Lucene search

K
suseSuseSUSE-SU-2012:0323-1
HistoryMar 06, 2012 - 9:08 p.m.

Security update for Apache2 (important)

2012-03-0621:08:42
lists.opensuse.org
25

0.717 High

EPSS

Percentile

98.1%

This update of apache fixes regressions and several
security problems:

bnc#741243, CVE-2012-0031: Fixed a scoreboard
corruption (shared mem segment) by child causes crash of
privileged parent (invalid free()) during shutdown.

bnc#743743,CVE-2012-0053: Fixed an issue in error
responses that could expose "httpOnly" cookies when no
custom ErrorDocument is specified for status code 400".

bnc#736706, the SSL configuration template suggested
weak ciphers

bnc#738855,CVE-2007-6750: The "mod_reqtimeout" module
was backported from Apache 2.2.21 to help mitigate the
"Slowloris" Denial of Service attack.

You need to enable the "mod_reqtimeout" module in
your existing apache configuration to make it effective,
e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2.