drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Apache
Name: |
Mehrere Probleme in Apache |
|
ID: |
USN-2299-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS |
|
Datum: |
Do, 24. Juli 2014, 08:52 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231 |
|
Applikationen: |
Apache |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============7247308764830556105== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="CnNnv2x3XS3Ov5BON3Mi64EOM5voHjJM2"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --CnNnv2x3XS3Ov5BON3Mi64EOM5voHjJM2 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2299-1 July 23, 2014
apache2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description: - apache2: Apache HTTP server
Details:
Marek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0117)
Giancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module incorrectly handled body decompression. A remote attacker could use this issue to cause resource consumption, leading to a denial of service. (CVE-2014-0118)
Marek Kroemeke and others discovered that the mod_status module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service, or possibly execute arbitrary code. (CVE-2014-0226)
Rainer Jung discovered that the mod_cgid module incorrectly handled certain scripts. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. (CVE-2014-0231)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: apache2-bin 2.4.7-1ubuntu4.1
Ubuntu 12.04 LTS: apache2.2-bin 2.2.22-1ubuntu1.7
Ubuntu 10.04 LTS: apache2.2-bin 2.2.14-5ubuntu8.14
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2299-1 CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.1 https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.7 https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.14
--CnNnv2x3XS3Ov5BON3Mi64EOM5voHjJM2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJT0BsaAAoJEGVp2FWnRL6TlV0QAIDzst+P9Lt3UkO4c2qanXQY pKpDJCexu0M5yQh/tdWepbqrPFNrqCCSLIJbD+rh/MPL789D+7moM0/L7wlNAbg/ 3o0ogGgfKj3quteNgZPP+iXe+1ADTwZk5iNZvoGLacksBbfaKug0RMMiCacefE+Z YKr8/iirfXjEmSd3685RvxuJBT1M0XcZ91Lzj2PC5YQ6tx9+gg4muI6ketwZRv81 Bb8DQZ6qO+L15qk5V5SMekpoz0nihB50o+MAbZ10SXG0cA/w5NedPKvDFCyhJdbu s8h92CDCEKT+hbM28elpwQukive1esWwOwipVjX2+z2bhZydwrOjR5vBcZz+hFnJ hwqGs/N53cS4LaQ5b56/83qGBM8ReBTd0s6ytOHhMigZ6pbXuB0y/muUzQdcOvL6 Sj787I92odAaVFe5lxx9feFDiBh2AuxOZi57G1sCuS2V3+so7Fe74lkP3YKazwFh Kzdqi9/qDijRcM8WemC8ag5XURbkf5v89mEsV1mesZQzxlh7gFSWz6fUM9mjJkOr Q01HpgpRKYGEx+7sRYPidREa7g9OTtZtiUhp2ziM49Z+xi9fOsYbbogd8nxkJfiu 9NikvFBmsk/ExPmEztN0VCZYh9EHTtrgYckX+aMUMLRLyrPliATzIwLG5Awq5oA2 aAeHZeGRHTY96isGuMYZ =Hlms -----END PGP SIGNATURE-----
--CnNnv2x3XS3Ov5BON3Mi64EOM5voHjJM2--
--===============7247308764830556105== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7247308764830556105==--
|
|
|
|