Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in Apache
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in Apache
ID: DSA-3913-1
Distribution: Debian
Plattformen: Debian sid, Debian jessie, Debian stretch
Datum: Di, 18. Juli 2017, 22:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788
Applikationen: Apache

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3913-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : apache2
CVE ID : CVE-2017-9788
Debian Bug : 868467

Robert Swiecki reported that mod_auth_digest does not properly
initialize or reset the value placeholder in [Proxy-]Authorization
headers of type 'Digest' between successive key=value assignments,
leading to information disclosure or denial of service.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.4.10-10+deb8u10.

For the stable distribution (stretch), this problem has been fixed in
version 2.4.25-3+deb9u2.

For the unstable distribution (sid), this problem has been fixed in
version 2.4.27-1.

We recommend that you upgrade your apache2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllubdFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SZwg//enifOmkmoMzdFfJR2mGsJJGwUNR2MaLs28qvnDo7PsTVni1OcU/kohnM
cYyP0RWZcaZq3rWMLnKArU6gir0xAdRhIiyKR6F+uui1QBpKuMZyEON9c90U4u6T
6KsL4tXQ0EFwA8F/V7vladPqqnwlmXQ3GgadznWdJPQKcfbG1yWKtJEaxg69xqDO
BXSwQmF5t7rvG1eGVSP8xGiBqeKu7TbTDI7k0SucDHpvCPRU6KRu3s7GcELShQEx
n30rf3UdKJdYMtv+TGfxIKXqX+5/yBz5WPRkaGPJP7UOXFBTG1VnEku315l84tUA
JjMJ44vHzqYQ7mva0abKYdHOyDoERbfvd6etlGPkunrnPPcTnM5AQGOKoZAC6LQ1
vGFmaH9V/LhGO9LI2eTAapGHNhQIQRkCMDZXUQ/O/llOIFuQOz0m1++Q6zOMr+j7
KtoJtcy8kuG70hDWL35VwbDrtt8wdXkh6IJp9RNgzVu0p9KqpKD2zhBwsCDZVF1h
3QYPwpbeQYpo1XCCxbLv4REFhZZviBYfZwNcNwRSbKAf0tyqttRw51W6iaWNVUdA
LuWMxJmSGeW2WPlHa6ojgkRQaEccGzAL8se6q/1NWnuczEVKFMQ4nNvclho0ZfAQ
2Ixvp2a9FkOqkmdJQnIkpxcDC4Pz36WwslLQVM1ESaRxhMsD9IA=
=bTmY
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung