Bugzilla – Bug 1045060
VUL-0: CVE-2017-7679: apache2: httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can buffer over-read
Last modified: 2017-10-30 18:22:02 UTC
CVE-2017-7679 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mimecan read one byte past the end of a buffer when sending a maliciousContent-Type response header. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7679 http://seclists.org/oss-sec/2017/q2/509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679 https://www.apache.org/dist/httpd/patches/apply_to_2.2.32/CVE-2017-7679.patch
2.4 commit http://svn.apache.org/viewvc?view=revision&revision=1797653 2.2 commit http://svn.apache.org/viewvc?view=revision&revision=1799235
According to upstream info page, affected are all versions we maintain, that means: 12sp2/apache2: fixed 11sp1/apache2: fixed by version update to 2.2.33 10sp3/apache2: fixed
Testsuites in home:pgajdos:apache-test:after succeded. Packages submitted.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2017-07-11. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63713
SUSE-SU-2017:1714-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1035829,1041830,1045060,1045062,1045065 CVE References: CVE-2017-3167,CVE-2017-3169,CVE-2017-7679 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP2 (src): apache2-2.4.23-28.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): apache2-2.4.23-28.1 SUSE Linux Enterprise Server 12-SP2 (src): apache2-2.4.23-28.1
openSUSE-SU-2017:1803-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1035829,1041830,1045060,1045062,1045065 CVE References: CVE-2017-3167,CVE-2017-3169,CVE-2017-7679 Sources used: openSUSE Leap 42.2 (src): apache2-2.4.23-8.6.1
fixed
Packages submitted.
SUSE-SU-2017:2449-1: An update that solves four vulnerabilities and has four fixes is now available. Category: security (moderate) Bug References: 1035829,1041830,1043484,1043607,1045060,1045062,1045065,1048576 CVE References: CVE-2017-3167,CVE-2017-3169,CVE-2017-7679,CVE-2017-9788 Sources used: SUSE OpenStack Cloud 6 (src): apache2-2.4.16-20.10.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): apache2-2.4.16-20.10.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): apache2-2.4.16-20.10.1
SUSE-SU-2017:2756-1: An update that solves 5 vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1035829,1041830,1045060,1045062,1045065,1048576,1058058,980663 CVE References: CVE-2017-3167,CVE-2017-3169,CVE-2017-7679,CVE-2017-9788,CVE-2017-9798 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): apache2-2.4.10-14.28.1
SUSE-SU-2017:2907-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1045060,1045061,1045062,1045065,1052830,1058058,1064561 CVE References: CVE-2009-2699,CVE-2010-0425,CVE-2012-0021,CVE-2014-0118,CVE-2017-3167,CVE-2017-3169,CVE-2017-7668,CVE-2017-7679,CVE-2017-9798 Sources used: SUSE Studio Onsite 1.3 (src): apache2-2.2.34-70.12.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): apache2-2.2.34-70.12.1 SUSE Linux Enterprise Server 11-SP4 (src): apache2-2.2.34-70.12.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): apache2-2.2.34-70.12.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): apache2-2.2.34-70.12.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): apache2-2.2.34-70.12.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): apache2-2.2.34-70.12.1