drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in apache und httpd
Name: |
Zwei Probleme in apache und httpd |
|
ID: |
TLSA-2005-81 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 7 Workstation, Turbolinux 8 Server, Turbolinux 8 Workstation, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
|
Datum: |
Sa, 3. September 2005, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088 |
|
Applikationen: |
Apache, Apache |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2005-81 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 09 Aug 2005 Last revised: 09 Aug 2005
Package: apache, httpd
Summary: Two vulnerabilities discovered in apache
More information: Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet.
- A vulnerability in the manner in which mod_ssl handles CRL could allow remote attackers to cause a denial of service. - The apache, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request.
Impact: These vulerabilities allow remote attackers to cause a denial of service.
Affected Products: - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation
Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server] # turbopkg or # zabom -u httpd httpd-debug httpd-devel httpd-manual mod_bwshare mod_ssl
[Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal] # turbopkg or # zabom -u httpd
[other] # turbopkg or # zabom update apache apache-devel apache-manual mod_ssl ---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages Size: MD5
apache-1.3.27-31.src.rpm 3109373 f3c422c3fd5937e982b055a56b8dfb7f
Binary Packages Size: MD5
apache-1.3.27-31.i586.rpm 502063 9c3237f154eecbbcf843bfab043510d1 apache-devel-1.3.27-31.i586.rpm 94811 7f2ab013abbf2b4f8b897edfe847e877 mod_ssl-2.8.14-31.i586.rpm 182059 8136bef9d07bdef3794733003bd5bbb4
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages Size: MD5
apache-1.3.27-31.src.rpm 3109373 6f1b86ceef3c22a2aaf78ff5a0f268b2
Binary Packages Size: MD5
apache-1.3.27-31.i586.rpm 502238 cdc276e4b1b03f0737154a11bc59aca0 apache-devel-1.3.27-31.i586.rpm 94998 d6c336e8d1c20ffda272cdc9bf618288 mod_ssl-2.8.14-31.i586.rpm 182145 c2cdd31b9d6a2a9124e5716250b1bf1b
<Turbolinux 10 Server>
Source Packages Size: MD5
httpd-2.0.51-13.src.rpm 6845674 e0e80d62e9f6b1bb0d7f24c0d264b324
Binary Packages Size: MD5
httpd-2.0.51-13.i586.rpm 1032364 73cd9f215eb7801e46ff8a613cb39c84 httpd-debug-2.0.51-13.i586.rpm 3240709 09c4172f27daa0cd2c8c7e41c84ca3c5 httpd-devel-2.0.51-13.i586.rpm 223780 574b59c43c30b3e0dfd909add88d8e60 httpd-manual-2.0.51-13.i586.rpm 1132138 7b681e4dedd57a8799c561f791000c78 mod_bwshare-2.0.51-13.i586.rpm 39858 21761ba8dd243c6b3a7eb2645d08b628 mod_ssl-2.0.51-13.i586.rpm 87816 78f8dea6f221c5b11b8e6f3028ebc68a
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>
Source Packages Size: MD5
httpd-2.0.48-16.src.rpm 6317174 155e20c604e5fc909a5949ab1ec1d699
Binary Packages Size: MD5
httpd-2.0.48-16.i586.rpm 892515 b753dd90453872d154ed3c6389c1aa0f
<Turbolinux 8 Server>
Source Packages Size: MD5
apache-1.3.27-31.src.rpm 3109373 0dd83ad7d7074c99f16d2daffe916608
Binary Packages Size: MD5
apache-1.3.27-31.i586.rpm 503183 0433a84107748e43b2ff841a8728a8a1 apache-devel-1.3.27-31.i586.rpm 94954 5441d2a424dd163eff80a5debdb42be4 apache-manual-1.3.27-31.i586.rpm 850909 383037e0cfe8d07f7463b6930d7a1fce mod_ssl-2.8.14-31.i586.rpm 182224 1976847793c1c706dc3749153b2f73bf
<Turbolinux 8 Workstation>
Source Packages Size: MD5
apache-1.3.27-31.src.rpm 3109373 0e9125ba1ee25bb38cf47eaea08b5f19
Binary Packages Size: MD5
apache-1.3.27-31.i586.rpm 503125 e644eff23a0c14062066825f441a5bc1 apache-devel-1.3.27-31.i586.rpm 95144 e4e230ee2642ac7bada171568a00ed31 apache-manual-1.3.27-31.i586.rpm 851104 6596aef1907079a1f7b867dc5d61c4ef mod_ssl-2.8.14-31.i586.rpm 182128 5961459b0ae85a25f9204fdd5e62f20c
<Turbolinux 7 Server>
Source Packages Size: MD5
apache-1.3.27-31.src.rpm 3109373 ac3fd7f0b4e448afc6a3b31c9286c166
Binary Packages Size: MD5
apache-1.3.27-31.i586.rpm 489948 3c357f8396a98919c5f1cb58df49a40e apache-devel-1.3.27-31.i586.rpm 95166 d3e927c21f0092000bad1d3598cdb3e2 apache-manual-1.3.27-31.i586.rpm 851896 fe50d563c61f31759f61ae99ece5e4c1 mod_ssl-2.8.14-31.i586.rpm 179785 a3935782ffad1be2f624bca280651299
<Turbolinux 7 Workstation>
Source Packages Size: MD5
apache-1.3.27-31.src.rpm 3109373 abb5e45b253f4c089d1bfb17f60c7986
Binary Packages Size: MD5
apache-1.3.27-31.i586.rpm 489706 afc3cc31649c14b74c4591e742733003 apache-devel-1.3.27-31.i586.rpm 95164 88d57c6d8d07cab36b1d8710ea19cd70 apache-manual-1.3.27-31.i586.rpm 851886 5f3add0220a52daad36658de93eafeee mod_ssl-2.8.14-31.i586.rpm 180083 5ff5110a64069eb39c4a28235ac4e626
References:
CVE [CAN-2005-1268] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268 [CAN-2005-2088] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088
-------------------------------------------------------------------------- Revision History 09 Aug 2005 Initial release --------------------------------------------------------------------------
Copyright(C) 2005 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC+GizK0LzjOqIJMwRAtpgAJ9pjPIIP9KjKCN1umFnA0mh4t142wCfeQnP nYCVuG8YQUIUm01GXChT1DU= =UZ0q -----END PGP SIGNATURE-----
|
|
|
|