Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Gentoo: GLSA-201701-36 Normal: Apache Multiple Attack Vectors

gentoo
Calendar Grey January 15, 2017
Dist Gentoo Esm H88
Several security flaws within Apache may result in Denial of Service attacks. It is recommended to update to safeguard your server.
Multiple vulnerabilities have been found in Apache, the worst of which could lead to a Denial of Service condition.

Summary

Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers, upstream Apache Software Foundation documentation, and HTTPoxy website referenced below for details.

Topics%20covered

Topics Covered

security advisory denial of service gentoo apache vulnerability upgrade web server

Resolution

All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.25"

References

[ 1 ] Apache Software Foundation Projects and "httpoxy" CERT VU #797896 https://www.apache.org/security/asf-httpoxy-response.txt [ 2 ] CVE-2014-3583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3583 [ 3 ] CVE-2016-0736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0736 [ 4 ] CVE-2016-2161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2161 [ 5 ] CVE-2016-5387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5387 [ 6 ] CVE-2016-8073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8073 [ 7 ] CVE-2016-8740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8740 [ 8 ] CVE-2016-8743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8743 [ 9 ] HTTPoxy Website https://httpoxy.org/

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-36
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: Apache: Multiple vulnerabilities
Date: January 15, 2017
Bugs: #529130, #589226, #601736, #603130
ID: 201701-36

Topics%20covered

Topics Covered

security advisory denial of service gentoo apache vulnerability upgrade web server

Synopsis

Multiple vulnerabilities have been found in Apache, the worst of which could lead to a Denial of Service condition.

Background

The Apache HTTP server is one of the most popular web servers on the Internet.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/apache < 2.4.25 >= 2.4.25

Impact

===== A remote attacker could cause a Denial of Service condition via multiple vectors or response splitting and cache pollution. Additionally, an attacker could intercept unsecured (HTTP) transmissions via the HTTPoxy vulnerability.

Workaround

There is no known workaround at this time.

Related News

Your message here