SUSE-SU-2013:0389-1: Security update for Apache

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Mar 4 15:04:33 MST 2013


   SUSE Security Update: Security update for Apache
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0389-1
Rating:             low
References:         #722545 #757710 #774045 #777260 #782956 #788121 
                    #793004 #798733 
Cross-References:   CVE-2012-0021 CVE-2012-0883 CVE-2012-2687
                    CVE-2012-4557
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
______________________________________________________________________________

   An update that solves four vulnerabilities and has four
   fixes is now available.

Description:


   This update fixes the following issues:

   * CVE-2012-4557: Denial of Service via special requests
   in mod_proxy_ajp
   * CVE-2012-0883: improper LD_LIBRARY_PATH handling
   * CVE-2012-2687: filename escaping problem

   Additionally, some non-security bugs have been fixed:

   * ignore case when checking against SNI server names.
   [bnc#798733]
   *
   httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff
   reworked to reflect the upstream changes. This will prevent
   the "Invalid URI in request OPTIONS *" messages in the
   error log. [bnc#722545]
   * new sysconfig variable
   APACHE_DISABLE_SSL_COMPRESSION; if set to on,
   OPENSSL_NO_DEFAULT_ZLIB will be inherited to the apache
   process; openssl will then transparently disable
   compression. This change affects start script and sysconfig
   fillup template. Default is on, SSL compression disabled.
   Please see mod_deflate for compressed transfer at http
   layer. [bnc#782956]

   Security Issue references:

   * CVE-2012-4557
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4557
   >
   * CVE-2012-2687
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
   >
   * CVE-2012-0883
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
   >
   * CVE-2012-0021
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-apache2-7409

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-apache2-7409

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-apache2-7409

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      apache2-devel-2.2.12-1.36.1

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64):

      apache2-2.2.12-1.36.1
      apache2-doc-2.2.12-1.36.1
      apache2-example-pages-2.2.12-1.36.1
      apache2-prefork-2.2.12-1.36.1
      apache2-utils-2.2.12-1.36.1
      apache2-worker-2.2.12-1.36.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):

      apache2-2.2.12-1.36.1
      apache2-doc-2.2.12-1.36.1
      apache2-example-pages-2.2.12-1.36.1
      apache2-prefork-2.2.12-1.36.1
      apache2-utils-2.2.12-1.36.1
      apache2-worker-2.2.12-1.36.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      apache2-2.2.12-1.36.1
      apache2-doc-2.2.12-1.36.1
      apache2-example-pages-2.2.12-1.36.1
      apache2-prefork-2.2.12-1.36.1
      apache2-utils-2.2.12-1.36.1
      apache2-worker-2.2.12-1.36.1


References:

   http://support.novell.com/security/cve/CVE-2012-0021.html
   http://support.novell.com/security/cve/CVE-2012-0883.html
   http://support.novell.com/security/cve/CVE-2012-2687.html
   http://support.novell.com/security/cve/CVE-2012-4557.html
   https://bugzilla.novell.com/722545
   https://bugzilla.novell.com/757710
   https://bugzilla.novell.com/774045
   https://bugzilla.novell.com/777260
   https://bugzilla.novell.com/782956
   https://bugzilla.novell.com/788121
   https://bugzilla.novell.com/793004
   https://bugzilla.novell.com/798733
   http://download.novell.com/patch/finder/?keywords=faf6f499f41597d750ce0aecd251ed2e



More information about the sle-updates mailing list