debian
September 5, 2011
The apache2 Upgrade from DSA-2298-1 has caused a regression that prevented some video players from seeking in video files served by Apache HTTPD
Topics Covered
Summary
The text of the original advisory is reproduced for reference:
Two issues have been found in the Apache HTTPD web server:
CVE-2011-3192
A vulnerability has been found in the way the multiple overlapping
ranges are handled by the Apache HTTPD server. This vulnerability
allows an attacker to cause Apache HTTPD to use an excessive amount of
memory, causing a denial of service.
CVE-2010-1452
A vulnerability has been found in mod_dav that allows an attacker to
cause a daemon crash, causing a denial of service. This issue only
affects the Debian 5.0 oldstable/lenny distribution.
The regression has been fixed in the following packages:
For the oldstable distribution (lenny), this problem has been fixed
in version 2.2.9-10+lenny11.
For the stable distribution (squeeze), this problem has been fixed in
version 2.2.16-6+squeeze3.
For the testing distribution (wheezy), this problem will be fixed in
version 2.2.20-1.
For the unstable distribution (sid), this problem has been fixed in
version 2.2.20-1.
We recommend ...
PREVIOUS
NEXT
Package: apache2
CVE ID: CVE-2010-1452 CVE-2011-3192
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!