Date:         Thu, 25 Mar 2010 11:12:26 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: httpd on SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: httpd security and enhancement update
Issue date:	2010-03-25
CVE Names:	CVE-2010-0408 CVE-2010-0434

CVE-2010-0408 httpd: mod_proxy_ajp remote temporary DoS
CVE-2010-0434 httpd: request header information leak

It was discovered that mod_proxy_ajp incorrectly returned an "Internal
Server Error" response when processing certain malformed requests, which
caused the back-end server to be marked as failed in configurations 
where mod_proxy is used in load balancer mode. A remote attacker could 
cause mod_proxy to not send requests to back-end AJP (Apache JServ 
Protocol) servers for the retry timeout period (60 seconds by default) 
by sending specially-crafted requests. (CVE-2010-0408)

A use-after-free flaw was discovered in the way the Apache HTTP Server
handled request headers in subrequests. In configurations where 
subrequests are used, a multithreaded MPM (Multi-Processing Module) 
could possibly leak information from other requests in request replies. 
(CVE-2010-0434)

This update also adds the following enhancement:

* with the updated openssl packages from RHSA-2010:0162 installed, 
mod_ssl will refuse to renegotiate a TLS/SSL connection with an 
unpatched client that does not support RFC 5746. This update adds the
"SSLInsecureRenegotiation" configuration directive. If this directive is
enabled, mod_ssl will renegotiate insecurely with unpatched clients.
(BZ#567980)

Refer to the following Red Hat Knowledgebase article for more details 
about the changed mod_ssl behavior: 

After installing the updated packages, the httpd daemon must be 
restarted for the update to take effect.

SL 5.x

     SRPMS:
httpd-2.2.3-31.el5_4.4.src.rpm
     i386:
httpd-2.2.3-31.sl5.4.i386.rpm
httpd-devel-2.2.3-31.sl5.4.i386.rpm
httpd-manual-2.2.3-31.sl5.4.i386.rpm
mod_ssl-2.2.3-31.sl5.4.i386.rpm
     x86_64:
httpd-2.2.3-31.sl5.4.x86_64.rpm
httpd-devel-2.2.3-31.sl5.4.i386.rpm
httpd-devel-2.2.3-31.sl5.4.x86_64.rpm
httpd-manual-2.2.3-31.sl5.4.x86_64.rpm
mod_ssl-2.2.3-31.sl5.4.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2010-0408 Moderate: httpd SL5.x i386/x86_64

Moderate: httpd security and enhancement update

Summary

It was discovered that mod_proxy_ajp incorrectly returned an "InternalServer Error" response when processing certain malformed requests, whichcaused the back-end server to be marked as failed in configurationswhere mod_proxy is used in load balancer mode. A remote attacker couldcause mod_proxy to not send requests to back-end AJP (Apache JServProtocol) servers for the retry timeout period (60 seconds by default)by sending specially-crafted requests. (CVE-2010-0408)A use-after-free flaw was discovered in the way the Apache HTTP Serverhandled request headers in subrequests. In configurations wheresubrequests are used, a multithreaded MPM (Multi-Processing Module)could possibly leak information from other requests in request replies.(CVE-2010-0434)This update also adds the following enhancement:* with the updated openssl packages from RHSA-2010:0162 installed,mod_ssl will refuse to renegotiate a TLS/SSL connection with anunpatched client that does not support RFC 5746. This update adds the"SSLInsecureRenegotiation" configuration directive. If this directive isenabled, mod_ssl will renegotiate insecurely with unpatched clients.(BZ#567980)Refer to the following Red Hat Knowledgebase article for more detailsabout the changed mod_ssl behavior:After installing the updated packages, the httpd daemon must berestarted for the update to take effect.SL 5.xSRPMS:httpd-2.2.3-31.el5_4.4.src.rpmi386:httpd-2.2.3-31.sl5.4.i386.rpmhttpd-devel-2.2.3-31.sl5.4.i386.rpmhttpd-manual-2.2.3-31.sl5.4.i386.rpmmod_ssl-2.2.3-31.sl5.4.i386.rpmx86_64:httpd-2.2.3-31.sl5.4.x86_64.rpmhttpd-devel-2.2.3-31.sl5.4.i386.rpmhttpd-devel-2.2.3-31.sl5.4.x86_64.rpmhttpd-manual-2.2.3-31.sl5.4.x86_64.rpmmod_ssl-2.2.3-31.sl5.4.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity
Issued Date: : 2010-03-25
CVE Names: CVE-2010-0408 CVE-2010-0434
CVE-2010-0408 httpd: mod_proxy_ajp remote temporary DoS
CVE-2010-0434 httpd: request header information leak

Related News

2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved