Get the LinuxSecurity news you want faster with RSS
Powered By
Pardus: Apache: Multiple Vulnerabilities
Posted by Benjamin D. Thomas
Some vulnerabilities have been reported in Apache, which can be
--============== 10687838=Content-Type: multipart/alternative; boundary�1636c5a82f8be75c046e7ec98c
--001636c5a82f8be75c046e7ec98c
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-101 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2009-07-11
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
Some vulnerabilities have been reported in Apache, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Description
===========
1) A vulnerability has been reported in the Apache mod_proxy module,
which can be exploited by malicious people to potentially cause a DoS
(Denial of Service).
An error exists in the mod_proxy module when functioning in reverse
proxy mode. This can be exploited to consume large amounts of CPU in an
affected proxy process via specially crafted proxy requests.
2) Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects.ยท
Affected packages:
Pardus 2008:
apache, all before 2.2.11-31-9
Resolution
==========
There are update(s) for apache. You can update them via Package Manager
or with a single command from console:
pisi up apache
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=10300
* http://svn.apache.org/viewvc?view=rev&revision=790587
* http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&r2=790586&pathrev=790587
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891
