- ---------------------------------------------------------------------Red Hat Security Advisory

Synopsis: Moderate: httpd security update
Advisory ID: RHSA-2006:0159-01
Advisory URL: https://access.redhat.com/errata/RHSA-2006:0159.html
Issue date: 2006-01-05
Updated on: 2006-01-05
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-2970 CVE-2005-3352 CVE-2005-3357
- ---------------------------------------------------------------------1. Summary:

Updated Apache httpd packages that correct three security issues are now
available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Apache HTTP Server is a popular and freely-available Web server.

A memory leak in the worker MPM could allow remote attackers to cause a
denial of service (memory consumption) via aborted connections, which
prevents the memory for the transaction pool from being reused for other
connections. The Common Vulnerabilities and Exposures project assigned the
name CVE-2005-2970 to this issue. This vulnerability only affects users
who are using the non-default worker MPM.

A flaw in mod_imap when using the Referer directive with image maps was
discovered. With certain site configurations, a remote attacker could
perform a cross-site scripting attack if a victim can be forced to visit a
malicious URL using certain web browsers. (CVE-2005-3352)

A NULL pointer dereference flaw in mod_ssl was discovered affecting server
configurations where an SSL virtual host is configured with access control
and a custom 400 error document. A remote attacker could send a carefully
crafted request to trigger this issue which would lead to a crash. This
crash would only be a denial of service if using the non-default worker
MPM. (CVE-2005-3357)

Users of httpd should update to these erratum packages which contain
backported patches to correct these issues along with some additional bugs.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

170383 - mod_ssl per-directory renegotiation with request body
171756 - CVE-2005-2970 httpd worker MPM memory consumption DoS
175602 - CVE-2005-3352 cross-site scripting flaw in mod_imap
175720 - CVE-2005-3357 mod_ssl crash


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm

i386:
58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm
7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm
fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm

ia64:
9ba4fcecc7a987e0095cab3f3097573e httpd-2.0.46-56.ent.ia64.rpm
eaaa9f395d525f97d864fa8fb7abf0b3 httpd-devel-2.0.46-56.ent.ia64.rpm
5c1958e1b3abe828ccc70ef6aed3bb64 mod_ssl-2.0.46-56.ent.ia64.rpm

ppc:
463c75e6ea66006c222c769c133bc4a0 httpd-2.0.46-56.ent.ppc.rpm
fbfa43b0915f7593b0b53b060ccaa5f8 httpd-devel-2.0.46-56.ent.ppc.rpm
a9c64df8a73025eca98e931dd074b69a mod_ssl-2.0.46-56.ent.ppc.rpm

s390:
fe25eb28019d8d9a3a75b87eb60dbfe9 httpd-2.0.46-56.ent.s390.rpm
21a7aab2c525ea1f61528823f440c1ab httpd-devel-2.0.46-56.ent.s390.rpm
4bec0fb1ba74b43121cba95fcbc54430 mod_ssl-2.0.46-56.ent.s390.rpm

s390x:
1f0093a5d44fa75ad8d5dff12f6a8f81 httpd-2.0.46-56.ent.s390x.rpm
e005b654914be004d22d456c3f7cd9f1 httpd-devel-2.0.46-56.ent.s390x.rpm
ed206f46043e55028a3a1ec63f516042 mod_ssl-2.0.46-56.ent.s390x.rpm

x86_64:
19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm
204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm
770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm

i386:
58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm
7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm
fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm

x86_64:
19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm
204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm
770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm

i386:
58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm
7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm
fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm

ia64:
9ba4fcecc7a987e0095cab3f3097573e httpd-2.0.46-56.ent.ia64.rpm
eaaa9f395d525f97d864fa8fb7abf0b3 httpd-devel-2.0.46-56.ent.ia64.rpm
5c1958e1b3abe828ccc70ef6aed3bb64 mod_ssl-2.0.46-56.ent.ia64.rpm

x86_64:
19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm
204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm
770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm

i386:
58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm
7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm
fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm

ia64:
9ba4fcecc7a987e0095cab3f3097573e httpd-2.0.46-56.ent.ia64.rpm
eaaa9f395d525f97d864fa8fb7abf0b3 httpd-devel-2.0.46-56.ent.ia64.rpm
5c1958e1b3abe828ccc70ef6aed3bb64 mod_ssl-2.0.46-56.ent.ia64.rpm

