httpd-2.2.3-22.2.1AXS3
エラータID: AXSA:2009-77:02
リリース日:
2009/07/22 Wednesday - 11:19
題名:
httpd-2.2.3-22.2.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache HTTP サーバの mod_proxy モジュールの stream_reqbody_cl 関数には、リバースプロキシが設定されている場合、Content-Length 値を越えるストリームデータ量を適切に処理することができない脆弱性があります。(CVE-2009-1890)
- Apache httpd の mod_deflate モジュールでは大きなファイルをネットワーク接続がクローズされた後も完了するまで圧縮し続ける問題があり、リモートの攻撃者がサービス拒否 (CPUの消費) を引き起こす問題があります。(CVE-2009-1891)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-1890
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
CVE-2009-1891
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
追加情報:
N/A
ダウンロード:
SRPMS
- httpd-2.2.3-22.2.1AXS3.src.rpm
MD5: 4bd8a631e8dd3d78639cc0e0d0293828
SHA-256: 510b7b4212480e988f9814f53ab85a9b3ffdf4ad289afeddb83beb03836b5bc7
Size: 6.19 MB
Asianux Server 3 for x86
- httpd-2.2.3-22.2.1AXS3.i386.rpm
MD5: 7aa7c133a52447d3117b3e93e904864f
SHA-256: 59054e2e0cf9c7bfbf56a9eabae298de05c2110a9d349cdd76059355602d7a5f
Size: 1.09 MB - httpd-devel-2.2.3-22.2.1AXS3.i386.rpm
MD5: 4e043bf70a14fffe09ad6521343171e1
SHA-256: e78f416c216037d12e4089003a9c56631979e8d45b8c7e2c75c584a2ed65d562
Size: 150.42 kB - httpd-manual-2.2.3-22.2.1AXS3.i386.rpm
MD5: d22d85818f40273b5ec2cec2ea86c523
SHA-256: c3b95fd8205de5cb9aeec4f512989502ff4a37c2b29cb42c5e4e57ab060d6432
Size: 843.48 kB - mod_ssl-2.2.3-22.2.1AXS3.i386.rpm
MD5: 0df1e7fcffaa1a7dd1004c7e8d63ae91
SHA-256: a085831314b415aac2e0207f4a404cdcf28a9ce7a9af48e1ea63454d8d66fd24
Size: 87.35 kB
Asianux Server 3 for x86_64
- httpd-2.2.3-22.2.1AXS3.x86_64.rpm
MD5: 9c60917e2c8e661d9ea3fa67c7af2ca5
SHA-256: d7be0da1e0ebf124d4d1013ad6f1df9b22646bcb1081738d064461845951da72
Size: 1.10 MB - httpd-devel-2.2.3-22.2.1AXS3.x86_64.rpm
MD5: acbe67005d6cd38659721988b9ace932
SHA-256: 17ce59925ad4d9d9c95eea7254852634a21badd73e081d14b5b7f5a7965f06e9
Size: 150.46 kB - httpd-manual-2.2.3-22.2.1AXS3.x86_64.rpm
MD5: 83f67ab9a391bf97f330a7e7af72f1ef
SHA-256: f5a44856f5c6a04f6d3b1c18fcf1a1b5f9b07f2c9e16885bebca43c461e9f647
Size: 843.29 kB - mod_ssl-2.2.3-22.2.1AXS3.x86_64.rpm
MD5: 27f888f420e54242e58862e0256918e2
SHA-256: 9057c987164d6eb5cd3593324a6ec805c978be4758664c81faaf6a4a5f19f3aa
Size: 88.02 kB