Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 415
Alerts This Week
Warning Icon 1 415

Scientific Linux SL7: SLSA-2015:1667-1 Moderate: httpd Security Update

Scientific Large Esm H446
Moderate: httpd security update
Date: Mon, 24 Aug 2015 21:39:21 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: httpd on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20150824213921.14879.88663@slpackages.fnal.gov>

Synopsis: Moderate: httpd security update
Advisory ID: SLSA-2015:1667-1
Issue Date: 2015-08-24
CVE Numbers: CVE-2015-3183
 CVE-2015-3185
--

Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could use
these flaws to create a specially crafted request, which httpd would
decode differently from an HTTP proxy software in front of it, possibly
leading to HTTP request smuggling attacks. (CVE-2015-3183)

It was discovered that in httpd 2.4, the internal API function
ap_some_auth_required() could incorrectly indicate that a request was
authenticated even when no authentication was used. An httpd module using
this API function could consequently allow access that should have been
denied. (CVE-2015-3185)

After installing the updated packages, the httpd service will be restarted
automatically.
--

SL7
 x86_64
 httpd-2.4.6-31.sl7.1.x86_64.rpm
 httpd-debuginfo-2.4.6-31.sl7.1.x86_64.rpm
 httpd-devel-2.4.6-31.sl7.1.x86_64.rpm
 httpd-tools-2.4.6-31.sl7.1.x86_64.rpm
 mod_ldap-2.4.6-31.sl7.1.x86_64.rpm
 mod_proxy_html-2.4.6-31.sl7.1.x86_64.rpm
 mod_session-2.4.6-31.sl7.1.x86_64.rpm
 mod_ssl-2.4.6-31.sl7.1.x86_64.rpm
 noarch
 httpd-manual-2.4.6-31.sl7.1.noarch.rpm

- Scientific Linux Development Team