[slackware-security] php

New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/php-5.2.16-i486-1slack13.1.txz: Upgraded. This fixes many bugs, including some security issues. For more...

KLA10066 Multiple vulnerabilities in Apache httpd

Multiple serious vulnerabilities have been found in Apache httpd. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, inject code or execute arbitrary code. Below is a complete list of vulnerabilities 1. Multiple integer overflow...

DSA-2117-1 apr-util - denial of service

Bulletin has no description...

httpd scoreboard lack of PID protection

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the workerscore and processscore arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."...

httpd mod_cache segfault

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply

The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...

Apache Httpd < 2.2.10 : Timeout detection flaw (mod_proxy_http)

An information disclosure flaw was found in modproxyhttp in version 2.2.9 only, on Unix platforms. Under certain timeout conditions, the server could return a response intended for another user. Only those configurations which trigger the use of proxy worker pools are affected. There was no...

Fedora 11 : httpd-2.2.14-1.fc11 (2009-12747)

This update contains the latest stable release of Apache httpd. Three security fixes are included, along with several minor bug fixes. A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could u...

Apache Httpd < 2.2.16 : Timeout detection flaw (mod_proxy_http)

An information disclosure flaw was found in modproxyhttp in versions 2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout conditions, the server could return a response intended for another user. Only Windows, Netware and OS2 operating systems are affected. Only those...

Apache Httpd < 2.0.64 : mod_cache and mod_dav DoS

A flaw was found in the handling of requests by modcache 2.2 and moddav 2.0 and 2.2. A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated a...

Apache Httpd < 2.2.16 : mod_cache and mod_dav DoS

A flaw was found in the handling of requests by modcache 2.2 and moddav 2.0 and 2.2. A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated a...

[SECURITY] [DSA-2035-1] New apache2 packages fix several issues

------------------------------------------------------------------------ Debian Security Advisory DSA-2035-1 [email protected] http://www.debian.org/security/ Stefan Fritsch April 17, 2010 http://www.debian.org/security/faq -...

DSA-2035-1 apache2 - several issues

Bulletin has no description...

Apache HTTPD information leak

Under some conditions it's possible to access memory with data related to prvious requests...

Apache Httpd < 2.2.17 : apr_bridage_split_line DoS

A flaw was found in the aprbrigadesplitline function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service...

Apache Httpd < 2.0.64 : apr_bridage_split_line DoS

A flaw was found in the aprbrigadesplitline function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service...

Apache HTTPD Ranges Header Field Denial of Service - ver 2 (CVE-2011-3192)

A denial of service vulnerability has been reported in Apache httpd server. A remote attacker may exploit this vulnerability to cause a DoS condition in an affected server. The vulnerability is due to an error in Apache's http server while handling requests with malformed Range header values. A...

Apache Httpd < 2.0.64 : mod_isapi module unload flaw

A flaw was found with within modisapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using modisapi, a remote attacker could send a malicious request to trigg...

Apache Httpd < 2.2.15 : mod_isapi module unload flaw

A flaw was found with within modisapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using modisapi, a remote attacker could send a malicious request to trigg...

[SECURITY] [DSA-1970-1] New openssl packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-1970-1 [email protected] http://www.debian.org/security/ Stefan Fritsch January 13, 2010 http://www.debian.org/security/faq -...