drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Apache
Name: |
Mehrere Probleme in Apache |
|
ID: |
USN-3373-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 ESM |
|
Datum: |
Di, 1. August 2017, 00:15 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169 |
|
Applikationen: |
Apache |
|
Originalnachricht |
--===============5557304345953646583== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-d43ekmArnEFrLmhPove9"
--=-d43ekmArnEFrLmhPove9 Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3373-1 July 31, 2017
apache2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description: - apache2: Apache HTTP server
Details:
Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components() function for use by third-party modules. (CVE-2017-3167)
Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. (CVE-2017-3169)
Javier Jiménez discovered that the Apache HTTP Server incorrectly handled parsing certain requests. A remote attacker could possibly use this issue to cause the Apache HTTP Server to crash, resulting in a denial of service. (CVE-2017-7668)
ChenQin and Hanno Böck discovered that the Apache mod_mime module incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to cause the Apache HTTP Server to crash, resulting in a denial of service. (CVE-2017-7679)
David Dennerline and Régis Leroy discovered that the Apache HTTP Server incorrectly handled unusual whitespace when parsing requests, contrary to specifications. When being used in combination with a proxy or backend server, a remote attacker could possibly use this issue to perform an injection attack and pollute cache. This update may introduce compatibility issues with clients that do not strictly follow HTTP protocol specifications. A new configuration option "HttpProtocolOptions Unsafe" can be used to revert to the previous unsafe behaviour in problematic environments. (CVE-2016-8743)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM:  apache2.2-bin                   2.2.22-1ubuntu1.12
In general, a standard system update will make all the necessary changes.
References: Â https://www.ubuntu.com/usn/usn-3373-1 Â CVE-2016-8743, CVE-2017-3167, CVE-2017-3169, CVE-2017-7668, Â CVE-2017-7679
--Ý43ekmArnEFrLmhPove9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAABCAAGBQJZf15DAAoJEEW851uECx9pFX8P/iZmzJ3MG0gfNcHcRAFhBjsS y3CixYtNEboWJMZ+xHey1KzGz4lTx+COKbzHzPTVjW2KAX4bvDeYGmyAgOOoVnxw NGVinHEjpaIDwFpdEHR8D7ZsKzsE0dsxw188kqI6EQ3AYbZoRL+X7gGCK7cIfCDy 16vmtHmRnYKIe+IsbEZVDQnbmTrJQs6Lkhww1MoUJsBIFfKcZi3CK1ki1AP5aPt9 miVPONYrJbe3V5Ne4N2jezXywMmtNXVejuNdNAiKoMGTLPlQV0VyIv3t8ACSanKK RiAQCpuF+JlMKc1LhFiFVMRmWXhVE5/r8q/zHiM16EY+HEo5xNKO8M6MkE2fb9Ua Iffpt1T6HL7IZg+dRi1euNXgyd20zb9HdiCuqImscHir1kdumwRJo0/MPOniGn5V DcDDrSVuO5mNR07DghXVymsqDUNKELPu0HW5D/0XivBCna0V+K6nDH6625z+qytk m7RokHA9Q6pEbk3mO7/9M2sWeaSXn0wMe0GeqKIUXNYcb2jM5n78ISysuQZjLrAa exkb66uphgrg2VDVOxFeOPNcRDnSNm1VE+ppGGhYmtQPu9BdtF5zO3UQHauSXoxZ 7E5xj0uoP5yc1SVpRznY2yvIq4iu7Nk28ftp6HjpE9FCnA9NMoLwjTY+uwXWK4K6 jqW9E9FTqO0EMcxmtMeg =wmde -----END PGP SIGNATURE-----
--=-d43ekmArnEFrLmhPove9--
--===============5557304345953646583== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5557304345953646583==--
|
|
|
|