x86_64:
19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm
204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm
770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm

i386:
64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm
7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm
5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm
4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm
97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm

ia64:
c7522babbf9b3a24f8c3bfaff8e2e10f httpd-2.0.52-22.ent.ia64.rpm
10a317c00ae0e59b4f3071870f6d939a httpd-devel-2.0.52-22.ent.ia64.rpm
adaf0ba8b49ee0ceb3469e1b5f67c339 httpd-manual-2.0.52-22.ent.ia64.rpm
38dec291e729a7e69bdc9ba25cfca5be httpd-suexec-2.0.52-22.ent.ia64.rpm
fa92eddcfe59311085ed2c0c7675380b mod_ssl-2.0.52-22.ent.ia64.rpm

ppc:
1fef1c2e4c3e8796c8d29f1a8b4288f2 httpd-2.0.52-22.ent.ppc.rpm
756f217a147ae442b5b60612c42a6e80 httpd-devel-2.0.52-22.ent.ppc.rpm
d8f0dd7e832cad4efa48333ed1d649af httpd-manual-2.0.52-22.ent.ppc.rpm
3a466a4bceadf2fcc1994206481062a6 httpd-suexec-2.0.52-22.ent.ppc.rpm
a293bf05ecae2c4b192d5ec3dfcbb98d mod_ssl-2.0.52-22.ent.ppc.rpm

s390:
c9aee197a528745c6c8590f7605b1643 httpd-2.0.52-22.ent.s390.rpm
9f8f303a60b8b52a5a1c4be911df9212 httpd-devel-2.0.52-22.ent.s390.rpm
f3107dc3d74f773f21854fc94e2eca2d httpd-manual-2.0.52-22.ent.s390.rpm
4f3d8737a2656298e7b2b867b0f35d2a httpd-suexec-2.0.52-22.ent.s390.rpm
e78eb4e3946b778fcd3a8fd650c1cc02 mod_ssl-2.0.52-22.ent.s390.rpm

s390x:
c175a4c5c89597afd57932e6e08f5755 httpd-2.0.52-22.ent.s390x.rpm
f894f7f71f4ab719d09812bb794f37df httpd-devel-2.0.52-22.ent.s390x.rpm
da94d5e68605db9f5c4c801e853e60ad httpd-manual-2.0.52-22.ent.s390x.rpm
350bbc702110c42e1cf95787168d63b1 httpd-suexec-2.0.52-22.ent.s390x.rpm
321b95391c4d73b76fb632db96fec976 mod_ssl-2.0.52-22.ent.s390x.rpm

x86_64:
e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm
95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm
f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm
dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm
8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm

i386:
64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm
7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm
5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm
4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm
97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm

x86_64:
e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm
95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm
f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm
dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm
8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm

i386:
64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm
7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm
5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm
4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm
97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm

ia64:
c7522babbf9b3a24f8c3bfaff8e2e10f httpd-2.0.52-22.ent.ia64.rpm
10a317c00ae0e59b4f3071870f6d939a httpd-devel-2.0.52-22.ent.ia64.rpm
adaf0ba8b49ee0ceb3469e1b5f67c339 httpd-manual-2.0.52-22.ent.ia64.rpm
38dec291e729a7e69bdc9ba25cfca5be httpd-suexec-2.0.52-22.ent.ia64.rpm
fa92eddcfe59311085ed2c0c7675380b mod_ssl-2.0.52-22.ent.ia64.rpm

x86_64:
e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm
95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm
f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm
dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm
8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm

i386:
64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm
7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm
5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm
4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm
97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm

ia64:
c7522babbf9b3a24f8c3bfaff8e2e10f httpd-2.0.52-22.ent.ia64.rpm
10a317c00ae0e59b4f3071870f6d939a httpd-devel-2.0.52-22.ent.ia64.rpm
adaf0ba8b49ee0ceb3469e1b5f67c339 httpd-manual-2.0.52-22.ent.ia64.rpm
38dec291e729a7e69bdc9ba25cfca5be httpd-suexec-2.0.52-22.ent.ia64.rpm
fa92eddcfe59311085ed2c0c7675380b mod_ssl-2.0.52-22.ent.ia64.rpm

x86_64:
e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm
95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm
f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm
dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm
8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.