Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

openSUSE 11.4: Security Update openSUSE-SU-2011:1217-1 Important Apache DoS

opensuse
Calendar Grey November 4, 2011
Dist Opensuse Esm H88
Important update for openSUSE users on Apache security vulnerabilities; please apply patches to enhance server protection and monitor site activities
An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now...

Description

This update fixes several security issues in the Apache

webserver.

The patch for the ByteRange remote denial of service attack

(CVE-2011-3192) was refined and the configuration options

used by upstream were added. Introduce new config option:

Allow MaxRanges Number of ranges requested, if exceeded,

the complete content is served. default: 200 0|unlimited:

unlimited none: Range headers are ignored. This option is a

backport from 2.2.21.

Also fixed: CVE-2011-3348: Denial of service in proxy_ajp

when using a undefined method.

CVE-2011-3368: Exposure of internal servers via reverse

proxy methods with mod_proxy enabled and incorrect Rewrite

or Proxy Rules.

Topics%20covered

Topics Covered

security advisory apache patch important dos webserver openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch apache2-5347

- openSUSE 11.3:

zypper in -t patch apache2-5347

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 11.4 (i586 x86_64):

apache2-2.2.17-4.9.1

apache2-devel-2.2.17-4.9.1

apache2-example-certificates-2.2.17-4.9.1

apache2-example-pages-2.2.17-4.9.1

apache2-itk-2.2.17-4.9.1

apache2-prefork-2.2.17-4.9.1

apache2-utils-2.2.17-4.9.1

apache2-worker-2.2.17-4.9.1

- openSUSE 11.4 (noarch):

apache2-doc-2.2.17-4.9.1

- openSUSE 11.3 (i586 x86_64):

apache2-2.2.15-4.7.1

apache2-devel-2.2.15-4.7.1

apache2-example-certificates-2.2.15-4.7.1

apache2-example-pages-2.2.15-4.7.1

apache2-itk-2.2.15-4.7.1

apache2-prefork-2.2.15-4.7.1

apache2-utils-2.2.15-4.7.1

apache2-worker-2.2.15-4.7.1

- openSUSE 11.3 (noarch):

apache2-doc-2.2.15-4.7.1

References

https://www.suse.com/security/cve/CVE-2011-3192.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2011:1217-1
Rating: important
Affected Products: openSUSE 11.4 openSUSE 11.3

Topics%20covered

Topics Covered

security advisory apache patch important dos webserver openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here