httpd-2.2.3-78.0.1.AXS3

エラータID: AXSA:2013-441:02

Release date: 
Thursday, May 16, 2013 - 12:09
Subject: 
httpd-2.2.3-78.0.1.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

The Apache HTTP Server is a powerful, efficient, and extensible web server.

Security issues fixed with this release:

• CVE-2012-3499
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.

• CVE-2012-4558
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.

• CVE-2013-1862
No information available at the time of writing, please use the CVE link below.

Solution: 

Update packages.

CVEs: 
CVE-2012-3499
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
CVE-2012-4558
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
CVE-2013-1862
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.




Additional Info: 

N/A

Download: 

SRPMS
  1. httpd-2.2.3-78.0.1.AXS3.src.rpm
    MD5: 66b4f9e43aacc40f05b2b23933ba1389
    SHA-256: 254d0118a60af569f330bbbf2cbedae7bbcfec3f063f1a59a492c49f4f42a1ed
    Size: 6.29 MB

Asianux Server 3 for x86
  1. httpd-2.2.3-78.0.1.AXS3.i386.rpm
    MD5: 54e3b9a9071aa7beda6e41c2d6b4906b
    SHA-256: 3f08ecbbe3e9dcfd656fa647286d18ad446d88c042028ab7badb24c9d87362fd
    Size: 1.13 MB
  2. httpd-devel-2.2.3-78.0.1.AXS3.i386.rpm
    MD5: b4d354f99bd407cfe49f1208c66c1432
    SHA-256: 2ec1a30cadf15ae54c7c1b863fb16e064e0cdd9150f0a22b0460903bb34bc885
    Size: 156.50 kB
  3. httpd-manual-2.2.3-78.0.1.AXS3.i386.rpm
    MD5: 34383def99514eb2463cb8aab7a4281b
    SHA-256: 426b9eeccb36e4a232bb34f1242debb41b9b2894ba773dee37631f0462261fae
    Size: 827.92 kB
  4. mod_ssl-2.2.3-78.0.1.AXS3.i386.rpm
    MD5: c7cc028985bd1d6b45570fe6d2b98697
    SHA-256: 3e771d2f348c6c8bc106b4222fd3ceb4fc81ce6968e2f6a112d64c426c04f462
    Size: 96.98 kB

Asianux Server 3 for x86_64
  1. httpd-2.2.3-78.0.1.AXS3.x86_64.rpm
    MD5: f9058b0191246664ccd16b25772ade4c
    SHA-256: 60efc17155d646189e2eca17a8e63949411af9a9826c4cf52f8815875e420319
    Size: 1.14 MB
  2. httpd-devel-2.2.3-78.0.1.AXS3.x86_64.rpm
    MD5: 2e79ea78fe7749002eca6b8428a0c072
    SHA-256: 8ee13e4b0661aec8dd9e4c3de08707d034e9e61c1961aa968212f0289a47eea4
    Size: 156.43 kB
  3. httpd-manual-2.2.3-78.0.1.AXS3.x86_64.rpm
    MD5: f0b2fd37a3acb20c7feebea10eaaa804
    SHA-256: 3a3e8cc01bb6f395e6c7dfd3c25d8c5e9916c11f5e5c06eaaabe0d7d255502ed
    Size: 827.69 kB
  4. mod_ssl-2.2.3-78.0.1.AXS3.x86_64.rpm
    MD5: cedc02da7e944c3f6df5372c6d40fa9c
    SHA-256: bea2366b4430d4c6f446f0f30c547871018e7669150e12cef866ae1bdf6ad815
    Size: 97.80 kB