SUSE: 2012:0323-1 Critical: Apache DoS Issues Mitigation
suse
March 6, 2012
An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one errata is no...
Summary
This update of apache fixes regressions and several security problems: * bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. * bnc#743743,CVE-2012-0053: Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400". * bnc#736706, the SSL configuration template suggested weak ciphers * bnc#738855,CVE-2007-6750: The "mod_reqtimeout" module was backported from Apache 2.2.21 to help mitigate the "Slowloris" Denial of Service attack. You need to enable the "mod_reqtimeout" module in your existing apache configuration to make it effective, e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2. Security Issue references:
Topics Covered
References
#736706 #738855 #741243 #743743
Cross- CVE-2007-6750 CVE-2012-0031 CVE-2012-0053
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SLE SDK 10 SP4
https://www.suse.com/security/cve/CVE-2007-6750.html
https://www.suse.com/security/cve/CVE-2012-0031.html
https://www.suse.com/security/cve/CVE-2012-0053.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2012:0323-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!