Package name
apache
Date
2009-07-28
Advisory ID
MDVSA-2009:168
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in apache:

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy
module in the Apache HTTP Server before 2.3.3, when a reverse proxy
is configured, does not properly handle an amount of streamed data
that exceeds the Content-Length value, which allows remote attackers
to cause a denial of service (CPU consumption) via crafted requests
(CVE-2009-1890).

Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects (CVE-2009-1891).

This update provides fixes for these vulnerabilities.

Updated packages

MES5 i586

 a35f4e42ad811635b008deeab1c86aec  mes5/i586/apache-base-2.2.9-12.4mdvmes5.i586.rpm
 e80464f36e994ae9bb6c15ff0169eeba  mes5/i586/apache-devel-2.2.9-12.4mdvmes5.i586.rpm
 28c561e0b2016009381e4f4fa22bce03  mes5/i586/apache-htcacheclean-2.2.9-12.4mdvmes5.i586.rpm
 bc4f6c084ed91c71fc775e12523cc411  mes5/i586/apache-mod_authn_dbd-2.2.9-12.4mdvmes5.i586.rpm
 06c077d73faf913291546b4dc16d1213  mes5/i586/apache-mod_cache-2.2.9-12.4mdvmes5.i586.rpm
 a2ae256b0b1eaa976da0ab253d047b02  mes5/i586/apache-mod_dav-2.2.9-12.4mdvmes5.i586.rpm
 4b9770ce8587ec86ab7cffe6bc1cba90  mes5/i586/apache-mod_dbd-2.2.9-12.4mdvmes5.i586.rpm
 7641eddea949e2c78648c56e953aecf5  mes5/i586/apache-mod_deflate-2.2.9-12.4mdvmes5.i586.rpm
 43b59e5af9d21fb3847d17e0ae122dab  mes5/i586/apache-mod_disk_cache-2.2.9-12.4mdvmes5.i586.rpm
 d282ac6c56c4f9bdc77825150afa7e1c  mes5/i586/apache-mod_file_cache-2.2.9-12.4mdvmes5.i586.rpm
 c9ee1dcbcb330a4da275f9e8b4478c70  mes5/i586/apache-mod_ldap-2.2.9-12.4mdvmes5.i586.rpm
 422cc7b321578d1de3223fbb76ebe29f  mes5/i586/apache-mod_mem_cache-2.2.9-12.4mdvmes5.i586.rpm
 89dc38ba7ad0187ed7d3c5694d6cbf22  mes5/i586/apache-mod_proxy-2.2.9-12.4mdvmes5.i586.rpm
 27096c4f8dada996969a4cfe0f34715f  mes5/i586/apache-mod_proxy_ajp-2.2.9-12.4mdvmes5.i586.rpm
 d1194518bdb208cc50a3fab9c39f8152  mes5/i586/apache-mod_ssl-2.2.9-12.4mdvmes5.i586.rpm
 5738e54feabed82b1e945fbe09731383  mes5/i586/apache-modules-2.2.9-12.4mdvmes5.i586.rpm
 f74ef1df3ab6a3d53549a05e2a4532fe  mes5/i586/apache-mod_userdir-2.2.9-12.4mdvmes5.i586.rpm
 6192bb53d6a3a96f20016f6409b17dd8  mes5/i586/apache-mpm-event-2.2.9-12.4mdvmes5.i586.rpm
 734d101998223302206ff7063c63b3f2  mes5/i586/apache-mpm-itk-2.2.9-12.4mdvmes5.i586.rpm
 440c586651e316e6f78369a7ca0488cb  mes5/i586/apache-mpm-peruser-2.2.9-12.4mdvmes5.i586.rpm
 a2ac9623691bd1e920cbf42c944f91e8  mes5/i586/apache-mpm-prefork-2.2.9-12.4mdvmes5.i586.rpm
 d517fcb16974e97fc29976b883c72653  mes5/i586/apache-mpm-worker-2.2.9-12.4mdvmes5.i586.rpm
 53b6e7fe71e8e7871e0e648784fe9532  mes5/i586/apache-source-2.2.9-12.4mdvmes5.i586.rpm 
 5c04f485825d1c861f4fb7a9b75c8c1b  mes5/SRPMS/apache-2.2.9-12.4mdvmes5.src.rpm

