Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

SUSE Linux 10 SP3: SUSE-SU-2011:1229-1 Important: Apache2 DoS

suse
Calendar Grey November 9, 2011
Dist Suse Esm H88
SUSE Security Update: Security update for apache2 __________________________________________________
An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes ...

Summary


Warning: Undefined array key "advisoryid" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/4180285_1edcd913e2b52798c5b9126b8927230e on line 19

   SUSE Security Update: Security update for apache2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1229-1
Rating:             important
References:         #713966 #718106 #719236 #722545 
Cross-References:   CVE-2011-3192
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3
______________________________________________________________________________

   An update that solves one vulnerability and has three fixes
   is now available.

Description:


   This update fixes several security issues in the Apache2
   webserver.

   *

   The severe ByteRange remote denial of service attack
   (CVE-2011-3192) was fixed, configuration options used by
   upstream were added.

   Introduce new config option: Allow MaxRanges Number
   of ranges requested, if exceeded, the complete content is
   served. default: 200 0|unlimited: unlimited none: Range
   headers are ignored. This option is a backport from 2.2.21.

   *

   CVE-2011-0419,CVE-2011-1928: Two fnmatch denial of
   service attacks were fixed that could exhaust the servers   memory.

   *

   CVE-2010-1623: Another memoryleak was fixed that
   could exhaust httpd server memory via unspecified methods.

   *

   CVE-2011-3368: This update also includes fixes a fix
   for a mod_proxy reverse exposure via RewriteRule or
   ProxyPassMatch directives.

   Security Issue references:

   * CVE-2011-3192
   

Indications:

   Please install this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP3 (i586 s390x x86_64):

      apache2-2.2.3-16.32.37.1
      apache2-devel-2.2.3-16.32.37.1
      apache2-doc-2.2.3-16.32.37.1
      apache2-example-pages-2.2.3-16.32.37.1
      apache2-prefork-2.2.3-16.32.37.1
      apache2-worker-2.2.3-16.32.37.1


References:

   https://www.suse.com/security/cve/CVE-2011-3192.html

Topics%20covered

Topics Covered

security advisory DoS attack remote denial of service important fix SUSE Linux apache2

References

Severity
important
Lowest
Low
Medium
High
Critical


Warning: Undefined array key "block1" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/4180285_c1d2d4f425d79c8c327f2b8603847ec6 on line 11

Topics%20covered

Topics Covered

security advisory DoS attack remote denial of service important fix SUSE Linux apache2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here