 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Thu, 12 Nov 2009 14:58:35 -0600 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: httpd security update
Issue date: 2009-11-11
CVE Names: CVE-2009-1891 CVE-2009-3094 CVE-2009-3095
CVE-2009-3555
CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflate
CVE-2009-3094 httpd: NULL pointer defer in mod_proxy_ftp caused by
crafted EPSV and PASV reply
CVE-2009-3095 httpd: mod_proxy_ftp FTP command injection via
Authorization HTTP header
CVE-2009-3555 TLS: MITM attacks via session renegotiation
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A
man-in-the-middle attacker could use this flaw to prefix arbitrary plain
text to a client's session (for example, an HTTPS connection to a
website). This could force the server to process an attacker's request
as if authenticated using the victim's credentials. This update
partially mitigates this flaw for SSL sessions to HTTP servers using
mod_ssl by rejecting client-requested renegotiation. (CVE-2009-3555)
Note: This update does not fully resolve the issue for HTTPS servers. An
attack is still possible in configurations that require a
server-initiated renegotiation. Refer to the following Knowledgebase
article for further information: http://kbase.redhat.com/faq/docs/DOC-20491
A denial of service flaw was found in the Apache mod_deflate module.
This module continued to compress large files until compression was
complete, even if the network connection that requested the content was
closed before compression completed. This would cause mod_deflate to
consume large amounts of CPU if mod_deflate was enabled for a large
file. (CVE-2009-1891) - SL4 only
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to
the EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands
to the FTP server. (CVE-2009-3095)
After installing the updated packages, the httpd daemon must be
restarted for the update to take effect.
SL 3.0.x
SRPMS:
httpd-2.0.46-77.sl3.src.rpm
i386:
httpd-2.0.46-77.sl3.i386.rpm
httpd-devel-2.0.46-77.sl3.i386.rpm
mod_ssl-2.0.46-77.sl3.i386.rpm
x86_64:
httpd-2.0.46-77.sl3.x86_64.rpm
httpd-devel-2.0.46-77.sl3.x86_64.rpm
mod_ssl-2.0.46-77.sl3.x86_64.rpm
SL 4.x
SRPMS:
httpd-2.0.52-41.sl4.6.src.rpm
i386:
httpd-2.0.52-41.sl4.6.i386.rpm
httpd-devel-2.0.52-41.sl4.6.i386.rpm
httpd-manual-2.0.52-41.sl4.6.i386.rpm
httpd-suexec-2.0.52-41.sl4.6.i386.rpm
mod_ssl-2.0.52-41.sl4.6.i386.rpm
x86_64:
httpd-2.0.52-41.sl4.6.x86_64.rpm
httpd-devel-2.0.52-41.sl4.6.x86_64.rpm
httpd-manual-2.0.52-41.sl4.6.x86_64.rpm
httpd-suexec-2.0.52-41.sl4.6.x86_64.rpm
mod_ssl-2.0.52-41.sl4.6.x86_64.rpm
SL 5.x
SRPMS:
httpd-2.2.3-31.sl5.2.src.rpm
i386:
httpd-2.2.3-31.sl5.2.i386.rpm
httpd-devel-2.2.3-31.sl5.2.i386.rpm
httpd-manual-2.2.3-31.sl5.2.i386.rpm
mod_ssl-2.2.3-31.sl5.2.i386.rpm
x86_64:
httpd-2.2.3-31.sl5.2.x86_64.rpm
httpd-devel-2.2.3-31.sl5.2.i386.rpm
httpd-devel-2.2.3-31.sl5.2.x86_64.rpm
httpd-manual-2.2.3-31.sl5.2.x86_64.rpm
mod_ssl-2.2.3-31.sl5.2.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
