Debian: DSA-2405-1: apache2 security update

    Date06 Feb 2012
    CategoryDebian
    27
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been found in the Apache HTTPD Server: CVE-2011-3607:
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2405-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                            Stefan Fritsch
    February 06, 2012                      http://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : apache2
    Vulnerability  : multiple issues
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2011-3607 CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 
                     CVE-2012-0031 CVE-2012-0053 
    
    Several vulnerabilities have been found in the Apache HTTPD Server:
    
    CVE-2011-3607:
    
      An integer overflow in ap_pregsub() could allow local attackers to
      execute arbitrary code at elevated privileges via crafted .htaccess
      files.
    
    CVE-2011-3368 CVE-2011-3639 CVE-2011-4317:
    
      The Apache HTTP Server did not properly validate the request URI for
      proxied requests. In certain reverse proxy configurations using the
      ProxyPassMatch directive or using the RewriteRule directive with the
      [P] flag, a remote attacker could make the proxy connect to an
      arbitrary server. The could allow the attacker to access internal
      servers that are not otherwise accessible from the outside.
    
      The three CVE ids denote slightly different variants of the same
      issue.
    
      Note that, even with this issue fixed, it is the responsibility of
      the administrator to ensure that the regular expression replacement
      pattern for the target URI does not allow a client to append arbitrary
      strings to the host or port parts of the target URI. For example, the
      configuration
    
        ProxyPassMatch ^/mail(.*)  http://internal-host$1
    
      is still insecure and should be replaced by one of the following
      configurations:
    
        ProxyPassMatch ^/mail(/.*)  http://internal-host$1
        ProxyPassMatch ^/mail/(.*)  http://internal-host/$1
    
    CVE-2012-0031:
    
      An apache2 child process could cause the parent process to crash
      during shutdown. This is a violation of the privilege separation
      between the apache2 processes and could potentially be used to worsen
      the impact of other vulnerabilities.
    
    CVE-2012-0053:
    
      The response message for error code 400 (bad request) could be used to
      expose "httpOnly" cookies. This could allow a remote attacker using
      cross site scripting to steal authentication cookies.
    
    
    For the oldstable distribution (lenny), these problems have been fixed in
    version apache2 2.2.9-10+lenny12.
    
    For the stable distribution (squeeze), these problems have been fixed in
    version apache2 2.2.16-6+squeeze6
    
    For the testing distribution (wheezy), these problems will be fixed in
    version 2.2.22-1.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 2.2.22-1.
    
    We recommend that you upgrade your apache2 packages.
    
    This update also contains updated apache2-mpm-itk packages which have
    been recompiled against the updated apache2 packages. The new version
    number for the oldstable distribution is 2.2.6-02-1+lenny7. In the
    stable distribution, apache2-mpm-itk has the same version number as
    apache2.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":61.54,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":23.08,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":15.38,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.