Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat Ceph Storage 1.2 RHSA-2015:1855-01 Low: Mod Proxy Fcgi Overflow

red hat
Calendar Grey October 2, 2015
Dist Redhat Esm H88
A patch for mod_proxy_fcgi within Red Hat Ceph Storage 1.2 addresses a minor buffer overflow vulnerability. Upgrade recommended.
An updated mod_proxy_fcgi package that fixes one security issue is now available for Red Hat Ceph Storage 1.2 for Red Hat Enterprise Linux 6

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services.
The mod_proxy_fcgi package provides a proxy module for the Apache 2.2 HTTP server.
A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash. (CVE-2014-3583)
All mod_proxy_fcgi users are advised to upgrade to this updated package, which corrects this issue.

Topics%20covered

Topics Covered

security advisory security update buffer overflow low severity mod_proxy_fcgi Red Hat Ceph

References

https://access.redhat.com/security/cve/CVE-2014-3583 https://access.redhat.com/security/updates/classification/#low

Package List

Red Hat Common for RHEL Server (v. 6):
Source: mod_proxy_fcgi-2.4.10-5.20150415gitd45a11f.el6cp.src.rpm
x86_64: mod_proxy_fcgi-2.4.10-5.20150415gitd45a11f.el6cp.x86_64.rpm mod_proxy_fcgi-debuginfo-2.4.10-5.20150415gitd45a11f.el6cp.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2015:1855-01
Product: Red Hat Common
Advisory URL: https://access.redhat.com/errata/RHSA-2015:1855.html
Issue date: 2015-10-01

Topic

An updated mod_proxy_fcgi package that fixes one security issue is nowavailable for Red Hat Ceph Storage 1.2 for Red Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having Low securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

Topics%20covered

Topics Covered

security advisory security update buffer overflow low severity mod_proxy_fcgi Red Hat Ceph

Relevant Releases Architectures

Red Hat Common for RHEL Server (v. 6) - x86_64

Bugs Fixed

1163555 - CVE-2014-3583 httpd: mod_proxy_fcgi handle_headers() buffer over read

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here