This update of apache fixes regressions and several
security problems:
bnc#741243, CVE-2012-0031: Fixed a scoreboard
corruption (shared mem segment) by child causes crash of
privileged parent (invalid free()) during shutdown.
bnc#743743,CVE-2012-0053: Fixed an issue in error
responses that could expose "httpOnly" cookies when no
custom ErrorDocument is specified for status code 400".
bnc#736706, the SSL configuration template suggested
weak ciphers
bnc#738855,CVE-2007-6750: The "mod_reqtimeout" module
was backported from Apache 2.2.21 to help mitigate the
"Slowloris" Denial of Service attack.
You need to enable the "mod_reqtimeout" module in
your existing apache configuration to make it effective,
e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
SLE SDK | 10.4 | ia64 | apache2-worker | < 2.2.3-16.44.1 | apache2-worker-2.2.3-16.44.1.ia64.rpm |
SLE SDK | 10.4 | s390x | apache2-devel | < 2.2.3-16.44.1 | apache2-devel-2.2.3-16.44.1.s390x.rpm |
SLE SDK | 10.4 | s390x | apache2-worker | < 2.2.3-16.44.1 | apache2-worker-2.2.3-16.44.1.s390x.rpm |
SLE SDK | 10.4 | ppc | apache2-devel | < 2.2.3-16.44.1 | apache2-devel-2.2.3-16.44.1.ppc.rpm |
SUSE Linux Enterprise Server | 10.4 | s390x | apache2-prefork | < 2.2.3-16.44.1 | apache2-prefork-2.2.3-16.44.1.s390x.rpm |
SLE SDK | 10.4 | i586 | apache2-prefork | < 2.2.3-16.44.1 | apache2-prefork-2.2.3-16.44.1.i586.rpm |
SLE SDK | 10.4 | i586 | apache2-example-pages | < 2.2.3-16.44.1 | apache2-example-pages-2.2.3-16.44.1.i586.rpm |
SUSE Linux Enterprise Server | 10.4 | ppc | apache2-prefork | < 2.2.3-16.44.1 | apache2-prefork-2.2.3-16.44.1.ppc.rpm |
SUSE Linux Enterprise Server | 10.4 | ppc | apache2 | < 2.2.3-16.44.1 | apache2-2.2.3-16.44.1.ppc.rpm |
SUSE Linux Enterprise Server | 10.4 | x86_64 | apache2-prefork | < 2.2.3-16.44.1 | apache2-prefork-2.2.3-16.44.1.x86_64.rpm |