SUSE 11 SP3: 2014:0967-1 Important: Apache Buffer Overflow Fix

suse

August 7, 2014

An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one errata is now a...

Summary

This update for the Apache Web Server provides the following fixes: * Fixed a heap-based buffer overflow on apache module mod_status. (bnc#887765, CVE-2014-0226) * Properly remove whitespace characters from CDATA sections to avoid remote denial of service by crashing the Apache Server process. (bnc#869105, CVE-2013-6438) * Correction to parsing of cookie content; this can lead to a crash with a specially designed cookie sent to the server. (bnc#869106, CVE-2014-0098) * ECC support should not be missing. (bnc#859916) This update also introduces a new configuration parameter CGIDScriptTimeout, which defaults to the value of parameter Timeout. CGIDScriptTimeout is set to 60s if mod_cgid is loaded/active, via /etc/apache2/conf.d/cgid-timeout.conf. The new directive and its effect

Topics Covered

security advisory denial of service buffer overflow patch important suse apache web server

References

#859916 #869105 #869106 #887765 #887768

Cross- CVE-2013-6438 CVE-2014-0098 CVE-2014-0226

CVE-2014-0231

Affected Products:

SUSE Linux Enterprise Software Development Kit 11 SP3

SUSE Linux Enterprise Server 11 SP3 for VMware

SUSE Linux Enterprise Server 11 SP3

https://www.suse.com/security/cve/CVE-2013-6438.html

https://www.suse.com/security/cve/CVE-2014-0098.html

https://www.suse.com/security/cve/CVE-2014-0226.html

https://www.suse.com/security/cve/CVE-2014-0231.html

https://scc.suse.com:443/patches/

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2014:0967-1

Rating: important

Topics Covered

security advisory denial of service buffer overflow patch important suse apache web server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE 11 SP3: 2014:0967-1 Important: Apache Buffer Overflow Fix

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE 11 SP3: 2014:0967-1 Important: Apache Buffer Overflow Fix

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!