drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Apache
Name: |
Mehrere Probleme in Apache |
|
ID: |
USN-1368-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10 |
|
Datum: |
Do, 16. Februar 2012, 22:33 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 |
|
Applikationen: |
Apache |
|
Originalnachricht |
--===============6142148274679233749== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-jYdC+c+4YU0v9Ypn+nHz"
--=-jYdC+c+4YU0v9Ypn+nHz Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1368-1 February 16, 2012
apache2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
Several security issues were fixed in the Apache HTTP Server.
Software Description: - apache2: Apache HTTP server
Details:
It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. (CVE-2011-3607)
Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. (CVE-2011-4317)
Rainer Canavan discovered that the mod_log_config module incorrectly handled a certain format string when used with a threaded MPM. A remote attacker could exploit this to cause a denial of service via a specially- crafted cookie. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2012-0021)
It was discovered that the Apache HTTP Server incorrectly handled certain type fields within a scoreboard shared memory segment. A local attacker could exploit this to to cause a denial of service. (CVE-2012-0031)
Norman Hippert discovered that the Apache HTTP Server incorrecly handled header information when returning a Bad Request (400) error page. A remote attacker could exploit this to obtain the values of certain HTTPOnly cookies. (CVE-2012-0053)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: apache2.2-common 2.2.20-1ubuntu1.2
Ubuntu 11.04: apache2.2-common 2.2.17-1ubuntu1.5
Ubuntu 10.10: apache2.2-common 2.2.16-1ubuntu3.5
Ubuntu 10.04 LTS: apache2.2-common 2.2.14-5ubuntu8.8
Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.23
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1368-1 CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
Package Information: https://launchpad.net/ubuntu/+source/apache2/2.2.20-1ubuntu1.2 https://launchpad.net/ubuntu/+source/apache2/2.2.17-1ubuntu1.5 https://launchpad.net/ubuntu/+source/apache2/2.2.16-1ubuntu3.5 https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.8 https://launchpad.net/ubuntu/+source/apache2/2.2.8-1ubuntu0.23
--ÓYdC+c+4YU0v9Ypn+nHz Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPPV6fAAoJEGVp2FWnRL6Tge4QALCZeJD1OHEV/eCmGyELz0fQ zvMEZ+8T+HUURtkVet18HoLeKeTJxyFMOjFLGNxcVOJiaKY41ePO3uEZyPZZ6bRj xyK6hGk+s2PjFdStGh9TUMJrgdGK96smPPtKCkBQ2Uk+o0yuchP3gxbziTo4h8+h 2i0Ymxgl8hRvgUcErupQ8eGtHnPORJf0Pl0bUVM6t6VAAuExjuJ3QBU9CV0EifSz L0nLhky9A1TyQSRKtz6irvKbjnxuZYbev166+JNIfFj8Jt2XQEuPf7cWl8Ak2jmj RQApAY9DWWJbicrXcFpJAid9dGayrjWJ6zPkN0wcNW/+rbeQOSgucl239eU6ylLA rrhcp64Oys4ZHJGDEJ9pJl/nAJ96pcnJwAjCXVjcJhPvrM4bY6VIB+CQF2h2t713 ZAG3Ob3bgmdclNH7DKq4Y7eO6Q8hQMjArKmyzk6Zspvrd53UPyUZ1oEA+YF+r7fe eZ5BwI6hDGxrv0UQbFTIUlB+MQq8tEeYJ9EJOGxNrhOzDw1xbaYIOzIbRydmD0SF Ju6WXRHJfyvEhAU/iw7BDMg0aCRd8PwxnIDUoaJ8URf3zj0KiRyM6rTdKWBIZ79d 6kErCYWwU0mIQAhbhjZYbJgOdRfQ43DHYLq+MMbMOFC70aSe+Jz7JJyLc9Gvg90q mtIxUOSLDc1n2wIWcVOD =m6mE -----END PGP SIGNATURE-----
--=-jYdC+c+4YU0v9Ypn+nHz--
--===============6142148274679233749== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6142148274679233749==--
|
|
|
|