Bug 586572 – VUL-0: CVE-2010-0408 CVE-2010-0434: apache2: New security fixes in apache 2.2.15

Bug 586572 - (CVE-2010-0408) VUL-0: CVE-2010-0408 CVE-2010-0434: apache2: New security fixes in apache 2.2.15

(CVE-2010-0408)
Summary:	VUL-0: CVE-2010-0408 CVE-2010-0434: apache2: New security fixes in apache 2.2.15

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	General
Version:	unspecified
Hardware:	Other Linux

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assigned To:	Roman Drahtmueller
QA Contact:	E-mail List

URL:
Whiteboard:	maint:released:11.0:32659 maint:relea...
Keywords:

Depends on:
Blocks:	601151
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2010-03-09 11:04 UTC by Sebastian Krahmer
Modified:	2018-10-02 17:37 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2010-03-09 11:04:13 UTC

There seem to be new security fixes in the new apache release:

http://apache.linux-mirror.org/httpd/CHANGES_2.2.15

in particular CVE-2010-0408, CVE-2010-0425 and CVE-2010-0434
which seem to be unhandled by the previous bugzilla entries.

Comment 1 Roman Drahtmueller 2010-03-09 11:07:03 UTC

Yup. Thanks.

Unfortunately, a backport of SSLInsecureRenegotiation introduces a dependency to http://bugzilla.novell.com/show_bug.cgi?id=584292 .

Comment 2 Ludwig Nussel 2010-03-11 09:59:15 UTC

CVE-2010-0425 is windows specific

======================================================
Name: CVE-2010-0408

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apa
che HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations 
in which a client sends no request body, which allows remote attackers to cause 
a denial of service (backend server outage) via a crafted request, related to us
e of a 500 error code instead of the appropriate 400 error code.
            

Reference: CONFIRM: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modu
les/proxy/mod_proxy_ajp.c?r1=917876&r2=917875&pathrev=917876
Reference: CONFIRM: http://httpd.apache.org/security/vulnerabilities_22.html
Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=569905
Reference: BID: http://www.securityfocus.com/bid/38491
Reference: MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2010
:053
Reference: CONFIRM: http://svn.apache.org/viewvc?view=revision&revision=917876



======================================================
Name: CVE-2010-0434

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.
x before 2.2.15, when a multithreaded MPM is used, does not properly handle head
ers in subrequests in certain circumstances involving a parent request that has 
a body, which might allow remote attackers to obtain sensitive information via a
 crafted request that triggers access to memory locations associated with an ear
lier request.
        
        

Reference: CONFIRM: http://httpd.apache.org/security/vulnerabilities_22.html
Reference: CONFIRM: https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=570171
Reference: XF: http://xforce.iss.net/xforce/xfdb/56625
Reference: BID: http://www.securityfocus.com/bid/38494
Reference: CONFIRM: http://svn.apache.org/viewvc?view=revision&revision=918427
Reference: CONFIRM: http://svn.apache.org/viewvc?view=revision&revision=917867
Reference: CONFIRM: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/serv
er/protocol.c?r1=917617&r2=917867&pathrev=917867&diff_format=h

Comment 4 Roman Drahtmueller 2010-04-12 13:44:08 UTC

sles9 unaffected, all other products fixed by submitted packages.

Comment 5 Ludwig Nussel 2010-04-13 12:31:10 UTC

You've only submitted a fix for the MPM bug but not for the ajp stuff

Comment 6 Swamp Workflow Management 2010-04-26 12:34:38 UTC

Update released for: apache2, apache2-debuginfo, apache2-debugsource, apache2-devel, apache2-doc, apache2-event, apache2-event-debuginfo, apache2-example-certificates, apache2-example-pages, apache2-itk, apache2-itk-debuginfo, apache2-prefork, apache2-prefork-debuginfo, apache2-utils, apache2-utils-debuginfo, apache2-worker, apache2-worker-debuginfo
Products:
openSUSE 11.0 (debug, i386, ppc, x86_64)
openSUSE 11.1 (debug, i586, ppc, x86_64)
openSUSE 11.2 (debug, i586, x86_64)

Comment 7 Ludwig Nussel 2010-04-26 12:36:33 UTC

released

Comment 8 Swamp Workflow Management 2010-04-27 08:30:04 UTC

Update released for: apache2, apache2-debuginfo, apache2-debugsource, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-utils, apache2-worker
Products:
SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64)

Comment 9 Swamp Workflow Management 2010-04-27 08:30:24 UTC

Update released for: apache2, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-worker
Products:
SLE-DEBUGINFO 10-SP2 (i386, ia64, ppc, s390x, x86_64)
SLE-SDK 10-SP2 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP2 (i386, ia64, ppc, s390x, x86_64)

Comment 10 Swamp Workflow Management 2010-04-27 08:30:48 UTC

Update released for: apache2, apache2-debuginfo, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-worker
Products:
SLE-DEBUGINFO 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)