Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

openSUSE 11.4 SUSE-SU-2012:0314-1 Important: Apache2 DoS Mitigation

opensuse
Calendar Grey February 28, 2012
Dist Opensuse Esm H88
Essential openSUSE Security Patch for nginx addresses various vulnerabilities such as denial of service protections and session token leakage threats.
An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one errata is no...

Description

This update of apache2 fixes regressions and several

security problems:

bnc#728876, fix graceful reload

bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption

(shared mem segment) by child causes crash of privileged

parent (invalid free()) during shutdown.

bnc#743743, CVE-2012-0053: Fixed an issue in error

responses that could expose "httpOnly" cookies when no

custom ErrorDocument is specified for status code 400".

bnc#738855, CVE-2007-6750: The "mod_reqtimeout" module was

backported from Apache 2.2.21 to help mitigate the

"Slowloris" Denial of Service attack.

You need to enable the "mod_reqtimeout" module in your

existing apache configuration to make it effective, e.g. in

the APACHE_MODULES line in /etc/sysconfig/apache2.

Topics%20covered

Topics Covered

security advisory security issue software update apache2 openSUSE DoS mitigation

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch apache2-201202-5821

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 11.4 (i586 x86_64):

apache2-2.2.17-4.13.1

apache2-devel-2.2.17-4.13.1

apache2-example-certificates-2.2.17-4.13.1

apache2-example-pages-2.2.17-4.13.1

apache2-itk-2.2.17-4.13.1

apache2-prefork-2.2.17-4.13.1

apache2-utils-2.2.17-4.13.1

apache2-worker-2.2.17-4.13.1

- openSUSE 11.4 (noarch):

apache2-doc-2.2.17-4.13.1

References

https://www.suse.com/security/cve/CVE-2007-6750.html

https://www.suse.com/security/cve/CVE-2012-0031.html

https://www.suse.com/security/cve/CVE-2012-0053.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2012:0314-1
Rating: important
Affected Products: openSUSE 11.4

Topics%20covered

Topics Covered

security advisory security issue software update apache2 openSUSE DoS mitigation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here