Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in httpd
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in httpd
ID: TLSA-2008-24
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Multimedia, Turbolinux Personal
Datum: Fr, 27. Juni 2008, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
Applikationen: Apache

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-24
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 26 Jun 2008
Last revised: 26 Jun 2008

Package: httpd

Summary: Three vulnerabilities discovered in httpd

More information:
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the Internet.

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method
specifier header from an HTTP request when it is reflected back in a
"413 Request Entity Too Large" error message, which might allow
cross-site
scripting (XSS) style attacks using web client components that can send
arbitrary headers in requests, as demonstrated via an HTTP request
containing an invalid Content-length value, a similar issue to
CVE-2006-3918. (CVE-2007-6203)

Cross-site request forgery (CSRF) vulnerability in the balancer-manager
in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers
to gain privileges via unpsecified vectors. (CVE-2007-6420)

The ap_proxy_http_process_response function in mod_proxy_http.c in
the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does
not limit the number of forwarded interim responses, which allows
remote HTTP servers to cause a denial of service (memory consumption)
via a large number of interim responses. (CVE-2008-2364)

Affected Products:
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server
- Turbolinux Multimedia
- Turbolinux Personal


<Turbolinux Appliance Server 3.0 x64 Edition>

Source Packages
Size: MD5

httpd-2.2.6-9.src.rpm
4776004 584ac38135b3f578bef176b417711964

Binary Packages
Size: MD5

httpd-2.2.6-9.x86_64.rpm
1249436 21ba76f58de3398b4fbd9f8294449c95
httpd-manual-2.2.6-9.x86_64.rpm
857741 b6c197af9e08e9c2357558ebbe22cd77
httpd-rootsrv-2.2.6-9.x86_64.rpm
229916 1aaee979dd2031b86a3e7eced2fbce8b
mod_ssl-2.2.6-9.x86_64.rpm
89766 c7005c4a783c8b6ff310bc14ffcd3109

<Turbolinux Appliance Server 3.0>

Source Packages
Size: MD5

httpd-2.2.6-9.src.rpm
4776004 584ac38135b3f578bef176b417711964

Binary Packages
Size: MD5

httpd-2.2.6-9.i686.rpm
1177364 6ca62bf7bb1fbd9a293bb700def872e1
httpd-manual-2.2.6-9.i686.rpm
857993 88cba7e1583462b2ae52fb59da065a57
httpd-rootsrv-2.2.6-9.i686.rpm
216557 a06747f7b5bce1db598db955e85a9a1a
mod_ssl-2.2.6-9.i686.rpm
85465 4cecf1b2c9651b081a853caaec9cf3b3

<Turbolinux 11 Server x64 Edition>

Source Packages
Size: MD5

httpd-2.2.6-9.src.rpm
4776004 289a571639ef5e014d823bdae017a623

Binary Packages
Size: MD5

httpd-2.2.6-9.x86_64.rpm
1249436 21ba76f58de3398b4fbd9f8294449c95
httpd-devel-2.2.6-9.x86_64.rpm
153421 7ae494165bfafbafb99be0f1b2fa682e
httpd-manual-2.2.6-9.x86_64.rpm
857741 b6c197af9e08e9c2357558ebbe22cd77
mod_ssl-2.2.6-9.x86_64.rpm
89766 c7005c4a783c8b6ff310bc14ffcd3109

<Turbolinux 11 Server>

Source Packages
Size: MD5

httpd-2.2.6-9.src.rpm
4776004 584ac38135b3f578bef176b417711964

Binary Packages
Size: MD5

httpd-2.2.6-9.i686.rpm
1177364 6ca62bf7bb1fbd9a293bb700def872e1
httpd-devel-2.2.6-9.i686.rpm
153234 56f6d4a25e897beadf37b1f8a4446c8d
httpd-manual-2.2.6-9.i686.rpm
857993 88cba7e1583462b2ae52fb59da065a57
mod_ssl-2.2.6-9.i686.rpm
85465 4cecf1b2c9651b081a853caaec9cf3b3

