httpd-2.2.15-60.4.0.1.AXS4
エラータID: AXSA:2017-1742:03
Release date:
Thursday, July 13, 2017 - 10:39
Subject:
httpd-2.2.15-60.4.0.1.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
Security issues fixed with this release:
CVE-2016-8743
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Fixed bugs:
* Previously, httpd was unable to correctly check a boundary of an array, and in rare cases it attempted to access an element of an array that was out of bounds. Consequently, httpd terminated unexpectedly with a segmentation fault at proxy_util.c. With this update, bounds checking has been fixed, and httpd no longer crashes.
Solution:
Update packages.
CVEs:
CVE-2016-8743
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
Additional Info:
N/A
Download:
SRPMS
- httpd-2.2.15-60.4.0.1.AXS4.src.rpm
MD5: 62858daeb57392faa369447745ce9fa1
SHA-256: 4fe1d0ed2bcad47a3a81443eab51675641b5fb01b02da6c17686ea08bac5943b
Size: 6.49 MB
Asianux Server 4 for x86
- httpd-2.2.15-60.4.0.1.AXS4.i686.rpm
MD5: 83936809804b1b9417131d3d2ced2baa
SHA-256: a0740496509724dee47b277902740c68784919b817ccb127f6194fc1fd99ccb8
Size: 845.81 kB - httpd-devel-2.2.15-60.4.0.1.AXS4.i686.rpm
MD5: 02ea2d10a5554c1652970893e1d9f190
SHA-256: 574773edae2077ee6511fa0eef3ef8f331af8e1c6f83c446b26689dba9b9adb2
Size: 157.34 kB - httpd-manual-2.2.15-60.4.0.1.AXS4.noarch.rpm
MD5: 0cbc9679eb3a67e3efd0b2390abc9139
SHA-256: 20010126b7ff38a3575c8269855bec9fc6bf16b6c0057df34e881cbdb470d135
Size: 791.40 kB - httpd-tools-2.2.15-60.4.0.1.AXS4.i686.rpm
MD5: dea2bafd32f668f0b6242002624d7f25
SHA-256: 12a429eec971f9bc2e7a01f2cac6052add8b275664fc0412629ecc0d6427d777
Size: 80.02 kB - mod_ssl-2.2.15-60.4.0.1.AXS4.i686.rpm
MD5: a1bf8cadb004851a798e2bbbbc0859c2
SHA-256: 19087ec8e1daefec9ab38a4ff4530761675010d293df9ef41ff1d9c33afa95d8
Size: 98.28 kB
Asianux Server 4 for x86_64
- httpd-2.2.15-60.4.0.1.AXS4.x86_64.rpm
MD5: 78069b67abdb9f39131d46449899d85a
SHA-256: e9c009369c5935b77aed37b7da37ee446e5ae354ed859dca76bd38a983d1bfc2
Size: 839.61 kB - httpd-devel-2.2.15-60.4.0.1.AXS4.x86_64.rpm
MD5: 1ea0190fe3b0d01a1250950e283e78f7
SHA-256: c5a251610917712a989d5b6315e66f18a084fc65aa2c8de11e86ea1fb32415a0
Size: 156.88 kB - httpd-manual-2.2.15-60.4.0.1.AXS4.noarch.rpm
MD5: 5681d9f17fe795795794b35df43d2df7
SHA-256: fb84e7df887befab9983e40b6b67a1e667b8611bc25b14f30a37bf4f6c2e2ff0
Size: 790.92 kB - httpd-tools-2.2.15-60.4.0.1.AXS4.x86_64.rpm
MD5: 4a7362d607feded306980560d914c1fd
SHA-256: c000e090fbfd47408d285a6fded979e21b02729c06df57d8faf3434deb39861f
Size: 79.01 kB - mod_ssl-2.2.15-60.4.0.1.AXS4.x86_64.rpm
MD5: b95603fc34daa8414a4a2432fe17d4e5
SHA-256: 5e84a2d6ceac41d4a2dae925d5ab8a44574eaff953755d0176e360981f256c24
Size: 97.20 kB - httpd-devel-2.2.15-60.4.0.1.AXS4.i686.rpm
MD5: 02ea2d10a5554c1652970893e1d9f190
SHA-256: 574773edae2077ee6511fa0eef3ef8f331af8e1c6f83c446b26689dba9b9adb2
Size: 157.34 kB