Bugzilla – Bug 716634
VUL-0: CVE-2011-3192: apache2: remote denial of service
Last modified: 2011-12-13 09:00:50 UTC
+++ This bug was initially created as a clone of internal tracker Bug #713966,
as that one had private customer information +++
There was a posting on full-disclosure recently about an apache2 remote denial of service vulnerability, see:
Apache 2.2, 2.0 and 1.3 are affected, so all shipping Apache versions on our product.
Apache updates for:
SUSE Linux Enterprise 11 SP1
SUSE Linux Enterprise 10 SP3
SUSE Linux Enterprise 10 SP4
were released, please see http://support.novell.com/security/cve/CVE-2011-3192.html for the released versions.
- Apply one of the various filtering suggestions from the Apache project:
- Restrict the ulimit of the apache processes to avoid running the system
out of memory. This requires usage of a forking Apache worker, like apache2-prefork.