SUSE: 2012:0284-1 Important: Apache2 Denial Of Service Fix
suse
February 18, 2012
An update that solves three vulnerabilities and has four An update that solves three vulnerabilities and has four An update that solves three vulnerabilities and has four fixes is ...
Summary
This update of apache2 and libapr1 fixes regressions and several security problems. * CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. * CVE-2012-0053: Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400". * CVE-2007-6750: The "mod_reqtimeout" module was backported from Apache 2.2.21 to help mitigate the "Slowloris" Denial of Service attack. You need to enable the "mod_reqtimeout" module in your existing apache configuration to make it effective, e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2. For more detailed information, check also the README file. Also the following bugs have been fixed:
Topics Covered
References
#728876 #738067 #738855 #739783 #741243 #741874
#743743
Cross- CVE-2007-6750 CVE-2012-0031 CVE-2012-0053
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
https://www.suse.com/security/cve/CVE-2007-6750.html
https://www.suse.com/security/cve/CVE-2012-0031.html
https://www.suse.com/security/cve/CVE-2012-0053.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2012:0284-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!