Bug 887768 - (CVE-2014-0231) VUL-0: CVE-2014-0231: apache2: mod_cgid denial of service
(CVE-2014-0231)
VUL-0: CVE-2014-0231: apache2: mod_cgid denial of service
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Roman Drahtmueller
Security Team bot
https://smash.suse.de/issue/103731/
maint:released:sle11-sp1:58333 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-17 13:44 UTC by Victor Pereira
Modified: 2014-09-02 14:08 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2014-07-17 13:44:31 UTC
CVE-2014-0231

A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1120596
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231
Comment 1 Swamp Workflow Management 2014-07-17 22:02:25 UTC
bugbot adjusting priority
Comment 3 Roman Drahtmueller 2014-07-22 14:02:15 UTC
upstream changeset: http://svn.apache.org/r1610509
Comment 4 Roman Drahtmueller 2014-07-22 14:05:20 UTC
...and part one of the two-parts changeset:
http://svn.apache.org/r1535125
Comment 6 Bernhard Wiedemann 2014-07-25 16:00:39 UTC
This is an autogenerated message for OBS integration:
This bug (887768) was mentioned in
https://build.opensuse.org/request/show/242399 Evergreen:11.4 / apache2.openSUSE_Evergreen_11.4
Comment 7 SMASH SMASH 2014-07-29 06:30:12 UTC
Affected packages:

SLE-10-SP3-TERADATA: apache2
SLE-9-SP3-TERADATA: apache2
Comment 9 Swamp Workflow Management 2014-08-06 23:05:17 UTC
SUSE-SU-2014:0967-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 859916,869105,869106,887765,887768
CVE References: CVE-2013-6438,CVE-2014-0098,CVE-2014-0226,CVE-2014-0231
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    apache2-2.2.12-1.46.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    apache2-2.2.12-1.46.1
SUSE Linux Enterprise Server 11 SP3 (src):    apache2-2.2.12-1.46.1
Comment 10 Swamp Workflow Management 2014-08-07 21:05:26 UTC
openSUSE-SU-2014:0969-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 859916,869105,869106,871309,887765,887768
CVE References: CVE-2013-5705,CVE-2013-6438,CVE-2014-0098,CVE-2014-0226,CVE-2014-0231
Sources used:
openSUSE 11.4 (src):    apache2-2.2.17-80.1, apache2-mod_security2-2.7.5-16.1
Comment 11 Swamp Workflow Management 2014-08-19 14:12:21 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-08-26.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58625
Comment 12 Swamp Workflow Management 2014-08-20 17:07:50 UTC
openSUSE-SU-2014:1044-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 869105,869106,887765,887767,887768,887771
CVE References: CVE-2013-4352,CVE-2013-6438,CVE-2014-0098,CVE-2014-0117,CVE-2014-0226,CVE-2014-0231
Sources used:
openSUSE 13.1 (src):    apache2-2.4.6-6.27.1
Comment 13 Swamp Workflow Management 2014-08-20 17:08:45 UTC
openSUSE-SU-2014:1045-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 869105,869106,887765,887768
CVE References: CVE-2013-6438,CVE-2014-0098,CVE-2014-0226,CVE-2014-0231
Sources used:
openSUSE 12.3 (src):    apache2-2.2.22-10.12.1
Comment 14 Marcus Meissner 2014-09-02 12:01:03 UTC
was released today