logo
DATABASE RESOURCES PRICING ABOUT US

Important: httpd24, httpd

Description

**Issue Overview:** Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration.(CVE-2017-9798) **Affected Packages:** httpd24, httpd **Issue Correction:** Run _yum update httpd24_ to update your system. Run _yum update httpd_ to update your system. **New Packages:** i686:     httpd-tools-2.2.34-1.15.amzn1.i686     httpd-devel-2.2.34-1.15.amzn1.i686     mod_ssl-2.2.34-1.15.amzn1.i686     httpd-2.2.34-1.15.amzn1.i686     httpd-debuginfo-2.2.34-1.15.amzn1.i686     mod24_proxy_html-2.4.27-3.73.amzn1.i686     mod24_session-2.4.27-3.73.amzn1.i686     httpd24-devel-2.4.27-3.73.amzn1.i686     httpd24-2.4.27-3.73.amzn1.i686     httpd24-debuginfo-2.4.27-3.73.amzn1.i686     httpd24-tools-2.4.27-3.73.amzn1.i686     mod24_ssl-2.4.27-3.73.amzn1.i686     mod24_ldap-2.4.27-3.73.amzn1.i686 noarch:     httpd-manual-2.2.34-1.15.amzn1.noarch     httpd24-manual-2.4.27-3.73.amzn1.noarch src:     httpd-2.2.34-1.15.amzn1.src     httpd24-2.4.27-3.73.amzn1.src x86_64:     httpd-tools-2.2.34-1.15.amzn1.x86_64     httpd-devel-2.2.34-1.15.amzn1.x86_64     httpd-2.2.34-1.15.amzn1.x86_64     mod_ssl-2.2.34-1.15.amzn1.x86_64     httpd-debuginfo-2.2.34-1.15.amzn1.x86_64     mod24_ldap-2.4.27-3.73.amzn1.x86_64     httpd24-debuginfo-2.4.27-3.73.amzn1.x86_64     httpd24-tools-2.4.27-3.73.amzn1.x86_64     mod24_proxy_html-2.4.27-3.73.amzn1.x86_64     httpd24-devel-2.4.27-3.73.amzn1.x86_64     httpd24-2.4.27-3.73.amzn1.x86_64     mod24_ssl-2.4.27-3.73.amzn1.x86_64     mod24_session-2.4.27-3.73.amzn1.x86_64 ### Additional References Red Hat: [CVE-2017-9798](<https://access.redhat.com/security/cve/CVE-2017-9798>) Mitre: [CVE-2017-9798](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798>)


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 1 httpd-tools 2.2.34-1.15.amzn1
Amazon Linux 1 httpd-devel 2.2.34-1.15.amzn1
Amazon Linux 1 mod_ssl 2.2.34-1.15.amzn1
Amazon Linux 1 httpd 2.2.34-1.15.amzn1
Amazon Linux 1 httpd-debuginfo 2.2.34-1.15.amzn1
Amazon Linux 1 mod24_proxy_html 2.4.27-3.73.amzn1
Amazon Linux 1 mod24_session 2.4.27-3.73.amzn1
Amazon Linux 1 httpd24-devel 2.4.27-3.73.amzn1
Amazon Linux 1 httpd24 2.4.27-3.73.amzn1
Amazon Linux 1 httpd24-debuginfo 2.4.27-3.73.amzn1
Amazon Linux 1 httpd24-tools 2.4.27-3.73.amzn1
Amazon Linux 1 mod24_ssl 2.4.27-3.73.amzn1
Amazon Linux 1 mod24_ldap 2.4.27-3.73.amzn1
Amazon Linux 1 httpd-manual 2.2.34-1.15.amzn1
Amazon Linux 1 httpd24-manual 2.4.27-3.73.amzn1
Amazon Linux 1 httpd 2.2.34-1.15.amzn1
Amazon Linux 1 httpd24 2.4.27-3.73.amzn1
Amazon Linux 1 httpd-tools 2.2.34-1.15.amzn1
Amazon Linux 1 httpd-devel 2.2.34-1.15.amzn1
Amazon Linux 1 httpd 2.2.34-1.15.amzn1
Amazon Linux 1 mod_ssl 2.2.34-1.15.amzn1
Amazon Linux 1 httpd-debuginfo 2.2.34-1.15.amzn1
Amazon Linux 1 mod24_ldap 2.4.27-3.73.amzn1
Amazon Linux 1 httpd24-debuginfo 2.4.27-3.73.amzn1
Amazon Linux 1 httpd24-tools 2.4.27-3.73.amzn1
Amazon Linux 1 mod24_proxy_html 2.4.27-3.73.amzn1
Amazon Linux 1 httpd24-devel 2.4.27-3.73.amzn1
Amazon Linux 1 httpd24 2.4.27-3.73.amzn1
Amazon Linux 1 mod24_ssl 2.4.27-3.73.amzn1
Amazon Linux 1 mod24_session 2.4.27-3.73.amzn1

Related