SUSE Security Update: Security update for Apache2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0323-1
Rating:             important
References:         #736706 #738855 #741243 #743743 
Cross-References:   CVE-2007-6750 CVE-2012-0031 CVE-2012-0053
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:


   This update of apache fixes regressions and several
   security problems:

   *

   bnc#741243, CVE-2012-0031: Fixed a scoreboard
   corruption (shared mem segment) by child causes crash of
   privileged parent (invalid free()) during shutdown.

   *

   bnc#743743,CVE-2012-0053: Fixed an issue in error
   responses that could expose "httpOnly" cookies when no
   custom ErrorDocument is specified for status code 400".

   *

   bnc#736706, the SSL configuration template suggested
   weak ciphers
   *

   bnc#738855,CVE-2007-6750: The "mod_reqtimeout" module
   was backported from Apache 2.2.21 to help mitigate the
   "Slowloris" Denial of Service attack.

   You need to enable the "mod_reqtimeout" module in
   your existing apache configuration to make it effective,
   e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2.

   Security Issue references:

   * CVE-2012-0031
   
   * CVE-2012-0053
   
   * CVE-2007-6750
   



Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      apache2-2.2.3-16.44.1
      apache2-devel-2.2.3-16.44.1
      apache2-doc-2.2.3-16.44.1
      apache2-example-pages-2.2.3-16.44.1
      apache2-prefork-2.2.3-16.44.1
      apache2-worker-2.2.3-16.44.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

      apache2-2.2.3-16.44.1
      apache2-devel-2.2.3-16.44.1
      apache2-doc-2.2.3-16.44.1
      apache2-example-pages-2.2.3-16.44.1
      apache2-prefork-2.2.3-16.44.1
      apache2-worker-2.2.3-16.44.1


References:

   https://www.suse.com/security/cve/CVE-2007-6750.html
   https://www.suse.com/security/cve/CVE-2012-0031.html
   https://www.suse.com/security/cve/CVE-2012-0053.html
   https://bugzilla.novell.com/736706
   https://bugzilla.novell.com/738855
   https://bugzilla.novell.com/741243
   https://bugzilla.novell.com/743743
   https://login.microfocus.com/nidp/app/login

SuSE: 2012:0323-1: important: Apache2

March 6, 2012
An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one errata is no...

Summary

This update of apache fixes regressions and several security problems: * bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. * bnc#743743,CVE-2012-0053: Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400". * bnc#736706, the SSL configuration template suggested weak ciphers * bnc#738855,CVE-2007-6750: The "mod_reqtimeout" module was backported from Apache 2.2.21 to help mitigate the "Slowloris" Denial of Service attack. You need to enable the "mod_reqtimeout" module in your existing apache configuration to make it effective, e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2. Security Issue references: * CVE-2012-0031 * CVE-2012-0053 * CVE-2007-6750 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-2.2.3-16.44.1 apache2-devel-2.2.3-16.44.1 apache2-doc-2.2.3-16.44.1 apache2-example-pages-2.2.3-16.44.1 apache2-prefork-2.2.3-16.44.1 apache2-worker-2.2.3-16.44.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-2.2.3-16.44.1 apache2-devel-2.2.3-16.44.1 apache2-doc-2.2.3-16.44.1 apache2-example-pages-2.2.3-16.44.1 apache2-prefork-2.2.3-16.44.1 apache2-worker-2.2.3-16.44.1

References

#736706 #738855 #741243 #743743

Cross- CVE-2007-6750 CVE-2012-0031 CVE-2012-0053

Affected Products:

SUSE Linux Enterprise Server 10 SP4

SLE SDK 10 SP4

https://www.suse.com/security/cve/CVE-2007-6750.html

https://www.suse.com/security/cve/CVE-2012-0031.html

https://www.suse.com/security/cve/CVE-2012-0053.html

https://bugzilla.novell.com/736706

https://bugzilla.novell.com/738855

https://bugzilla.novell.com/741243

https://bugzilla.novell.com/743743

https://login.microfocus.com/nidp/app/login

Severity
Announcement ID: SUSE-SU-2012:0323-1
Rating: important

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved