httpd-2.4.6-67.5.0.1.el7.AXS7
エラータID: AXSA:2017-2357:03
リリース日:
2017/10/25 Wednesday - 10:38
題名:
httpd-2.4.6-67.5.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Apache httpd には,Limit ディレクティブがユーザの .htaccess ファイル
で設定されうる,あるいは httpd.conf で設定が誤っている場合,攻撃者が
機密データを読み込む脆弱性、別名 Optionsbleed があります。(CVE-2017-9798)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-9798
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
追加情報:
N/A
ダウンロード:
SRPMS
- httpd-2.4.6-67.5.0.1.el7.AXS7.src.rpm
MD5: e684021e680cab27a3e6ebbad7a5d7e9
SHA-256: 9702c40b51978766d86e5a851fb5d798116414d8fed893498d37839b3038cb2f
Size: 4.92 MB
Asianux Server 7 for x86_64
- httpd-2.4.6-67.5.0.1.el7.AXS7.x86_64.rpm
MD5: 79ed27732e6d99539488443ce039e1d1
SHA-256: 53e2a161fc71af7fe134f103bd89978354f75fa5c8727e5ad4e5c0a1041e819f
Size: 1.18 MB - httpd-devel-2.4.6-67.5.0.1.el7.AXS7.x86_64.rpm
MD5: 652e4e620f1cc7260a12e8d5b062633a
SHA-256: 4aefcdbb684426278c81aa33f26d2297348bfc2047a801f82a0911f24bb0cd52
Size: 192.91 kB - httpd-manual-2.4.6-67.5.0.1.el7.AXS7.noarch.rpm
MD5: 4cc383d419292560ecf48a1a31312840
SHA-256: 30cfee6b3cd8b806347147dbcf15ad9f3f7d0ca593e513aca465fac90fd7c8ff
Size: 1.34 MB - httpd-tools-2.4.6-67.5.0.1.el7.AXS7.x86_64.rpm
MD5: a1452071496a5fd474b721cb42a34525
SHA-256: 754b9eba6ff1f834e6bea5c44f2f699852a4bd130f279ffea08b263e995ea2fd
Size: 86.84 kB - mod_session-2.4.6-67.5.0.1.el7.AXS7.x86_64.rpm
MD5: 6c1f1d1f6bcce91a932afeb028c5cc52
SHA-256: dca788fb2a244989274518a19b55ad61d7531d5ff97d332e31e17f92bd3e8b10
Size: 57.11 kB - mod_ssl-2.4.6-67.5.0.1.el7.AXS7.x86_64.rpm
MD5: be74f5f799ef7bb67b02e7045534c962
SHA-256: bbe51261fb1832f4eb8c15cf889ba9dbe3e33f4d852add07c185de06883a2e1d
Size: 108.16 kB
English