potential code execution in apache2,libapr1

2009-10-2613:21:56

lists.opensuse.org

0.08 Low

EPSS

Percentile

93.6%

JSON

The Apache web server was updated to fix various security issues: - the option IncludesNOEXEC could be bypassed via .htaccess (CVE-2009-1195) - mod_proxy could run into an infinite loop when used as reverse proxy (CVE-2009-1890) - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU (CVE-2009-1891) - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094) - access restriction bypass in mod_proxy_ftp module (CVE-2009-3095)

Solution

There is no known workaround, please install the update packages.

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server11i586libapr-util1< 1.3.4-12.20.2libapr-util1-1.3.4-12.20.2.i586.rpm
SUSE Linux Enterprise Server10.2s390xapache2-prefork< 2.2.3-16.25.4apache2-prefork-2.2.3-16.25.4.s390x.rpm
SUSE Linux Enterprise Software Development Kit11x86_64apache2-devel< 2.2.10-2.21.1apache2-devel-2.2.10-2.21.1.x86_64.rpm
SUSE Linux Enterprise Server10.3ia64libapr-util1< 1.2.2-13.9.1libapr-util1-1.2.2-13.9.1.ia64.rpm
openSUSE11.0x86_64libapr-util1-devel< 1.2.12-43.4libapr-util1-devel-1.2.12-43.4.x86_64.rpm
openSUSE11.1i586libapr1< 1.3.3-12.2.1libapr1-1.3.3-12.2.1.i586.rpm
SUSE Linux Enterprise Server10.3i586apache2-prefork< 2.2.3-16.28.1apache2-prefork-2.2.3-16.28.1.i586.rpm
openSUSE11.1x86_64apache2-utils< 2.2.10-2.8.1apache2-utils-2.2.10-2.8.1.x86_64.rpm
SUSE SUSE Linux Enterprise Software Development Kit10.2s390xapache2-prefork< 2.2.3-16.25.4apache2-prefork-2.2.3-16.25.4.s390x.rpm
openSUSE11.1ppclibapr-util1-devel< 1.3.4-13.3.2libapr-util1-devel-1.3.4-13.3.2.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Server	11	i586	libapr-util1	< 1.3.4-12.20.2	libapr-util1-1.3.4-12.20.2.i586.rpm
SUSE Linux Enterprise Server	10.2	s390x	apache2-prefork	< 2.2.3-16.25.4	apache2-prefork-2.2.3-16.25.4.s390x.rpm
SUSE Linux Enterprise Software Development Kit	11	x86_64	apache2-devel	< 2.2.10-2.21.1	apache2-devel-2.2.10-2.21.1.x86_64.rpm
SUSE Linux Enterprise Server	10.3	ia64	libapr-util1	< 1.2.2-13.9.1	libapr-util1-1.2.2-13.9.1.ia64.rpm
openSUSE	11.0	x86_64	libapr-util1-devel	< 1.2.12-43.4	libapr-util1-devel-1.2.12-43.4.x86_64.rpm
openSUSE	11.1	i586	libapr1	< 1.3.3-12.2.1	libapr1-1.3.3-12.2.1.i586.rpm
SUSE Linux Enterprise Server	10.3	i586	apache2-prefork	< 2.2.3-16.28.1	apache2-prefork-2.2.3-16.28.1.i586.rpm
openSUSE	11.1	x86_64	apache2-utils	< 2.2.10-2.8.1	apache2-utils-2.2.10-2.8.1.x86_64.rpm
SUSE SUSE Linux Enterprise Software Development Kit	10.2	s390x	apache2-prefork	< 2.2.3-16.25.4	apache2-prefork-2.2.3-16.25.4.s390x.rpm
openSUSE	11.1	ppc	libapr-util1-devel	< 1.3.4-13.3.2	libapr-util1-devel-1.3.4-13.3.2.ppc.rpm

Rows per page:

1-10 of 4771

potential code execution in apache2,libapr1

Solution

Related