httpd-2.2.3-43.3.0.1.AXS3

エラータID: AXSA:2010-433:03

Release date: 
Monday, September 6, 2010 - 20:35
Subject: 
httpd-2.2.3-43.3.0.1.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

The Apache HTTP Server is a powerful, efficient, and extensible web server.
Security issues fixed with this release;
CVE-2010-1452
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
CVE-2010-2791
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
Fixed bugs:
- upgraded mod_deflate to the newer upstream version from Apache HTTP Server 2.2.15 to fix numerous issues in the INFLATE filter.
- corrupted response if mod_filter applied the DEFLATE filter to a resource requiring a subrequest with an internal redirect.
- the OID() function in the mod_ssl 'SSLRequire' directive failed to properly evaluate extensions of an unknown type.

Solution: 

Update packages.

CVEs: 
CVE-2010-1452
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
CVE-2010-2791
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
Additional Info: 

N/A

Download: 

SRPMS
  1. httpd-2.2.3-43.3.0.1.AXS3.src.rpm
    MD5: 006794f7209685dc983cbfb10f58588b
    SHA-256: 1f83e458f147e9ad5a1fd5950567607bf9b74981e71ac513f6bb52772c690210
    Size: 6.22 MB

Asianux Server 3 for x86
  1. httpd-2.2.3-43.3.0.1.AXS3.i386.rpm
    MD5: 0efc1ba937b90f5c3121c5ecbc1b13ca
    SHA-256: 0476985fdf31676c4d047fd2a623042b5277745a3c8af209ce50950b4d27e419
    Size: 1.10 MB
  2. httpd-devel-2.2.3-43.3.0.1.AXS3.i386.rpm
    MD5: 7f0432a1d1c82a230f95ce043c145bb3
    SHA-256: 37968776c16ea79f9d84d696c4687647708a2050abb6d9ed2c921056b6cbedd5
    Size: 150.58 kB
  3. httpd-manual-2.2.3-43.3.0.1.AXS3.i386.rpm
    MD5: 218b6129aae6e1c6e1a841c2f4fa05d8
    SHA-256: f33ba41af5e9cb7c7e27d8fa04667b7a35bbe6ac8a4965cfc0afee4a5539306c
    Size: 823.24 kB
  4. mod_ssl-2.2.3-43.3.0.1.AXS3.i386.rpm
    MD5: 7c1d7b74ef0280f4d81693c50bfb40b3
    SHA-256: 100e74e56303527d4356deb029a3431488f2d503059313f3a2c274a93be1f8ea
    Size: 91.73 kB

Asianux Server 3 for x86_64
  1. httpd-2.2.3-43.3.0.1.AXS3.x86_64.rpm
    MD5: 3c08affdc6989be11711e03d1b400d29
    SHA-256: 3426bd30674c4b11dfffa1ca017fecf01f77834e8b9f84c602d9d22a959ec242
    Size: 1.11 MB
  2. httpd-devel-2.2.3-43.3.0.1.AXS3.x86_64.rpm
    MD5: 9925cf4b67e581f53dfcef99d03f13b8
    SHA-256: ae5b402ac01edacee956612d728bbf607c101a6b3f9f91c035ad410a81924b60
    Size: 150.53 kB
  3. httpd-manual-2.2.3-43.3.0.1.AXS3.x86_64.rpm
    MD5: 43a8ff05ba2fe027cd02ef36882795ee
    SHA-256: 8c865d5b3ee6b3c875efff2b523170d3de916291bc2c35443b94221bf9464a3e
    Size: 823.31 kB
  4. mod_ssl-2.2.3-43.3.0.1.AXS3.x86_64.rpm
    MD5: a9a5f25b6f16e9eb7a2760b2c55499b3
    SHA-256: 363b3d6a712a98639563419277a8a3c6c9b74ffc7a4bb72dc0d62488128af5aa
    Size: 92.55 kB