MES5 x86_64

 2feb99f4443048861680089e81b3d99b  mes5/x86_64/apache-base-2.2.9-12.4mdvmes5.x86_64.rpm
 94e17e3194808a758f40a5a4e604584f  mes5/x86_64/apache-devel-2.2.9-12.4mdvmes5.x86_64.rpm
 b21a88c27e4c890f53f7f086c18661c8  mes5/x86_64/apache-htcacheclean-2.2.9-12.4mdvmes5.x86_64.rpm
 868451cf6682c4bd88fdff123e9f586e  mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.4mdvmes5.x86_64.rpm
 7df675bf863a1c1a8cc7e6f5b0092800  mes5/x86_64/apache-mod_cache-2.2.9-12.4mdvmes5.x86_64.rpm
 6ec73ab804db7873157b856015cee5e7  mes5/x86_64/apache-mod_dav-2.2.9-12.4mdvmes5.x86_64.rpm
 e7dcfeccfa90c0367a9c908804617f3b  mes5/x86_64/apache-mod_dbd-2.2.9-12.4mdvmes5.x86_64.rpm
 1f5b27130438287975e8ed05d1e9d6c3  mes5/x86_64/apache-mod_deflate-2.2.9-12.4mdvmes5.x86_64.rpm
 2ab40847d45382437e6be2f73693450c  mes5/x86_64/apache-mod_disk_cache-2.2.9-12.4mdvmes5.x86_64.rpm
 776d0ce3c8bc6034d403fe7820394490  mes5/x86_64/apache-mod_file_cache-2.2.9-12.4mdvmes5.x86_64.rpm
 73b71de2b1a192c8ea9356fd4569d629  mes5/x86_64/apache-mod_ldap-2.2.9-12.4mdvmes5.x86_64.rpm
 6e3550a6e3937498703f5675998ff634  mes5/x86_64/apache-mod_mem_cache-2.2.9-12.4mdvmes5.x86_64.rpm
 418ef56503d3e500fa66ca275020c018  mes5/x86_64/apache-mod_proxy-2.2.9-12.4mdvmes5.x86_64.rpm
 80c03337e2686ced47d2d269c21436ab  mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.4mdvmes5.x86_64.rpm
 7545572a06aae7a51292d455760d56b4  mes5/x86_64/apache-mod_ssl-2.2.9-12.4mdvmes5.x86_64.rpm
 a1e4b7bde251d6fc960a4c40834c9528  mes5/x86_64/apache-modules-2.2.9-12.4mdvmes5.x86_64.rpm
 69f3787207a5856b388166ca59459fa4  mes5/x86_64/apache-mod_userdir-2.2.9-12.4mdvmes5.x86_64.rpm
 d204be58a3c99219740f76fc7f53adcd  mes5/x86_64/apache-mpm-event-2.2.9-12.4mdvmes5.x86_64.rpm
 68404cdf1704abb8d560cf34c18e6263  mes5/x86_64/apache-mpm-itk-2.2.9-12.4mdvmes5.x86_64.rpm
 2d72aa5ce503cac036b8972fcb4c36e6  mes5/x86_64/apache-mpm-peruser-2.2.9-12.4mdvmes5.x86_64.rpm
 d948b73264e6228d89d36fd3af7249bf  mes5/x86_64/apache-mpm-prefork-2.2.9-12.4mdvmes5.x86_64.rpm
 45f459c24c0bdf0e2f4f196441fee8ce  mes5/x86_64/apache-mpm-worker-2.2.9-12.4mdvmes5.x86_64.rpm
 b8f6f631798d8383f3b916db35e4d3b0  mes5/x86_64/apache-source-2.2.9-12.4mdvmes5.x86_64.rpm 
 5c04f485825d1c861f4fb7a9b75c8c1b  mes5/SRPMS/apache-2.2.9-12.4mdvmes5.src.rpm

References