httpd-2.2.3-43.3.0.1.AXS3
エラータID: AXSA:2010-433:03
リリース日:
2010/09/06 Monday - 20:35
題名:
httpd-2.2.3-43.3.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache HTTP Server の mod_cache および mod_dav モジュールには、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。(CVE-2010-1452)
- Apache HTTP Server の httpd 内にある mod_proxy には、Unix 上で稼働させた際、タイムアウトの検出処理に不備があり、バックエンドの接続を終了しないため、他のクライアントの重要なレスポンスを取得される脆弱性が存在します。
本脆弱性は、CVE-2010-2068 と同様ですが、OS と影響のあるバージョンのセットが異なります。 (CVE-2010-2791)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2010-1452
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
CVE-2010-2791
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
追加情報:
N/A
ダウンロード:
SRPMS
- httpd-2.2.3-43.3.0.1.AXS3.src.rpm
MD5: 006794f7209685dc983cbfb10f58588b
SHA-256: 1f83e458f147e9ad5a1fd5950567607bf9b74981e71ac513f6bb52772c690210
Size: 6.22 MB
Asianux Server 3 for x86
- httpd-2.2.3-43.3.0.1.AXS3.i386.rpm
MD5: 0efc1ba937b90f5c3121c5ecbc1b13ca
SHA-256: 0476985fdf31676c4d047fd2a623042b5277745a3c8af209ce50950b4d27e419
Size: 1.10 MB - httpd-devel-2.2.3-43.3.0.1.AXS3.i386.rpm
MD5: 7f0432a1d1c82a230f95ce043c145bb3
SHA-256: 37968776c16ea79f9d84d696c4687647708a2050abb6d9ed2c921056b6cbedd5
Size: 150.58 kB - httpd-manual-2.2.3-43.3.0.1.AXS3.i386.rpm
MD5: 218b6129aae6e1c6e1a841c2f4fa05d8
SHA-256: f33ba41af5e9cb7c7e27d8fa04667b7a35bbe6ac8a4965cfc0afee4a5539306c
Size: 823.24 kB - mod_ssl-2.2.3-43.3.0.1.AXS3.i386.rpm
MD5: 7c1d7b74ef0280f4d81693c50bfb40b3
SHA-256: 100e74e56303527d4356deb029a3431488f2d503059313f3a2c274a93be1f8ea
Size: 91.73 kB
Asianux Server 3 for x86_64
- httpd-2.2.3-43.3.0.1.AXS3.x86_64.rpm
MD5: 3c08affdc6989be11711e03d1b400d29
SHA-256: 3426bd30674c4b11dfffa1ca017fecf01f77834e8b9f84c602d9d22a959ec242
Size: 1.11 MB - httpd-devel-2.2.3-43.3.0.1.AXS3.x86_64.rpm
MD5: 9925cf4b67e581f53dfcef99d03f13b8
SHA-256: ae5b402ac01edacee956612d728bbf607c101a6b3f9f91c035ad410a81924b60
Size: 150.53 kB - httpd-manual-2.2.3-43.3.0.1.AXS3.x86_64.rpm
MD5: 43a8ff05ba2fe027cd02ef36882795ee
SHA-256: 8c865d5b3ee6b3c875efff2b523170d3de916291bc2c35443b94221bf9464a3e
Size: 823.31 kB - mod_ssl-2.2.3-43.3.0.1.AXS3.x86_64.rpm
MD5: a9a5f25b6f16e9eb7a2760b2c55499b3
SHA-256: 363b3d6a712a98639563419277a8a3c6c9b74ffc7a4bb72dc0d62488128af5aa
Size: 92.55 kB