drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Apache2
| Name: |
Denial of Service in Apache2 |
|
| ID: |
SUSE-SU-2011:1216-1 |
|
| Distribution: |
SUSE |
|
| Plattformen: |
SUSE Linux Enterprise Server 10 SP2 |
|
| Datum: |
Fr, 4. November 2011, 14:40 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 |
|
| Applikationen: |
Apache |
|
Originalnachricht |
SUSE Security Update: Security update for Apache 2
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:1216-1
Rating: important
References: #555098 #627030 #661597 #663359 #690734 #713966
Cross-References: CVE-2011-3192
Affected Products:
SUSE Linux Enterprise Server 10 SP2
______________________________________________________________________________
An update that solves one vulnerability and has 5 fixes is
now available.
Description:
This update fixes a remote denial of service bug (memory
exhaustion) in the Apache 2 HTTP server, that could be
triggered by remote attackers using multiple overlapping
Request Ranges . (CVE-2011-3192)
The fix introduces a new config option: Allow MaxRanges
Number of ranges requested, if exceeded, the complete
content is served. default: 200 0|unlimited: unlimited
none: Range headers are ignored. (This option is a backport
from 2.2.21.)
It fixes also the minor security issue in the mod_cache
modules in the Apache HTTP Server that allowed remote
attackers to cause a denial of service (process crash) via
a request that lacks a path. (CVE-2010-1452)
It also fixes some non-security bugs: - take
LimitRequestFieldsize config option into account when
parsing headers from backend. Thereby avoid that the
receiving buffers are too small. bnc#690734. - add / when
on a directory to feed correctly linked listings.
bnc#661597 - a2enmod shalt not disable a module in query
mode. bnc#663359 - New option SSLRenegBufferSize fixes
"413 Request Entity Too Large occur" problem. - fixes
graceful restart hangs, bnc#555098.
Security Issues:
* CVE-2011-3192
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
>
Indications:
Please install this update.
Package List:
- SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64):
apache2-2.2.3-16.25.40
apache2-devel-2.2.3-16.25.40
apache2-doc-2.2.3-16.25.40
apache2-example-pages-2.2.3-16.25.40
apache2-prefork-2.2.3-16.25.40
apache2-worker-2.2.3-16.25.40
References:
http://support.novell.com/security/cve/CVE-2011-3192.html
https://bugzilla.novell.com/555098
https://bugzilla.novell.com/627030
https://bugzilla.novell.com/661597
https://bugzilla.novell.com/663359
https://bugzilla.novell.com/690734
https://bugzilla.novell.com/713966
?keywords=5e275ea53de9c9e1156fe626e80e6066
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
|
|
|
|
