-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2012:0323-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0323.html Issue date: 2012-02-21 CVE Names: CVE-2011-3607 CVE-2011-3639 CVE-2012-0031 CVE-2012-0053 ===================================================================== 1. Summary: Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1392) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. (CVE-2011-3639) The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607) A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix 769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow 773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling 785069 - CVE-2012-0053 httpd: cookie exposure due to error responses 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm i386: httpd-2.2.3-63.el5_8.1.i386.rpm httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm mod_ssl-2.2.3-63.el5_8.1.i386.rpm x86_64: httpd-2.2.3-63.el5_8.1.x86_64.rpm httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm mod_ssl-2.2.3-63.el5_8.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm i386: httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm httpd-devel-2.2.3-63.el5_8.1.i386.rpm httpd-manual-2.2.3-63.el5_8.1.i386.rpm x86_64: httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm httpd-devel-2.2.3-63.el5_8.1.i386.rpm httpd-devel-2.2.3-63.el5_8.1.x86_64.rpm httpd-manual-2.2.3-63.el5_8.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm i386: httpd-2.2.3-63.el5_8.1.i386.rpm httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm httpd-devel-2.2.3-63.el5_8.1.i386.rpm httpd-manual-2.2.3-63.el5_8.1.i386.rpm mod_ssl-2.2.3-63.el5_8.1.i386.rpm ia64: httpd-2.2.3-63.el5_8.1.ia64.rpm httpd-debuginfo-2.2.3-63.el5_8.1.ia64.rpm httpd-devel-2.2.3-63.el5_8.1.ia64.rpm httpd-manual-2.2.3-63.el5_8.1.ia64.rpm mod_ssl-2.2.3-63.el5_8.1.ia64.rpm ppc: httpd-2.2.3-63.el5_8.1.ppc.rpm httpd-debuginfo-2.2.3-63.el5_8.1.ppc.rpm httpd-debuginfo-2.2.3-63.el5_8.1.ppc64.rpm httpd-devel-2.2.3-63.el5_8.1.ppc.rpm httpd-devel-2.2.3-63.el5_8.1.ppc64.rpm httpd-manual-2.2.3-63.el5_8.1.ppc.rpm mod_ssl-2.2.3-63.el5_8.1.ppc.rpm s390x: httpd-2.2.3-63.el5_8.1.s390x.rpm httpd-debuginfo-2.2.3-63.el5_8.1.s390.rpm httpd-debuginfo-2.2.3-63.el5_8.1.s390x.rpm httpd-devel-2.2.3-63.el5_8.1.s390.rpm httpd-devel-2.2.3-63.el5_8.1.s390x.rpm httpd-manual-2.2.3-63.el5_8.1.s390x.rpm mod_ssl-2.2.3-63.el5_8.1.s390x.rpm x86_64: httpd-2.2.3-63.el5_8.1.x86_64.rpm httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm httpd-devel-2.2.3-63.el5_8.1.i386.rpm httpd-devel-2.2.3-63.el5_8.1.x86_64.rpm httpd-manual-2.2.3-63.el5_8.1.x86_64.rpm mod_ssl-2.2.3-63.el5_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3607.html https://www.redhat.com/security/data/cve/CVE-2011-3639.html https://www.redhat.com/security/data/cve/CVE-2012-0031.html https://www.redhat.com/security/data/cve/CVE-2012-0053.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-1392.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPRBwPXlSAg2UNWIIRAlvJAJ0TMniw4hLPlG+CAhF6cZd3RqTH3QCfVlvK 6HtbvIeYuOnRkg4sqECy22U= =UZwj -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce