(RHSA-2008:0966) Moderate: Red Hat Application Stack v2.2 security and enhancement update

2008-12-0400:00:00

access.redhat.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.055 Low

EPSS

Percentile

92.4%

JSON

The Red Hat Application Stack v2.2 is an integrated open source application
stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise
Application Platform (EAP) 4.2.

This erratum updates the Apache HTTP Server package to version 2.2.10 which
addresses the following security issues:

A flaw was found in the mod_proxy module. An attacker who has control of
a web server to which requests are being proxied could cause a limited
denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364)

A flaw was found in the mod_proxy_ftp module. Where Apache is configured
to support ftp-over-httpd proxying, a remote attacker could perform a
cross-site scripting attack. (CVE-2008-2939)

A cross-site request forgery issue was found in the mod_proxy_balancer
module. A remote attacker could cause a denial of service if
mod_proxy_balancer is enabled and an authenticated user is targeted.
(CVE-2007-6420)

The JBoss Enterprise Application Platform (EAP) 4.2 has been updated to
version 4.2.0.CP05.

The following packages were also updated:

mysql to 5.0.60sp1
mysql-connector-odbc to 3.51.26r1127
perl-DBI to 1.607
perl-DBD-MySQL to 4.008
perl-DBD-Pg to 1.49
php-pear to 1.7.2
postgresql to 8.2.11
postgresqlclient81 to 8.1.11

OSVersionArchitecturePackageVersionFilename
RedHat5i386postgresql-pltcl< 8.2.11-1.el5s2postgresql-pltcl-8.2.11-1.el5s2.i386.rpm
RedHat5x86_64mysql-connector-odbc< 3.51.26r1127-1.el5s2mysql-connector-odbc-3.51.26r1127-1.el5s2.x86_64.rpm
RedHat5i386perl-dbd-mysql< 4.008-2.el5s2perl-DBD-MySQL-4.008-2.el5s2.i386.rpm
RedHat5i386perl-dbi< 1.607-3.el5s2perl-DBI-1.607-3.el5s2.i386.rpm
RedHat5x86_64mysql-devel< 5.0.60sp1-1.el5s2mysql-devel-5.0.60sp1-1.el5s2.x86_64.rpm
RedHat5i386postgresql-libs< 8.2.11-1.el5s2postgresql-libs-8.2.11-1.el5s2.i386.rpm
RedHat5i386httpd< 2.2.10-1.el5s2httpd-2.2.10-1.el5s2.i386.rpm
RedHat5i386postgresql-server< 8.2.11-1.el5s2postgresql-server-8.2.11-1.el5s2.i386.rpm
RedHat5x86_64postgresql-plperl< 8.2.11-1.el5s2postgresql-plperl-8.2.11-1.el5s2.x86_64.rpm
RedHat5x86_64postgresql-contrib< 8.2.11-1.el5s2postgresql-contrib-8.2.11-1.el5s2.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	i386	postgresql-pltcl	< 8.2.11-1.el5s2	postgresql-pltcl-8.2.11-1.el5s2.i386.rpm
RedHat	5	x86_64	mysql-connector-odbc	< 3.51.26r1127-1.el5s2	mysql-connector-odbc-3.51.26r1127-1.el5s2.x86_64.rpm
RedHat	5	i386	perl-dbd-mysql	< 4.008-2.el5s2	perl-DBD-MySQL-4.008-2.el5s2.i386.rpm
RedHat	5	i386	perl-dbi	< 1.607-3.el5s2	perl-DBI-1.607-3.el5s2.i386.rpm
RedHat	5	x86_64	mysql-devel	< 5.0.60sp1-1.el5s2	mysql-devel-5.0.60sp1-1.el5s2.x86_64.rpm
RedHat	5	i386	postgresql-libs	< 8.2.11-1.el5s2	postgresql-libs-8.2.11-1.el5s2.i386.rpm
RedHat	5	i386	httpd	< 2.2.10-1.el5s2	httpd-2.2.10-1.el5s2.i386.rpm
RedHat	5	i386	postgresql-server	< 8.2.11-1.el5s2	postgresql-server-8.2.11-1.el5s2.i386.rpm
RedHat	5	x86_64	postgresql-plperl	< 8.2.11-1.el5s2	postgresql-plperl-8.2.11-1.el5s2.x86_64.rpm
RedHat	5	x86_64	postgresql-contrib	< 8.2.11-1.el5s2	postgresql-contrib-8.2.11-1.el5s2.x86_64.rpm