drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Apache
Name: |
Mehrere Probleme in Apache |
|
ID: |
201710-32 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mo, 30. Oktober 2017, 07:45 |
|
Referenzen: |
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9789
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3167
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7668
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7659
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9788
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3169 |
|
Applikationen: |
Apache |
|
Originalnachricht |
--nextPart5124847.CblVEgUT7Q Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201710-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: Apache: Multiple vulnerabilities Date: October 29, 2017 Bugs: #622240, #624868, #631308 ID: 201710-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been found in Apache, the worst of which may result in the loss of secrets.
Background ==========
The Apache HTTP server is one of the most popular web servers on the Internet.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/apache < 2.4.27-r1 >= 2.4.27-r1
Description ===========
Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details.
Impact ======
The Optionsbleed vulnerability can leak arbitrary memory from the server process that may contain secrets. Additionally attackers may cause a Denial of Service condition, bypass authentication, or cause information loss.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Apache users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.27-r1"
References ==========
[ 1 ] CVE-2017-3167 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3167 [ 2 ] CVE-2017-3169 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3169 [ 3 ] CVE-2017-7659 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7659 [ 4 ] CVE-2017-7668 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7668 [ 5 ] CVE-2017-7679 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7679 [ 6 ] CVE-2017-9788 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9788 [ 7 ] CVE-2017-9789 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9789 [ 8 ] CVE-2017-9798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201710-32
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 --nextPart5124847.CblVEgUT7Q Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAln2XpoACgkQpRQw84X1 dt0+9Qf/S2FL4PbP1b1N6cagvGHw3jxvyNoIR3DZafZkeesVSvynXF4dX3NfvoOD pckN82UVV1oAkbefeTrKpiRo/FVe2DcOY2Ld7lEKwXRGaU7toHjY0biYxpwAmXiW A5Mfnew3Gia5vLvhvhgpw5Eg45lb3xA82RnlZTuU8kS8azvcmpd0IenG31fcIcii cE4qm+HB0hhfZSivGhKa4pkkwhCFyWcsM3zEPsv8gpxcqQnZ3IhL7WsIkULRCQOp YAdiG8hdBXGFql8jqpC+U7AhlO9ZtDowfWn1k+SBVidXPWQsWFYofeBeemvWwPOY oKpizLS3mkLGy4WYBxdqY8lzFyroTQ== =0ZZo -----END PGP SIGNATURE-----
--nextPart5124847.CblVEgUT7Q--
|
|
|
|