SCIENTIFIC-LINUX-ERRATA Archives

October 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: httpd on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Thu, 19 Oct 2017 16:02:18 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (41 lines) 
Synopsis:          Moderate: httpd security update

Advisory ID:       SLSA-2017:2972-1

Issue Date:        2017-10-19

CVE Numbers:       CVE-2017-9798

                   CVE-2017-12171

--



Security Fix(es):



* A use-after-free flaw was found in the way httpd handled invalid and

previously unregistered HTTP methods specified in the Limit directive used

in an .htaccess file. A remote attacker could possibly use this flaw to

disclose portions of the server memory, or cause httpd child process to

crash. (CVE-2017-9798)



* A regression was found in the Scientific Linux 6.9 version of httpd,

causing comments in the "Allow" and "Deny" configuration lines to be

parsed incorrectly. A web administrator could unintentionally allow any

client to access a restricted HTTP resource. (CVE-2017-12171)

--



SL6

  x86_64

    httpd-2.2.15-60.el6_9.6.x86_64.rpm

    httpd-debuginfo-2.2.15-60.el6_9.6.x86_64.rpm

    httpd-tools-2.2.15-60.el6_9.6.x86_64.rpm

    httpd-debuginfo-2.2.15-60.el6_9.6.i686.rpm

    httpd-devel-2.2.15-60.el6_9.6.i686.rpm

    httpd-devel-2.2.15-60.el6_9.6.x86_64.rpm

    mod_ssl-2.2.15-60.el6_9.6.x86_64.rpm

  i386

    httpd-2.2.15-60.el6_9.6.i686.rpm

    httpd-debuginfo-2.2.15-60.el6_9.6.i686.rpm

    httpd-tools-2.2.15-60.el6_9.6.i686.rpm

    httpd-devel-2.2.15-60.el6_9.6.i686.rpm

    mod_ssl-2.2.15-60.el6_9.6.i686.rpm

  noarch

    httpd-manual-2.2.15-60.el6_9.6.noarch.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2