httpd-2.2.3-22.1.1AXS3
エラータID: AXSA:2009-63:01
リリース日:
2009/06/10 Wednesday - 14:03
題名:
httpd-2.2.3-22.1.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSL の libssl における crypto/comp/c_zlib.c の zlib_stateful_init 関数には、多数の呼び出しに対する処理に不備があるため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。(CVE-2008-1678)
- Apache HTTP サーバには AllowOverride ディレクティブの Options=IncludesNOEXEC を適切に扱えない問題があり、.htaccess ファイルを設定することにより、ローカルのユーザが権限を得る脆弱性があります。
(CVE-2009-1195)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2008-1678
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
CVE-2009-1195
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
追加情報:
N/A
ダウンロード:
SRPMS
- httpd-2.2.3-22.1.1AXS3.src.rpm
MD5: 40e08e1efc0448fca53ca7bb5da91798
SHA-256: b1dce07cdae2b3188d3236f74866b98dd55ba506abe63a30c56e7e43b1c17aa0
Size: 6.18 MB
Asianux Server 3 for x86
- httpd-2.2.3-22.1.1AXS3.i386.rpm
MD5: 618fa348b3de665a5597b8b7e6874813
SHA-256: 0e9823b2fcb3b0a82bc39f5596184a4c82ecadf6ecf5595659636f2937e7a34f
Size: 1.09 MB - httpd-devel-2.2.3-22.1.1AXS3.i386.rpm
MD5: 7fe9607ca3aae030bb2415a77285b532
SHA-256: 3855056fb483dac20f206c0aac3f8742284634eacae45ff304ddd44a4af34ca8
Size: 150.18 kB - httpd-manual-2.2.3-22.1.1AXS3.i386.rpm
MD5: f25a6ccaf9ac202e18c35cfd7107e8a9
SHA-256: d7bb585be242eb1ad5033ad967d4466af50204b1e9a705b237bf72e6f8d910fa
Size: 842.64 kB - mod_ssl-2.2.3-22.1.1AXS3.i386.rpm
MD5: 109d08fa43f6fc13a32ecdff9bf562e8
SHA-256: d21ee66b71003eb917afe4c7ba289ed8644bf110e5127bd809208762e656379b
Size: 87.66 kB
Asianux Server 3 for x86_64
- httpd-2.2.3-22.1.1AXS3.x86_64.rpm
MD5: a678a0711531fe3d4cac1cfb4b740640
SHA-256: f55cea57d2755cb8b4d91c8469f0d2c15980d339207c4677dd9c381a38951ad2
Size: 1.10 MB - httpd-devel-2.2.3-22.1.1AXS3.x86_64.rpm
MD5: 90600d69576d1506f120e5e71b494811
SHA-256: 1d4777c024d5de9a10098dacf188c8438100f320e3bd121d49223eeb22814453
Size: 149.90 kB - httpd-manual-2.2.3-22.1.1AXS3.x86_64.rpm
MD5: 55e9051a2f472e915c392e0ca3655747
SHA-256: f61e0823baece1620bc146cdc849d70495f97f1eefbb8001276008618fefbae1
Size: 842.87 kB - mod_ssl-2.2.3-22.1.1AXS3.x86_64.rpm
MD5: 2cffb86a5b46a4fb36ba0e01a0b902af
SHA-256: 8512eb09ad2a81865c0b36f68212f3af07d5d9dcf4ac411a2ca8685e4099aaf8
Size: 88.05 kB