Lucene search

K
suseSuseOPENSUSE-SU-2012:0314-1
HistoryFeb 28, 2012 - 6:08 p.m.

apache2: fixed various security bugs (important)

2012-02-2818:08:26
lists.opensuse.org
21

0.717 High

EPSS

Percentile

98.1%

This update of apache2 fixes regressions and several
security problems:

bnc#728876, fix graceful reload

bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption
(shared mem segment) by child causes crash of privileged
parent (invalid free()) during shutdown.

bnc#743743, CVE-2012-0053: Fixed an issue in error
responses that could expose "httpOnly" cookies when no
custom ErrorDocument is specified for status code 400".

bnc#738855, CVE-2007-6750: The "mod_reqtimeout" module was
backported from Apache 2.2.21 to help mitigate the
"Slowloris" Denial of Service attack.

You need to enable the "mod_reqtimeout" module in your
existing apache configuration to make it effective, e.g. in
the APACHE_MODULES line in /etc/sysconfig/apache2.