LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

March 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA March 2015

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Low: httpd on SL7.x x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Wed, 25 Mar 2015 15:18:21 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (75 lines)

Synopsis:          Low: httpd security, bug fix, and enhancement update
Advisory ID:       SLSA-2015:0325-2
Issue Date:        2015-03-05
CVE Numbers:       CVE-2013-5704
                   CVE-2014-3581
--

A flaw was found in the way httpd handled HTTP Trailer headers when
processing requests using chunked encoding. A malicious client could use
Trailer headers to set additional HTTP headers after header processing was
performed by other modules. This could, for example, lead to a bypass of
header restrictions defined with mod_headers. (CVE-2013-5704)

A NULL pointer dereference flaw was found in the way the mod_cache httpd
module handled Content-Type headers. A malicious HTTP server could cause
the httpd child process to crash when the Apache HTTP server was
configured to proxy to a server with caching enabled. (CVE-2014-3581)

This update also fixes the following bugs:

* Previously, the mod_proxy_fcgi Apache module always kept the back-end
connections open even when they should have been closed. As a consequence,
the number of open file descriptors was increasing over the time. With
this update, mod_proxy_fcgi has been fixed to check the state of the back-
end connections, and it closes the idle back-end connections as expected.

* An integer overflow occurred in the ab utility when a large request
count was used. Consequently, ab terminated unexpectedly with a
segmentation fault while printing statistics after the benchmark. This bug
has been fixed, and ab no longer crashes in this scenario.

* Previously, when httpd was running in the foreground and the user
pressed Ctrl+C to interrupt the httpd processes, a race condition in
signal handling occurred. The SIGINT signal was sent to all children
followed by SIGTERM from the main process, which interrupted the SIGINT
handler. Consequently, the affected processes became unresponsive or
terminated unexpectedly. With this update, the SIGINT signals in the child
processes are ignored, and httpd no longer hangs or crashes in this
scenario.

In addition, this update adds the following enhancements:

* With this update, the mod_proxy module of the Apache HTTP Server
supports the Unix Domain Sockets (UDS). This allows mod_proxy back ends to
listen on UDS sockets instead of TCP sockets, and as a result, mod_proxy
can be used to connect UDS back ends.

* This update adds support for using the SetHandler directive together
with the mod_proxy module. As a result, it is possible to configure
SetHandler to use proxy for incoming requests, for example, in the
following format: SetHandler "proxy:fcgi://127.0.0.1:9000".

* The htaccess API changes introduced in httpd 2.4.7 have been backported
to httpd shipped with Scientific Linux 7.1. These changes allow for the
MPM-ITK module to be compiled as an httpd module.

After installing the updated packages, the httpd daemon will be restarted
automatically.
--

SL7
  x86_64
    httpd-2.4.6-31.sl7.x86_64.rpm
    httpd-debuginfo-2.4.6-31.sl7.x86_64.rpm
    httpd-devel-2.4.6-31.sl7.x86_64.rpm
    httpd-tools-2.4.6-31.sl7.x86_64.rpm
    mod_ldap-2.4.6-31.sl7.x86_64.rpm
    mod_proxy_html-2.4.6-31.sl7.x86_64.rpm
    mod_session-2.4.6-31.sl7.x86_64.rpm
    mod_ssl-2.4.6-31.sl7.x86_64.rpm
  noarch
    httpd-manual-2.4.6-31.sl7.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV