httpd-2.2.15-54.0.1.AXS4
エラータID: AXSA:2016-569:04
Release date:
Wednesday, July 20, 2016 - 18:37
Subject:
httpd-2.2.15-54.0.1.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
Security issues fixed with this release:
CVE-2016-5387
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Solution:
Update packages.
CVEs:
CVE-2016-5387
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
Additional Info:
N/A
Download:
SRPMS
- httpd-2.2.15-54.0.1.AXS4.src.rpm
MD5: 73dd0dcf7d02a5b7ba331055f54e4669
SHA-256: e0b8520e7d98b1d4d8b2a3f5c257305f417ad6d154c3ffa96c9eaa4affc314e2
Size: 6.46 MB
Asianux Server 4 for x86
- httpd-2.2.15-54.0.1.AXS4.i686.rpm
MD5: 7962011d3eac11ba4baaa4cbfaea0634
SHA-256: 2eb74acaf1a529fc61b04af4833e725bfbc9d3fc6e1d7fe68e566e0698553236
Size: 835.02 kB - httpd-devel-2.2.15-54.0.1.AXS4.i686.rpm
MD5: c1d6c53fd3c8d769f3ce4234e4bd3e31
SHA-256: cd5c586db05ca1478d6afe56487b979e4b91b3b7527eacdadd496c103fa9f728
Size: 155.64 kB - httpd-manual-2.2.15-54.0.1.AXS4.noarch.rpm
MD5: 9a1ef45b3b39095f834f5ed4e7668a56
SHA-256: f40e607fb6df94b2ee878cea5c0112f431d89915ea899ab2a2002dfbab4d34e6
Size: 788.62 kB - httpd-tools-2.2.15-54.0.1.AXS4.i686.rpm
MD5: 18d24ce456fb971a5d8126a4aef66e01
SHA-256: d7afaa4e5859dbfe918bfd68f490691574b334ea3e12d3877752c8ae0d338466
Size: 78.73 kB - mod_ssl-2.2.15-54.0.1.AXS4.i686.rpm
MD5: 9abfee7bb6e81367a261734f71df4bd8
SHA-256: d2c2a468910ae170863781361c0d6bebe7a2f09bf16ca23b994be61a7acac031
Size: 96.97 kB
Asianux Server 4 for x86_64
- httpd-2.2.15-54.0.1.AXS4.x86_64.rpm
MD5: cdb3aa792941f939371eeae81850d3f2
SHA-256: d0133a329b563244e690b95144ef144605ec53f718146cd8898cb564fc5d51cb
Size: 834.86 kB - httpd-devel-2.2.15-54.0.1.AXS4.x86_64.rpm
MD5: daee10b78f7b96b790d54495fdb3f84b
SHA-256: edad84f03ec94537f361f8ad8d244b37a565007705d69f67e8bf444c63540e37
Size: 155.17 kB - httpd-manual-2.2.15-54.0.1.AXS4.noarch.rpm
MD5: b200205c2ebeb23cbc60ab225bafe95e
SHA-256: 6590dce561a489e8524ce475ed422139764082e3010f5d91be8611c6a7c1fc81
Size: 788.16 kB - httpd-tools-2.2.15-54.0.1.AXS4.x86_64.rpm
MD5: 4b6db6f1b8541209d8c9c49de90dd550
SHA-256: fb6aff6a4aa348b8bc05c7e0f3aafe3c46f68a7d64b7f3104dfab023e0247ba3
Size: 77.72 kB - mod_ssl-2.2.15-54.0.1.AXS4.x86_64.rpm
MD5: a5436bb4826dfcf732585c5462b6c5ea
SHA-256: f5718845d91bf915c1e06048342137dd9b45dd657ffe8fd0f629776b8e0ee0a7
Size: 95.88 kB - httpd-devel-2.2.15-54.0.1.AXS4.i686.rpm
MD5: c1d6c53fd3c8d769f3ce4234e4bd3e31
SHA-256: cd5c586db05ca1478d6afe56487b979e4b91b3b7527eacdadd496c103fa9f728
Size: 155.64 kB
日本語