httpd-2.2.15-31.0.1.AXS4

エラータID: AXSA:2014-468:02

Release date: 
Monday, July 28, 2014 - 20:29
Subject: 
httpd-2.2.15-31.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

Security issues fixed with this release:

CVE-2014-0118
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.

CVE-2014-0226
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

CVE-2014-0231
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

Solution: 

update packages.

CVEs: 
CVE-2014-0118
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.
CVE-2014-0226
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
CVE-2014-0231
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.




Additional Info: 

N/A

Download: 

SRPMS
  1. httpd-2.2.15-31.0.1.AXS4.src.rpm
    MD5: a24e4f58a9460ee42f50039923df675f
    SHA-256: f2bdca33ef141e1d07e9bfacc38b3f0747177e0d6958f32ba588429d7c3f1953
    Size: 6.40 MB

Asianux Server 4 for x86
  1. httpd-2.2.15-31.0.1.AXS4.i686.rpm
    MD5: 160dd0d58d7de34026035cbb9e7af60a
    SHA-256: e8165b7f49b97db1d1a3d2aa285c01daf5ff9c1cfc3a0e2017ff2b014b03f2bb
    Size: 826.89 kB
  2. httpd-devel-2.2.15-31.0.1.AXS4.i686.rpm
    MD5: 717e5bdef68e47b90555d590d4ceb36c
    SHA-256: 024e90cee55c64f0704eab83296011a9f87d2f9d6c7043b41399e9a26db1011e
    Size: 150.19 kB
  3. httpd-manual-2.2.15-31.0.1.AXS4.noarch.rpm
    MD5: cbfb50efa16f5b92baa3e949aee6926f
    SHA-256: 23e11fc908bc46878d7b9a9376c7b1844f59ad0e49a27060f4a6dc0dab0cc17e
    Size: 783.41 kB
  4. httpd-tools-2.2.15-31.0.1.AXS4.i686.rpm
    MD5: 4e765041bc0aa952f116637664bc8949
    SHA-256: 9f709d0d252bb59dd61d0821daa4ab15538e8147a7f3e7e26415d1d2509d946e
    Size: 73.33 kB
  5. mod_ssl-2.2.15-31.0.1.AXS4.i686.rpm
    MD5: 2983ea4dc446d277f2d7e05e794e0584
    SHA-256: 37b1bba63d4a54648ebd9c73f36fe660b24cb79097f908b45e30e42c0148fedf
    Size: 91.27 kB

Asianux Server 4 for x86_64
  1. httpd-2.2.15-31.0.1.AXS4.x86_64.rpm
    MD5: 14ed7fb1a0e57530b8dc5d35c65a0ee8
    SHA-256: 6fe2ff293db3e5b796ebd449f18895de5fb06fe0807e8e310937e0faec7eb4fa
    Size: 822.64 kB
  2. httpd-devel-2.2.15-31.0.1.AXS4.x86_64.rpm
    MD5: 8af4ea80f6a85a0332d674120d2cbf8e
    SHA-256: 777f3a00c94fb6d769e3c6354658e8564215ab0298a0ad9642a3113b3f691bea
    Size: 149.71 kB
  3. httpd-manual-2.2.15-31.0.1.AXS4.noarch.rpm
    MD5: eed9fb476d62fe6e95bd8d2a2c216fd0
    SHA-256: 30029b8dd6018f01fe20a795ac56ad426a19708f747c28f8835a184981afd460
    Size: 782.89 kB
  4. httpd-tools-2.2.15-31.0.1.AXS4.x86_64.rpm
    MD5: 6fac19cce77619b288442fb2f2fc6d4a
    SHA-256: ba02d7f4c7bdf722c62e267ff82b5fc336dcad052ae14c2c49ee8f64506b609b
    Size: 72.27 kB
  5. mod_ssl-2.2.15-31.0.1.AXS4.x86_64.rpm
    MD5: 36f6953cd9a43e263edbb09bc0c95482
    SHA-256: 34b78df466de2829471f9e1f356376366bff9ccc5fa7caaada987441f5e81a62
    Size: 89.84 kB
  6. httpd-devel-2.2.15-31.0.1.AXS4.i686.rpm
    MD5: 717e5bdef68e47b90555d590d4ceb36c
    SHA-256: 024e90cee55c64f0704eab83296011a9f87d2f9d6c7043b41399e9a26db1011e
    Size: 150.19 kB