drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in mod_perl
Name: |
Denial of Service in mod_perl |
|
ID: |
RHSA-2007:0396-02 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Application Stack |
|
Datum: |
Mi, 20. Juni 2007, 16:58 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349 |
|
Applikationen: |
mod_perl |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Low: mod_perl security update Advisory ID: RHSA-2007:0396-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0396.html Issue date: 2007-06-20 Updated on: 2007-06-20 Product: Red Hat Application Stack CVE Names: CVE-2007-1349 - ---------------------------------------------------------------------
1. Summary:
Updated mod_perl packages that fix a security issue are now available for Red Hat Application Stack.
This update has been rated as having low security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64
3. Problem description:
Mod_perl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code.
An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class. If a server implemented a mod_perl registry module using this method, a remote attacker requesting a carefully crafted URI can cause resource consumption, which could lead to a denial of service (CVE-2007-1349).
Users of mod_perl should update to these erratum packages which contain a backported fix to correct this issue.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
240423 - CVE-2007-1349 mod_perl PerlRun denial of service
6. RPMs required:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4):
SRPMS: mod_perl-2.0.3-1.el4s1.3.src.rpm 71ce8c451f23f952b398a60613d27452 mod_perl-2.0.3-1.el4s1.3.src.rpm
i386: 071559439ac99e4e890b188b7bc3af34 mod_perl-2.0.3-1.el4s1.3.i386.rpm 01a1c66651d67919cfaed482354e9baa mod_perl-debuginfo-2.0.3-1.el4s1.3.i386.rpm 55b67c6346ce43bf7d06379fc5ec1341 mod_perl-devel-2.0.3-1.el4s1.3.i386.rpm
x86_64: 376a4d9530a5efcd9341abaca2ee9fef mod_perl-2.0.3-1.el4s1.3.x86_64.rpm b04f7455c08e335141fb8116c4db7a75 mod_perl-debuginfo-2.0.3-1.el4s1.3.x86_64.rpm eb4b8b127d93beb3214a59b4de25f251 mod_perl-devel-2.0.3-1.el4s1.3.x86_64.rpm
Red Hat Application Stack v1 for Enterprise Linux ES (v.4):
SRPMS: mod_perl-2.0.3-1.el4s1.3.src.rpm 71ce8c451f23f952b398a60613d27452 mod_perl-2.0.3-1.el4s1.3.src.rpm
i386: 071559439ac99e4e890b188b7bc3af34 mod_perl-2.0.3-1.el4s1.3.i386.rpm 01a1c66651d67919cfaed482354e9baa mod_perl-debuginfo-2.0.3-1.el4s1.3.i386.rpm 55b67c6346ce43bf7d06379fc5ec1341 mod_perl-devel-2.0.3-1.el4s1.3.i386.rpm
x86_64: 376a4d9530a5efcd9341abaca2ee9fef mod_perl-2.0.3-1.el4s1.3.x86_64.rpm b04f7455c08e335141fb8116c4db7a75 mod_perl-debuginfo-2.0.3-1.el4s1.3.x86_64.rpm eb4b8b127d93beb3214a59b4de25f251 mod_perl-devel-2.0.3-1.el4s1.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349 http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGeUBQXlSAg2UNWIIRAm+8AKC3zEJWn9XuWuIRgGXW6htOajoKNACffCji Af5mBHwwmN61tifr5q4gokc= =s5jp -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|