Support / Security / Advisories / Corporate Server 3.0 / MDVSA-2008:237

Package name: apache2
Date: 2008-12-04
Advisory ID: MDVSA-2008:237
Affected versions: CS3.0 i586 , MNF2.0 i586 , CS3.0 x86_64

Problem description

A vulnerability was discovered in the mod_proxy module in Apache where
it did not limit the number of forwarded interim responses, allowing
remote HTTP servers to cause a denial of service (memory consumption)
via a large number of interim responses (CVE-2008-2364).

This update also provides HTTP/1.1 compliance fixes.

The updated packages have been patched to prevent this issue.

Updated packages

CS3.0 i586

 532973a116bcdf63ed72042b819b59cc  corporate/3.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm
 e2913623f1876d02e426bbca997f3435  corporate/3.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm
 2e583f46edd8e83d8071e1912fbcced6  corporate/3.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm
 83b6d9adea62a2c186f2acfb7372a8f0  corporate/3.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm
 f797d9dd78f6a75328f3156f4d97de54  corporate/3.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm
 1e13b9cf9ed69f69f1700d89e7b0a625  corporate/3.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm
 eeacd8fa60a510fe23a949303aefa934  corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm
 12978be0a831fb2164e8663e0aa96c16  corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm
 ff7133c4d2f3a18d5ca86398b6a3b482  corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm
 de43091c378ef1b0a465f409d4198c7d  corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm
 2a884bf3c648fe6e45bd1858e7ac8fca  corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm
 435c1058b34b3e5603e8502315d3f1be  corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm
 5a54d1929057b311ab83863fcfc6785b  corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm
 37bb90e385c1571579d604120cd1c1d4  corporate/3.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm
 377a8d1250fb1276e0c52fe89b63775a  corporate/3.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm
 2c6db35de4997018b043181957072182  corporate/3.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm 
 30da5c4069b7b8ea5b3bb13734ca0058  corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm

MNF2.0 i586

 93eef0301be074129e8c8f67381c09ad  mnf/2.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm
 0dd927e4efb8dc43f2168227d22c1407  mnf/2.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm
 366c8a236e33babca8447b3c3f926c83  mnf/2.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm
 73490cae06d07885512ff28fb24c1d6c  mnf/2.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm
 8bf01fed207bf8ae9c265be3d3f0e0f5  mnf/2.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm
 b06f622b9c96bfa10cdc4d2067e5826f  mnf/2.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm
 c5600da4764bcb84733c16034871ced1  mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm
 cccdb0578c7443e46154a8f64b78a86b  mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm
 67fb4bcf03bef82c78fb42ec3de85b55  mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm
 20cb9f0132cd5181f6cff7699373d488  mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm
 1f0f71765b82dd9086c99a2ec98ce458  mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm
 26d8d7db3f8a8ed9dd22add69cc908cd  mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm
 538e1d3b6eab0b6770de516d9c6e59e4  mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm
 82674d6c664adb4e9a8539703ee113d7  mnf/2.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm
 d1dc24f4698a7cef16c292ba19302ca1  mnf/2.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm
 b83a8c4eda842c3e358d16d22febbe80  mnf/2.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm 
 5ff603859246c39086f9b6ad300f97c6  mnf/2.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm

CS3.0 x86_64

 43cb9996c4ad55ead2a2bba2a618b939  corporate/3.0/x86_64/apache2-2.0.48-6.19.C30mdk.x86_64.rpm
 898f1420c5fe218c748281c238da9d00  corporate/3.0/x86_64/apache2-common-2.0.48-6.19.C30mdk.x86_64.rpm
 b7ca472734ea5776cfecf1dd2315f71d  corporate/3.0/x86_64/apache2-devel-2.0.48-6.19.C30mdk.x86_64.rpm
 8ebd24059163cd8f8e22eb0203682e41  corporate/3.0/x86_64/apache2-manual-2.0.48-6.19.C30mdk.x86_64.rpm
 ac6f64c5aabbf463be38023dfb2e30e0  corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.19.C30mdk.x86_64.rpm
 2e66000edd688d563645ecf526724899  corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.19.C30mdk.x86_64.rpm
 d82ba16ad19ebfbb412f033537fe7dfb  corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.19.C30mdk.x86_64.rpm
 e83174382435df2220f7563545543342  corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.x86_64.rpm
 af5d024a4cff0c216d0c02dcbe08ab83  corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.19.C30mdk.x86_64.rpm
 b6a74826d456381f9c3807d7cdaef8ff  corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.19.C30mdk.x86_64.rpm
 3e0c99c91a186db1650ab277fb266ddf  corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.x86_64.rpm
 5bcf1224653b851df20d07d6fbb248b6  corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.19.C30mdk.x86_64.rpm
 c07af351ea84b7d8a0b0de879c9aad2e  corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.19.C30mdk.x86_64.rpm
 fa40774c92468aa0080979674ff473c5  corporate/3.0/x86_64/apache2-modules-2.0.48-6.19.C30mdk.x86_64.rpm
 a387e498b01b876ee31066aa3a73970a  corporate/3.0/x86_64/apache2-source-2.0.48-6.19.C30mdk.x86_64.rpm
 659d44dc9615de5b556d35425d628bf7  corporate/3.0/x86_64/lib64apr0-2.0.48-6.19.C30mdk.x86_64.rpm 
 30da5c4069b7b8ea5b3bb13734ca0058  corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364