|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2014-0098: apache2: log_cookie mod_log_config.c remote denial of service | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Roman Drahtmueller <draht> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P2 - High | CC: | david.chenworth, jechristensen, meissner, security-team, smash_bz, stokos |
| Version: | unspecified | Keywords: | DSLA_REQUIRED, DSLA_SOLUTION_PROVIDED |
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/97118/ | ||
| Whiteboard: | maint:released:sle11-sp1:58333 wasL3:41331 maint:released:sle11-sp3:58335 maint:released:sle10-sp3:58334 CVSSv2:NVD:CVE-2014-0098:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2014-0098:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:UNK(Oracle):CVE-2014-0098:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | httpd-2.2.3-CVE-2014-0098.patch | ||
|
Description
Marcus Meissner
2014-03-19 09:53:47 UTC
checked sle11 sp1 apache2 code, problem does not seem to be there.. so probably just opensuse affected. bugbot adjusting priority I take above comment back. redhat has a fix for 2.2, so we probablys need one too. Created attachment 592976 [details]
httpd-2.2.3-CVE-2014-0098.patch
patch from rh
Affected packages: SLE-11-SP3: apache2 *** Bug 874043 has been marked as a duplicate of this bug. *** SLES12 is unaffected (2.4.9). An update workflow for this issue was started. This issue was rated as low. Please submit fixed packages until 2014-07-30. https://swamp.suse.de/webswamp/wf/58158 Affected packages: SLE-11-SP3: apache2 package submit will be superseded (momentarily) by a package with further changes from other bugzillas. This is an autogenerated message for OBS integration: This bug (869106) was mentioned in https://build.opensuse.org/request/show/242399 Evergreen:11.4 / apache2.openSUSE_Evergreen_11.4 SUSE-SU-2014:0967-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 859916,869105,869106,887765,887768 CVE References: CVE-2013-6438,CVE-2014-0098,CVE-2014-0226,CVE-2014-0231 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): apache2-2.2.12-1.46.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): apache2-2.2.12-1.46.1 SUSE Linux Enterprise Server 11 SP3 (src): apache2-2.2.12-1.46.1 openSUSE-SU-2014:0969-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 859916,869105,869106,871309,887765,887768 CVE References: CVE-2013-5705,CVE-2013-6438,CVE-2014-0098,CVE-2014-0226,CVE-2014-0231 Sources used: openSUSE 11.4 (src): apache2-2.2.17-80.1, apache2-mod_security2-2.7.5-16.1 An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-08-26. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58625 openSUSE-SU-2014:1044-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 869105,869106,887765,887767,887768,887771 CVE References: CVE-2013-4352,CVE-2013-6438,CVE-2014-0098,CVE-2014-0117,CVE-2014-0226,CVE-2014-0231 Sources used: openSUSE 13.1 (src): apache2-2.4.6-6.27.1 openSUSE-SU-2014:1045-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 869105,869106,887765,887768 CVE References: CVE-2013-6438,CVE-2014-0098,CVE-2014-0226,CVE-2014-0231 Sources used: openSUSE 12.3 (src): apache2-2.2.22-10.12.1 |