<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

httpd-2.0.51-36.src.rpm
6859400 1327a3e5ed656d01a43dbeb5d809cace

Binary Packages
Size: MD5

httpd-2.0.51-36.i586.rpm
1033720 7faee60429dc5e5969ebae5e71a2553f
httpd-devel-2.0.51-36.i586.rpm
225617 9b2c83beec43c658e7ec12995a2b62fa
httpd-manual-2.0.51-36.i586.rpm
1133748 72eceeb85cfac27e0819a7e041b82439
mod_bwshare-2.0.51-36.i586.rpm
41737 bcbf5e712abb509c7525ba4c708f4ce9
mod_ssl-2.0.51-36.i586.rpm
89718 f5a1792fa8a4747b11ccebb19d2b3a7d

<Turbolinux FUJI>

Source Packages
Size: MD5

httpd-2.0.54-22.src.rpm
7625404 a1ad6906d0a48bacf5e087adc22dd9f4

Binary Packages
Size: MD5

httpd-2.0.54-22.i686.rpm
1266332 5f1a626eadb2e3ff87cdd868b747d08e
httpd-devel-2.0.54-22.i686.rpm
277405 07cc9383ccc06f67d76df7532f1f1030

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

httpd-2.0.51-36.src.rpm
6859400 e42a95fcebc5b5d95dfca9391ca550df

Binary Packages
Size: MD5

httpd-2.0.51-36.x86_64.rpm
1144122 7bc2e773074df289ca2c952536416599
httpd-debug-2.0.51-36.x86_64.rpm
3535652 98c4ac88f18ce7c4d18cfe63d5bf6e7f
httpd-devel-2.0.51-36.x86_64.rpm
225573 384a1a2afdc9792ed1ec2e30fda96c65
httpd-manual-2.0.51-36.x86_64.rpm
1133207 807db1eacf903654dae4090fd121f9aa
mod_bwshare-2.0.51-36.x86_64.rpm
42491 8607afe04c4554d7ffb302e0b23e2a4a
mod_ssl-2.0.51-36.x86_64.rpm
97321 3dda6c1ebdf3a98649ccd92b97000892

<Turbolinux 10 Server>

Source Packages
Size: MD5

httpd-2.0.51-36.src.rpm
6859400 1327a3e5ed656d01a43dbeb5d809cace

Binary Packages
Size: MD5

httpd-2.0.51-36.i586.rpm
1033720 7faee60429dc5e5969ebae5e71a2553f
httpd-debug-2.0.51-36.i586.rpm
3542192 af25e22a05516cd8987c777c5691ed4a
httpd-devel-2.0.51-36.i586.rpm
225617 9b2c83beec43c658e7ec12995a2b62fa
httpd-manual-2.0.51-36.i586.rpm
1133748 72eceeb85cfac27e0819a7e041b82439
mod_bwshare-2.0.51-36.i586.rpm
41737 bcbf5e712abb509c7525ba4c708f4ce9
mod_ssl-2.0.51-36.i586.rpm
89718 f5a1792fa8a4747b11ccebb19d2b3a7d

<Turbolinux Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

httpd-2.0.48-24.src.rpm
6327664 eeab3dea6afed3521f4618bbfaa33f1a

Binary Packages
Size: MD5

httpd-2.0.48-24.i586.rpm
893140 814c5a293746a9bcfdb391fdf5da8263


References:

CVE
[CVE-2007-6203]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203
[CVE-2007-6420]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420
[CVE-2008-2364]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364

--------------------------------------------------------------------------
Revision History
26 Jun 2008 Initial release
--------------------------------------------------------------------------

Copyright(C) 2008 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkhjYKsACgkQK0LzjOqIJMyBaQCfYIKWFiSRr1FAcNVfz/mZnaXr
k1EAoJXtjiNvhkJtvCHJ/uz5fN6QzrRq
=QWRx
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung