Bug 586572 - (CVE-2010-0408) VUL-0: CVE-2010-0408 CVE-2010-0434: apache2: New security fixes in apache 2.2.15
(CVE-2010-0408)
VUL-0: CVE-2010-0408 CVE-2010-0434: apache2: New security fixes in apache 2.2.15
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Linux
: P2 - High : Major
: ---
Assigned To: Roman Drahtmueller
E-mail List
maint:released:11.0:32659 maint:relea...
:
Depends on:
Blocks: 601151
  Show dependency treegraph
 
Reported: 2010-03-09 11:04 UTC by Sebastian Krahmer
Modified: 2018-10-02 17:37 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2010-03-09 11:04:13 UTC
There seem to be new security fixes in the new apache release:

http://apache.linux-mirror.org/httpd/CHANGES_2.2.15

in particular CVE-2010-0408, CVE-2010-0425 and CVE-2010-0434
which seem to be unhandled by the previous bugzilla entries.
Comment 1 Roman Drahtmueller 2010-03-09 11:07:03 UTC
Yup. Thanks.

Unfortunately, a backport of SSLInsecureRenegotiation introduces a dependency to http://bugzilla.novell.com/show_bug.cgi?id=584292 .
Comment 2 Ludwig Nussel 2010-03-11 09:59:15 UTC
CVE-2010-0425 is windows specific

======================================================
Name: CVE-2010-0408

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apa
che HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations 
in which a client sends no request body, which allows remote attackers to cause 
a denial of service (backend server outage) via a crafted request, related to us
e of a 500 error code instead of the appropriate 400 error code.
            

Reference: CONFIRM: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modu
les/proxy/mod_proxy_ajp.c?r1=917876&r2=917875&pathrev=917876
Reference: CONFIRM: http://httpd.apache.org/security/vulnerabilities_22.html
Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=569905
Reference: BID: http://www.securityfocus.com/bid/38491
Reference: MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2010
:053
Reference: CONFIRM: http://svn.apache.org/viewvc?view=revision&revision=917876



======================================================
Name: CVE-2010-0434

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.
x before 2.2.15, when a multithreaded MPM is used, does not properly handle head
ers in subrequests in certain circumstances involving a parent request that has 
a body, which might allow remote attackers to obtain sensitive information via a
 crafted request that triggers access to memory locations associated with an ear
lier request.
        
        

Reference: CONFIRM: http://httpd.apache.org/security/vulnerabilities_22.html
Reference: CONFIRM: https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=570171
Reference: XF: http://xforce.iss.net/xforce/xfdb/56625
Reference: BID: http://www.securityfocus.com/bid/38494
Reference: CONFIRM: http://svn.apache.org/viewvc?view=revision&revision=918427
Reference: CONFIRM: http://svn.apache.org/viewvc?view=revision&revision=917867
Reference: CONFIRM: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/serv
er/protocol.c?r1=917617&r2=917867&pathrev=917867&diff_format=h
Comment 4 Roman Drahtmueller 2010-04-12 13:44:08 UTC
sles9 unaffected, all other products fixed by submitted packages.
Comment 5 Ludwig Nussel 2010-04-13 12:31:10 UTC
You've only submitted a fix for the MPM bug but not for the ajp stuff
Comment 6 Swamp Workflow Management 2010-04-26 12:34:38 UTC
Update released for: apache2, apache2-debuginfo, apache2-debugsource, apache2-devel, apache2-doc, apache2-event, apache2-event-debuginfo, apache2-example-certificates, apache2-example-pages, apache2-itk, apache2-itk-debuginfo, apache2-prefork, apache2-prefork-debuginfo, apache2-utils, apache2-utils-debuginfo, apache2-worker, apache2-worker-debuginfo
Products:
openSUSE 11.0 (debug, i386, ppc, x86_64)
openSUSE 11.1 (debug, i586, ppc, x86_64)
openSUSE 11.2 (debug, i586, x86_64)
Comment 7 Ludwig Nussel 2010-04-26 12:36:33 UTC
released
Comment 8 Swamp Workflow Management 2010-04-27 08:30:04 UTC
Update released for: apache2, apache2-debuginfo, apache2-debugsource, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-utils, apache2-worker
Products:
SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64)
Comment 9 Swamp Workflow Management 2010-04-27 08:30:24 UTC
Update released for: apache2, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-worker
Products:
SLE-DEBUGINFO 10-SP2 (i386, ia64, ppc, s390x, x86_64)
SLE-SDK 10-SP2 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP2 (i386, ia64, ppc, s390x, x86_64)
Comment 10 Swamp Workflow Management 2010-04-27 08:30:48 UTC
Update released for: apache2, apache2-debuginfo, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-worker
Products:
SLE-DEBUGINFO 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)