drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in httpd
Name: |
Zwei Probleme in httpd |
|
ID: |
TLSA-2009-21 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux Client 2008, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Appliance Server 3.0, Turbolinux Appliance Server 3.0 x64 Edition |
|
Datum: |
Mi, 15. Juli 2009, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 |
|
Applikationen: |
Apache |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2009-21 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 14 Jul 2009 Last revised: 14 Jul 2009
Package: httpd
Summary: Two vulnerabilities exist in Apache
More information: Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet.
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. (CVE-2009-1890)
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). (CVE-2009-1891)
Affected Products: - Turbolinux Client 2008 - Turbolinux Appliance Server 3.0 x64 Edition - Turbolinux Appliance Server 3.0 - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server
<Turbolinux Client 2008>
Source Packages Size: MD5
httpd-2.2.6-13.src.rpm 4780085 4c1b58f85493c04a58fa59acbdea36b5
Binary Packages Size: MD5
httpd-2.2.6-13.i586.rpm 1233333 5047806fa3ef4e435de8f9d3335d10e1 httpd-devel-2.2.6-13.i586.rpm 148954 8183c2644bf132e768aed5be8b4598c3
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages Size: MD5
httpd-2.2.6-13.src.rpm 4789364 66de8dd0c4188d445fe939f39dbf9ad5
Binary Packages Size: MD5
httpd-2.2.6-13.x86_64.rpm 1250671 d3cdd4a77a577f618af67e48aca71325 httpd-manual-2.2.6-13.x86_64.rpm 859120 e9c7a5c39beaa9e8fd4d0a67085b4710 httpd-rootsrv-2.2.6-13.x86_64.rpm 229036 6a9394729487a1300f0220ec87fc9ba9 mod_ssl-2.2.6-13.x86_64.rpm 90024 53ae30f66575c251f8933af45aa2b051
<Turbolinux Appliance Server 3.0>
Source Packages Size: MD5
httpd-2.2.6-13.src.rpm 4789364 66de8dd0c4188d445fe939f39dbf9ad5
Binary Packages Size: MD5
httpd-2.2.6-13.i686.rpm 1176319 6a61f78a5a13e2e76f0e3b891c207e9b httpd-manual-2.2.6-13.i686.rpm 859874 239d6246e7e10965ced00d0fc60790c6 httpd-rootsrv-2.2.6-13.i686.rpm 216631 67bfa5cfe5562ce838456ef88580c415 mod_ssl-2.2.6-13.i686.rpm 85628 ab3c1de4132ac089c5f1a3fa22fabd32
<Turbolinux 11 Server x64 Edition>
Source Packages Size: MD5
httpd-2.2.6-13.src.rpm 4789364 66de8dd0c4188d445fe939f39dbf9ad5
Binary Packages Size: MD5
httpd-2.2.6-13.x86_64.rpm 1250671 d3cdd4a77a577f618af67e48aca71325 httpd-devel-2.2.6-13.x86_64.rpm 153912 3538ff11c0bb049c388d7824b033c899 httpd-manual-2.2.6-13.x86_64.rpm 859120 e9c7a5c39beaa9e8fd4d0a67085b4710 mod_ssl-2.2.6-13.x86_64.rpm 90024 53ae30f66575c251f8933af45aa2b051
<Turbolinux 11 Server>
Source Packages Size: MD5
httpd-2.2.6-13.src.rpm 4789364 66de8dd0c4188d445fe939f39dbf9ad5
Binary Packages Size: MD5
httpd-2.2.6-13.i686.rpm 1176319 6a61f78a5a13e2e76f0e3b891c207e9b httpd-devel-2.2.6-13.i686.rpm 153384 86b3458ff793c1cb0c479e3f90e86b62 httpd-manual-2.2.6-13.i686.rpm 859874 239d6246e7e10965ced00d0fc60790c6 mod_ssl-2.2.6-13.i686.rpm 85628 ab3c1de4132ac089c5f1a3fa22fabd32
References:
CVE [CVE-2009-1890] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 [CVE-2009-1891] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891
-------------------------------------------------------------------------- Revision History 14 Jul 2009 Initial release --------------------------------------------------------------------------
Copyright(C) 2009 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux)
iEYEARECAAYFAkpcGf8ACgkQK0LzjOqIJMz8lwCgq4L6xTE3MYqeTJFA2DTPqoS3 tJUAn34o8xDzrlltwhaTVBDC1rxLuJl/ =30wA -----END PGP SIGNATURE-----
|
|
|
|