Arch Linux Security Advisory ASA-201707-15

Severity: Critical
Date : 2017-07-14
CVE-ID : CVE-2017-9788 CVE-2017-9789
Package : apache
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-350

Summary

The package apache before version 2.4.27-1 is vulnerable to multiple
issues including arbitrary code execution and information disclosure.

Resolution

Upgrade to 2.4.27-1.

pacman -Syu “apache>=2.4.27-1”

The problems have been fixed upstream in version 2.4.27.

Workaround

None.

Description

• CVE-2017-9788 (information disclosure)

A security issue has been found in apache’s mod_auth_digest <= 2.4.26,
leading to information disclosure or denial of service. The value
placeholder in [Proxy-]Authorization headers of type ‘Digest’ was not
initialized or reset before or between successive key=value assignments
by mod_auth_digest. Providing an initial key with no ‘=’ assignment
could reflect the stale value of uninitialized pool memory used by the
prior request, leading to leakage of potentially confidential
information, and a segfault.

• CVE-2017-9789 (arbitrary code execution)

A security issue has been found in apache’s mod_http2 <= 2.4.26. When
under stress, closing many connections, the HTTP/2 handling code would
sometimes access memory after it has been freed, resulting in
potentially erratic behaviour.

Impact

A remote attacker could access sensitive information if mod_auth_digest
is enabled, or be able to execute arbitrary code on the affected host
if mod_http2 is enabled.

References

https://httpd.apache.org/security/vulnerabilities_24.html
https://security.archlinux.org/CVE-2017-9788
https://security.archlinux.org/CVE-2017-9789