openSUSE Security Update: apache2: fixed various security bugs
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0314-1
Rating:             important
References:         #728876 #738855 #741243 #743743 
Cross-References:   CVE-2007-6750 CVE-2012-0031 CVE-2012-0053
                   
Affected Products:
                    openSUSE 11.4
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:

   This update of apache2 fixes regressions and several
   security problems:

   bnc#728876, fix graceful reload

   bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption
   (shared mem segment) by child causes crash of privileged
   parent (invalid free()) during shutdown.

   bnc#743743, CVE-2012-0053: Fixed an issue in error
   responses that could expose "httpOnly" cookies when no
   custom ErrorDocument is specified for status code 400".

   bnc#738855, CVE-2007-6750: The "mod_reqtimeout" module was
   backported from Apache 2.2.21 to help mitigate the
   "Slowloris" Denial of Service attack.

   You need to enable the "mod_reqtimeout" module in your
   existing apache configuration to make it effective, e.g. in
   the APACHE_MODULES line in /etc/sysconfig/apache2.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch apache2-201202-5821

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4 (i586 x86_64):

      apache2-2.2.17-4.13.1
      apache2-devel-2.2.17-4.13.1
      apache2-example-certificates-2.2.17-4.13.1
      apache2-example-pages-2.2.17-4.13.1
      apache2-itk-2.2.17-4.13.1
      apache2-prefork-2.2.17-4.13.1
      apache2-utils-2.2.17-4.13.1
      apache2-worker-2.2.17-4.13.1

   - openSUSE 11.4 (noarch):

      apache2-doc-2.2.17-4.13.1


References:

   https://www.suse.com/security/cve/CVE-2007-6750.html
   https://www.suse.com/security/cve/CVE-2012-0031.html
   https://www.suse.com/security/cve/CVE-2012-0053.html
   https://bugzilla.novell.com/728876
   https://bugzilla.novell.com/738855
   https://bugzilla.novell.com/741243
   https://bugzilla.novell.com/743743

openSUSE: 2012:0314-1: important: apache2

February 28, 2012
An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one errata is no...

Description

This update of apache2 fixes regressions and several security problems: bnc#728876, fix graceful reload bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. bnc#743743, CVE-2012-0053: Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400". bnc#738855, CVE-2007-6750: The "mod_reqtimeout" module was backported from Apache 2.2.21 to help mitigate the "Slowloris" Denial of Service attack. You need to enable the "mod_reqtimeout" module in your existing apache configuration to make it effective, e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2.

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch apache2-201202-5821 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 11.4 (i586 x86_64): apache2-2.2.17-4.13.1 apache2-devel-2.2.17-4.13.1 apache2-example-certificates-2.2.17-4.13.1 apache2-example-pages-2.2.17-4.13.1 apache2-itk-2.2.17-4.13.1 apache2-prefork-2.2.17-4.13.1 apache2-utils-2.2.17-4.13.1 apache2-worker-2.2.17-4.13.1 - openSUSE 11.4 (noarch): apache2-doc-2.2.17-4.13.1


References

https://www.suse.com/security/cve/CVE-2007-6750.html https://www.suse.com/security/cve/CVE-2012-0031.html https://www.suse.com/security/cve/CVE-2012-0053.html https://bugzilla.novell.com/728876 https://bugzilla.novell.com/738855 https://bugzilla.novell.com/741243 https://bugzilla.novell.com/743743


Severity
Announcement ID: openSUSE-SU-2012:0314-1
Rating: important
Affected Products: openSUSE 11.4

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved