Security update for Apache
SUSE Security Update: Security update for Apache
This update fixes the following issues:
* CVE-2012-4557: Denial of Service via special requests
in mod_proxy_ajp
* CVE-2012-0883: improper LD_LIBRARY_PATH handling
* CVE-2012-2687: filename escaping problem
Additionally, some non-security bugs have been fixed:
* ignore case when checking against SNI server names.
[bnc#798733]
*
httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff
reworked to reflect the upstream changes. This will prevent
the "Invalid URI in request OPTIONS *" messages in the
error log. [bnc#722545]
* new sysconfig variable
APACHE_DISABLE_SSL_COMPRESSION; if set to on,
OPENSSL_NO_DEFAULT_ZLIB will be inherited to the apache
process; openssl will then transparently disable
compression. This change affects start script and sysconfig
fillup template. Default is on, SSL compression disabled.
Please see mod_deflate for compressed transfer at http
layer. [bnc#782956]
Security Issue references:
* CVE-2012-4557
>
* CVE-2012-2687
>
* CVE-2012-0883
>
* CVE-2012-0021
>
| Announcement ID: | SUSE-SU-2013:0389-1 |
| Rating: | low |
| References: | #722545 #757710 #774045 #777260 #782956 #788121 #793004 #798733 |
| Affected Products: |
An update that solves four vulnerabilities and has four fixes is now available.
Description:
This update fixes the following issues:
* CVE-2012-4557: Denial of Service via special requests
in mod_proxy_ajp
* CVE-2012-0883: improper LD_LIBRARY_PATH handling
* CVE-2012-2687: filename escaping problem
Additionally, some non-security bugs have been fixed:
* ignore case when checking against SNI server names.
[bnc#798733]
*
httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff
reworked to reflect the upstream changes. This will prevent
the "Invalid URI in request OPTIONS *" messages in the
error log. [bnc#722545]
* new sysconfig variable
APACHE_DISABLE_SSL_COMPRESSION; if set to on,
OPENSSL_NO_DEFAULT_ZLIB will be inherited to the apache
process; openssl will then transparently disable
compression. This change affects start script and sysconfig
fillup template. Default is on, SSL compression disabled.
Please see mod_deflate for compressed transfer at http
layer. [bnc#782956]
Security Issue references:
* CVE-2012-4557
* CVE-2012-2687
* CVE-2012-0883
* CVE-2012-0021
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-apache2-7409 - SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-apache2-7409 - SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-apache2-7409
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):
- apache2-devel-2.2.12-1.36.1
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64):
- apache2-2.2.12-1.36.1
- apache2-doc-2.2.12-1.36.1
- apache2-example-pages-2.2.12-1.36.1
- apache2-prefork-2.2.12-1.36.1
- apache2-utils-2.2.12-1.36.1
- apache2-worker-2.2.12-1.36.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):
- apache2-2.2.12-1.36.1
- apache2-doc-2.2.12-1.36.1
- apache2-example-pages-2.2.12-1.36.1
- apache2-prefork-2.2.12-1.36.1
- apache2-utils-2.2.12-1.36.1
- apache2-worker-2.2.12-1.36.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):
- apache2-2.2.12-1.36.1
- apache2-doc-2.2.12-1.36.1
- apache2-example-pages-2.2.12-1.36.1
- apache2-prefork-2.2.12-1.36.1
- apache2-utils-2.2.12-1.36.1
- apache2-worker-2.2.12-1.36.1
References:
- http://support.novell.com/security/cve/CVE-2012-0021.html
- http://support.novell.com/security/cve/CVE-2012-0883.html
- http://support.novell.com/security/cve/CVE-2012-2687.html
- http://support.novell.com/security/cve/CVE-2012-4557.html
- https://bugzilla.novell.com/722545
- https://bugzilla.novell.com/757710
- https://bugzilla.novell.com/774045
- https://bugzilla.novell.com/777260
- https://bugzilla.novell.com/782956
- https://bugzilla.novell.com/788121
- https://bugzilla.novell.com/793004
- https://bugzilla.novell.com/798733
- http://download.suse.com/patch/finder/?keywords=faf6f499f41597d750ce0aecd251ed2e