Articles / SuSE: New apache2 packages …

SuSE: New apache2 packages fix security issues

This update fixes several security issues in the Apache2 webserver. The severe ByteRange remote denial of service attack was fixed, configuration options used by upstream were added. Allow MaxRanges Number of ranges requested, if exceeded, the complete content is served. Two fnmatch denial of service attacks were fixed that could exhaust the servers memory. Another memoryleak was fixed that could exhaust httpd server memory via unspecified methods. This update also includes fixes a fix for a mod_proxy reverse exposure via RewriteRule or ProxyPassMatch directives. Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for apache2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1229-1
Rating:             important
References:         #713966 #718106 #719236 #722545 
Cross-References:   CVE-2011-3192
Affected Products:
                   SUSE Linux Enterprise Server 10 SP3
______________________________________________________________________________

  An update that solves one vulnerability and has three fixes
  is now available.

Description:


  This update fixes several security issues in the Apache2
  webserver.

  *

  The severe ByteRange remote denial of service attack
  (CVE-2011-3192) was fixed, configuration options used by
  upstream were added.

  Introduce new config option: Allow MaxRanges Number
  of ranges requested, if exceeded, the complete content is
  served. default: 200 0|unlimited: unlimited none: Range
  headers are ignored. This option is a backport from 2.2.21.

  *

  CVE-2011-0419,CVE-2011-1928: Two fnmatch denial of
  service attacks were fixed that could exhaust the servers
  memory.

  *

  CVE-2010-1623: Another memoryleak was fixed that
  could exhaust httpd server memory via unspecified methods.

  *

  CVE-2011-3368: This update also includes fixes a fix
  for a mod_proxy reverse exposure via RewriteRule or
  ProxyPassMatch directives.

  Security Issue references:

  * CVE-2011-3192
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192


Indications:

  Please install this update.


Package List:

  - SUSE Linux Enterprise Server 10 SP3 (i586 s390x x86_64):

     apache2-2.2.3-16.32.37.1
     apache2-devel-2.2.3-16.32.37.1
     apache2-doc-2.2.3-16.32.37.1
     apache2-example-pages-2.2.3-16.32.37.1
     apache2-prefork-2.2.3-16.32.37.1
     apache2-worker-2.2.3-16.32.37.1


References:

  http://support.novell.com/security/cve/CVE-2011-3192.html
  https://bugzilla.novell.com/713966
  https://bugzilla.novell.com/718106
  https://bugzilla.novell.com/719236
  https://bugzilla.novell.com/722545
  http://download.novell.com/patch/finder/?keywords=93f3f0fb2aeae6252ba07a3f17184bb0
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.