httpd-2.2.15-29.0.1.AXS4
エラータID: AXSA:2013-627:04
リリース日:
2013/09/23 Monday - 19:00
題名:
httpd-2.2.15-29.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Asianux Server 4 for ppc
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache HTTP Server の mod_dav.c は適切に DAV が URI に対して有効かどうかを判定せず,MERGE リクエスト中で mod_dav_svn モジュールによって処理するように URL が設定されていますが,XML データ中の特定の href 属性が DAV ではない URI を参照しており,そのような MERGE リクエストによってリモートの攻撃者がサービス拒否 (セグメンテーションフォールト) を引き起こす脆弱性があります。 (CVE-2013-1896)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-1896
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
追加情報:
N/A
ダウンロード:
SRPMS
- httpd-2.2.15-29.0.1.AXS4.src.rpm
MD5: c06639ba5bc1d01937b5777f6dc3223e
SHA-256: 31c7892d9c9f56701e18e2970733e025316da33a67bb03909658e0d2e1767b4d
Size: 6.39 MB
Asianux Server 4 for x86
- httpd-2.2.15-29.0.1.AXS4.i686.rpm
MD5: b8a3db93a13dbdb583f8e5dfa3b43b54
SHA-256: fff3e75daab0a14022f0f25c3167c54391c1a91ecaac0900848e04a39f29c0a2
Size: 827.44 kB - httpd-devel-2.2.15-29.0.1.AXS4.i686.rpm
MD5: dbe58186c9eecf5eba18ecaf16fa9aa7
SHA-256: 7deaf996197c1410f2703da705e0591cb1ad6eb6db571f7dbd29985c6bb06479
Size: 149.73 kB - httpd-tools-2.2.15-29.0.1.AXS4.i686.rpm
MD5: 9a9ccea20155a6a3559d7bc709048412
SHA-256: aae77970fe1553990071e683faf204cdab5699e22313f27f15830b03a8919689
Size: 72.96 kB - mod_ssl-2.2.15-29.0.1.AXS4.i686.rpm
MD5: 1f99af4283fee9d9a492e3b7bbbfdd82
SHA-256: 69b402356e824e116a5c8aa926f8e093cf389cd5d079afd72cb035250f74379e
Size: 90.77 kB - httpd-manual-2.2.15-29.0.1.AXS4.noarch.rpm
MD5: ff0c7f17cced3e8be28e2febc525b2ae
SHA-256: ac1b879f2b37d007220cf1700f49ce6a5081464dd2b699ea0b442748d42cba1e
Size: 783.18 kB
Asianux Server 4 for x86_64
- httpd-2.2.15-29.0.1.AXS4.x86_64.rpm
MD5: 6538f4f750a91248259ef5be97b76a8d
SHA-256: fcc468d4ca4c2c75eb15e229434ffe2e3346a8d337e422503af794749a5093a2
Size: 820.62 kB - httpd-devel-2.2.15-29.0.1.AXS4.x86_64.rpm
MD5: fb9b699f67241b82c9d64e61a457bb1e
SHA-256: b5e34417f7fc30f4f5f8d38b673d03c7d905636b5a77675d7245e5d3a0edf643
Size: 149.27 kB - httpd-tools-2.2.15-29.0.1.AXS4.x86_64.rpm
MD5: 26ab0a2f115efe70c4e1b6a294e293c2
SHA-256: 470b81146b6be5f2f501109f9c19f42efd1d401cb0a628e6c8d63aed8d442bb9
Size: 71.88 kB - mod_ssl-2.2.15-29.0.1.AXS4.x86_64.rpm
MD5: 0db91bb48e7f95ce5b20cb0e8f1a4aa6
SHA-256: 664beadf3429915d4da05041c83a9a10ecb6fc01cfe7da88e9c0c45052b9f579
Size: 89.65 kB - httpd-manual-2.2.15-29.0.1.AXS4.noarch.rpm
MD5: ac5ef3561fcbfcd8cac4f9fae3b516d7
SHA-256: 399d901b635c3f8cd3c65a551485e138d644865c1745937662bcd7822eb95baa
Size: 782.66 kB - httpd-devel-2.2.15-29.0.1.AXS4.i686.rpm
MD5: dbe58186c9eecf5eba18ecaf16fa9aa7
SHA-256: 7deaf996197c1410f2703da705e0591cb1ad6eb6db571f7dbd29985c6bb06479
Size: 149.73 kB