SUSE-SU-2013:1381-1: moderate: Security update for Apache2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Aug 26 09:04:10 MDT 2013
SUSE Security Update: Security update for Apache2
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1381-1
Rating: moderate
References: #791794 #815621 #829056 #829057
Cross-References: CVE-2013-1862 CVE-2013-1896
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
______________________________________________________________________________
An update that solves two vulnerabilities and has two fixes
is now available.
Description:
This collective update for Apache provides the following
fixes:
*
Make sure that input that has already arrived on the
socket is not discarded during a non-blocking read (read(2)
returns 0 and errno is set to -EAGAIN). (bnc#815621)
*
Close the connection just before an attempted
re-negotiation if data has been read with pipelining. This
is done by resetting the keepalive status. (bnc#815621)
*
Reset the renegotiation status of a client<->server
connection to RENEG_INIT to prevent falsely assumed status.
(bnc#791794)
*
"OPTIONS *" internal requests are intercepted by a
dummy filter that kicks in for the OPTIONS method. Apple
iPrint uses "OPTIONS *" to upgrade the connection to
TLS/1.0 following RFC 2817. For compatibility, check if an
Upgrade request header is present and skip the filter if
yes. (bnc#791794)
*
Sending a MERGE request against a URI handled by
mod_dav_svn with the source href (sent as part of the
request body as XML) pointing to a URI that is not
configured for DAV will trigger a segfault. (bnc#829056,
CVE-2013-1896)
*
Client data written to the RewriteLog must have
terminal escape sequences escaped. (bnc#829057,
CVE-2013-1862)
Security Issue references:
* CVE-2013-1896
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896
>
* CVE-2013-1862
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-apache2-8138
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-apache2-8137
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-apache2-8138
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-apache2-8138
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-apache2-8137
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-apache2-8137
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
apache2-devel-2.2.12-1.40.1
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):
apache2-2.2.12-1.40.1
apache2-doc-2.2.12-1.40.1
apache2-example-pages-2.2.12-1.40.1
apache2-prefork-2.2.12-1.40.1
apache2-utils-2.2.12-1.40.1
apache2-worker-2.2.12-1.40.1
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):
apache2-devel-2.2.12-1.40.1
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64):
apache2-2.2.12-1.40.1
apache2-doc-2.2.12-1.40.1
apache2-example-pages-2.2.12-1.40.1
apache2-prefork-2.2.12-1.40.1
apache2-utils-2.2.12-1.40.1
apache2-worker-2.2.12-1.40.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
apache2-2.2.12-1.40.1
apache2-doc-2.2.12-1.40.1
apache2-example-pages-2.2.12-1.40.1
apache2-prefork-2.2.12-1.40.1
apache2-utils-2.2.12-1.40.1
apache2-worker-2.2.12-1.40.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
apache2-2.2.12-1.40.1
apache2-doc-2.2.12-1.40.1
apache2-example-pages-2.2.12-1.40.1
apache2-prefork-2.2.12-1.40.1
apache2-utils-2.2.12-1.40.1
apache2-worker-2.2.12-1.40.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):
apache2-2.2.12-1.40.1
apache2-doc-2.2.12-1.40.1
apache2-example-pages-2.2.12-1.40.1
apache2-prefork-2.2.12-1.40.1
apache2-utils-2.2.12-1.40.1
apache2-worker-2.2.12-1.40.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):
apache2-2.2.12-1.40.1
apache2-doc-2.2.12-1.40.1
apache2-example-pages-2.2.12-1.40.1
apache2-prefork-2.2.12-1.40.1
apache2-utils-2.2.12-1.40.1
apache2-worker-2.2.12-1.40.1
References:
http://support.novell.com/security/cve/CVE-2013-1862.html
http://support.novell.com/security/cve/CVE-2013-1896.html
https://bugzilla.novell.com/791794
https://bugzilla.novell.com/815621
https://bugzilla.novell.com/829056
https://bugzilla.novell.com/829057
http://download.novell.com/patch/finder/?keywords=106ec7308fc7232703cf87a5a41c5c46
http://download.novell.com/patch/finder/?keywords=a26f350e03bfdb5e4f778c3a5f45a1ad
More information about the sle-security-updates
mailing list