Date:         Thu, 12 Nov 2009 14:58:35 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: httpd on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: httpd security update
Issue date:	2009-11-11
CVE Names:	CVE-2009-1891 CVE-2009-3094 CVE-2009-3095
                   CVE-2009-3555

CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflate
CVE-2009-3094 httpd: NULL pointer defer in mod_proxy_ftp caused by 
crafted EPSV and PASV reply
CVE-2009-3095 httpd: mod_proxy_ftp FTP command injection via 
Authorization HTTP header
CVE-2009-3555 TLS: MITM attacks via session renegotiation

A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A 
man-in-the-middle attacker could use this flaw to prefix arbitrary plain 
text to a client's session (for example, an HTTPS connection to a 
website). This could force the server to process an attacker's request 
as if authenticated using the victim's credentials. This update 
partially mitigates this flaw for SSL sessions to HTTP servers using 
mod_ssl by rejecting client-requested renegotiation. (CVE-2009-3555)

Note: This update does not fully resolve the issue for HTTPS servers. An
attack is still possible in configurations that require a 
server-initiated renegotiation. Refer to the following Knowledgebase 
article for further information: 
A denial of service flaw was found in the Apache mod_deflate module. 
This module continued to compress large files until compression was 
complete, even if the network connection that requested the content was 
closed before compression completed. This would cause mod_deflate to 
consume large amounts of CPU if mod_deflate was enabled for a large 
file. (CVE-2009-1891) - SL4 only

A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to 
the EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)

A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands 
to the FTP server. (CVE-2009-3095)

After installing the updated packages, the httpd daemon must be 
restarted for the update to take effect.

SL 3.0.x

       SRPMS:
httpd-2.0.46-77.sl3.src.rpm
       i386:
httpd-2.0.46-77.sl3.i386.rpm
httpd-devel-2.0.46-77.sl3.i386.rpm
mod_ssl-2.0.46-77.sl3.i386.rpm
       x86_64:
httpd-2.0.46-77.sl3.x86_64.rpm
httpd-devel-2.0.46-77.sl3.x86_64.rpm
mod_ssl-2.0.46-77.sl3.x86_64.rpm

SL 4.x

       SRPMS:
httpd-2.0.52-41.sl4.6.src.rpm
       i386:
httpd-2.0.52-41.sl4.6.i386.rpm
httpd-devel-2.0.52-41.sl4.6.i386.rpm
httpd-manual-2.0.52-41.sl4.6.i386.rpm
httpd-suexec-2.0.52-41.sl4.6.i386.rpm
mod_ssl-2.0.52-41.sl4.6.i386.rpm
       x86_64:
httpd-2.0.52-41.sl4.6.x86_64.rpm
httpd-devel-2.0.52-41.sl4.6.x86_64.rpm
httpd-manual-2.0.52-41.sl4.6.x86_64.rpm
httpd-suexec-2.0.52-41.sl4.6.x86_64.rpm
mod_ssl-2.0.52-41.sl4.6.x86_64.rpm

SL 5.x

       SRPMS:
httpd-2.2.3-31.sl5.2.src.rpm
       i386:
httpd-2.2.3-31.sl5.2.i386.rpm
httpd-devel-2.2.3-31.sl5.2.i386.rpm
httpd-manual-2.2.3-31.sl5.2.i386.rpm
mod_ssl-2.2.3-31.sl5.2.i386.rpm
       x86_64:
httpd-2.2.3-31.sl5.2.x86_64.rpm
httpd-devel-2.2.3-31.sl5.2.i386.rpm
httpd-devel-2.2.3-31.sl5.2.x86_64.rpm
httpd-manual-2.2.3-31.sl5.2.x86_64.rpm
mod_ssl-2.2.3-31.sl5.2.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-1891 Moderate: httpd SL3.x, SL4.x, SL5.x i386/x86_64

Moderate: httpd security update

Summary

Date:         Thu, 12 Nov 2009 14:58:35 -0600Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Moderate: httpd on SL3.x, SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Moderate: httpd security updateIssue date:	2009-11-11CVE Names:	CVE-2009-1891 CVE-2009-3094 CVE-2009-3095                   CVE-2009-3555CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflateCVE-2009-3094 httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV replyCVE-2009-3095 httpd: mod_proxy_ftp FTP command injection via Authorization HTTP headerCVE-2009-3555 TLS: MITM attacks via session renegotiationA flaw was found in the way the TLS/SSL (Transport Layer Security/SecureSockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by rejecting client-requested renegotiation. (CVE-2009-3555)Note: This update does not fully resolve the issue for HTTPS servers. Anattack is still possible in configurations that require a server-initiated renegotiation. Refer to the following Knowledgebase article for further information: A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891) - SL4 onlyA NULL pointer dereference flaw was found in the Apache mod_proxy_ftpmodule. A malicious FTP server to which requests are being proxied coulduse this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service.(CVE-2009-3094)A second flaw was found in the Apache mod_proxy_ftp module. In a reverseproxy configuration, a remote attacker could use this flaw to bypassintended access restrictions by creating a carefully-crafted HTTPAuthorization header, allowing the attacker to send arbitrary commands to the FTP server. (CVE-2009-3095)After installing the updated packages, the httpd daemon must be restarted for the update to take effect.SL 3.0.x       SRPMS:httpd-2.0.46-77.sl3.src.rpm       i386:httpd-2.0.46-77.sl3.i386.rpmhttpd-devel-2.0.46-77.sl3.i386.rpmmod_ssl-2.0.46-77.sl3.i386.rpm       x86_64:httpd-2.0.46-77.sl3.x86_64.rpmhttpd-devel-2.0.46-77.sl3.x86_64.rpmmod_ssl-2.0.46-77.sl3.x86_64.rpmSL 4.x       SRPMS:httpd-2.0.52-41.sl4.6.src.rpm       i386:httpd-2.0.52-41.sl4.6.i386.rpmhttpd-devel-2.0.52-41.sl4.6.i386.rpmhttpd-manual-2.0.52-41.sl4.6.i386.rpmhttpd-suexec-2.0.52-41.sl4.6.i386.rpmmod_ssl-2.0.52-41.sl4.6.i386.rpm       x86_64:httpd-2.0.52-41.sl4.6.x86_64.rpmhttpd-devel-2.0.52-41.sl4.6.x86_64.rpmhttpd-manual-2.0.52-41.sl4.6.x86_64.rpmhttpd-suexec-2.0.52-41.sl4.6.x86_64.rpmmod_ssl-2.0.52-41.sl4.6.x86_64.rpmSL 5.x       SRPMS:httpd-2.2.3-31.sl5.2.src.rpm       i386:httpd-2.2.3-31.sl5.2.i386.rpmhttpd-devel-2.2.3-31.sl5.2.i386.rpmhttpd-manual-2.2.3-31.sl5.2.i386.rpmmod_ssl-2.2.3-31.sl5.2.i386.rpm       x86_64:httpd-2.2.3-31.sl5.2.x86_64.rpmhttpd-devel-2.2.3-31.sl5.2.i386.rpmhttpd-devel-2.2.3-31.sl5.2.x86_64.rpmhttpd-manual-2.2.3-31.sl5.2.x86_64.rpmmod_ssl-2.2.3-31.sl5.2.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved