Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0926 -- [RedHat] Moderate: httpd security, bug fix, and enhancement update 16 November 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: httpd Publisher: Red Hat Operating System: Red Hat Linux 4 Impact: Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2007-3847 Ref: ESB-2007.0885 AA-2007.0078 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0747.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: httpd security, bug fix, and enhancement update Advisory ID: RHSA-2007:0747-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0747.html Issue date: 2007-11-15 Updated on: 2007-11-15 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3847 - - --------------------------------------------------------------------- 1. Summary: Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) As well, these updated packages fix the following bugs: * the default "/etc/logrotate.d/httpd" script incorrectly invoked the kill command, instead of using the "/sbin/service httpd restart" command. If you configured the httpd PID to be in a location other than "/var/run/httpd.pid", the httpd logs failed to be rotated. This has been resolved in these updated packages. * Set-Cookie headers with a status code of 3xx are not forwarded to clients when the "ProxyErrorOverride" directive is enabled. These responses are overridden at the proxy. Only the responses with status codes of 4xx and 5xx are overridden in these updated packages. * mod_proxy did not correctly handle percent-encoded characters (ie %20) when configured as a reverse proxy. * invalid HTTP status codes could be logged if output filters returned errors. * the "ProxyTimeout" directive was not inherited across virtual host definitions. * in some cases the Content-Length header was dropped from HEAD responses. This resulted in certain sites not working correctly with mod_proxy, such as www.windowsupdate.com. This update adds the following enhancements: * a new configuration option has been added, "ServerTokens Full-Release", which adds the package release to the server version string, which is returned in the "Server" response header. * a new module has been added, mod_version, which allows configuration files to be written containing sections, which are evaluated only if the version of httpd used matches a specified condition. Users of httpd are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 173467 - windowsupdate.microsoft.com does not work with mod_proxy 197915 - %>s incorrectly logs status code as 70007 - default handler returns output filter apr_status_t value 233254 - mod_proxy not handling percent chars in URLs correctly 240022 - Mod_proxy_http ProxyErrorOverride eating cookies 241407 - logrotate.d/httpd postrotate must use initscripts 242920 - Reverse Proxy Unexpected Timeout 248696 - Identify httpd version to configuration 250731 - CVE-2007-3847 httpd out of bounds read 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-38.ent.src.rpm 30f125952a08e957d2f346c30ef7e7e7 httpd-2.0.52-38.ent.src.rpm i386: f95b69b489d295ef96739a29757f55f2 httpd-2.0.52-38.ent.i386.rpm 42d59887a92689c9f81ff10cf626793d httpd-debuginfo-2.0.52-38.ent.i386.rpm f2fff3fd377adc85d0bed311e2e0f45c httpd-devel-2.0.52-38.ent.i386.rpm af796b5d498e912c27879906f0d7b9a1 httpd-manual-2.0.52-38.ent.i386.rpm 22c3deae4f0d49aa0051df04ce787de4 httpd-suexec-2.0.52-38.ent.i386.rpm 098b7c0ec963fd46a9db7aa43c7641a7 mod_ssl-2.0.52-38.ent.i386.rpm ia64: cdce256cd1151d5d3e6b4bc7b8e52780 httpd-2.0.52-38.ent.ia64.rpm 0f15a50cebaf5efbc523419eee3e4f18 httpd-debuginfo-2.0.52-38.ent.ia64.rpm 405b21207461558c006ae8536cd27ef4 httpd-devel-2.0.52-38.ent.ia64.rpm e94df07dab0db9d976c7970e6ced9583 httpd-manual-2.0.52-38.ent.ia64.rpm 75646a0496eda2196eff7529f983c538 httpd-suexec-2.0.52-38.ent.ia64.rpm 58ab32351e3ecf0e0fd93d1ea4d86c85 mod_ssl-2.0.52-38.ent.ia64.rpm ppc: e210ee818047bab954d1edd66f5b6a86 httpd-2.0.52-38.ent.ppc.rpm fd817e6b5cc96496bc567201ef8a8572 httpd-debuginfo-2.0.52-38.ent.ppc.rpm 79ebbe88ca05c2118bc170597b47ec66 httpd-devel-2.0.52-38.ent.ppc.rpm 64edf3e07c9b4c44e25c3b32cdd2c7a6 httpd-manual-2.0.52-38.ent.ppc.rpm 59434fe63aaa50b78081328a42d0a3cb httpd-suexec-2.0.52-38.ent.ppc.rpm 7b1aa9ff784abc0505463a51c7cc7a3e mod_ssl-2.0.52-38.ent.ppc.rpm s390: 8e051d2f7eb66e09b656b9027aa4107a httpd-2.0.52-38.ent.s390.rpm e0b951a481fd759b9ab800c9b9cf11fb httpd-debuginfo-2.0.52-38.ent.s390.rpm 2b70fcfe40d17f7cd8ef27dade54bb3e httpd-devel-2.0.52-38.ent.s390.rpm 4ec9ca1ba9713993fed46a7eaba5a0a3 httpd-manual-2.0.52-38.ent.s390.rpm a2e67e1c60caa12e64614bf6d159d95f httpd-suexec-2.0.52-38.ent.s390.rpm 0853b38c906c53890871865dd4023aef mod_ssl-2.0.52-38.ent.s390.rpm s390x: f8e62317f8fdfb09d3c31be388bd5d12 httpd-2.0.52-38.ent.s390x.rpm ba701e454dc885d7f3f775f70e1c7752 httpd-debuginfo-2.0.52-38.ent.s390x.rpm c9cdf84dfd5066a7d6d8752c160ecdc0 httpd-devel-2.0.52-38.ent.s390x.rpm b93c030074049ca4cd7a1f46c0f14485 httpd-manual-2.0.52-38.ent.s390x.rpm c4b00eefd718d03c324a4d6cd4ceb82a httpd-suexec-2.0.52-38.ent.s390x.rpm f2e5fffbceb41ba8921789b84454164c mod_ssl-2.0.52-38.ent.s390x.rpm x86_64: 55c8b892978b926e42afd60af24b3749 httpd-2.0.52-38.ent.x86_64.rpm 6b4d6a9e4fd6c159596891743d0ccfe0 httpd-debuginfo-2.0.52-38.ent.x86_64.rpm cc62fc81c664900fd66a4b25f30d1046 httpd-devel-2.0.52-38.ent.x86_64.rpm 2574c6993386378b9dd9c1f033c0830f httpd-manual-2.0.52-38.ent.x86_64.rpm c901932e63e90f060a13bcaff5dbe665 httpd-suexec-2.0.52-38.ent.x86_64.rpm d5abe5155f7e86d6c3551358da6659e9 mod_ssl-2.0.52-38.ent.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-38.ent.src.rpm 30f125952a08e957d2f346c30ef7e7e7 httpd-2.0.52-38.ent.src.rpm i386: f95b69b489d295ef96739a29757f55f2 httpd-2.0.52-38.ent.i386.rpm 42d59887a92689c9f81ff10cf626793d httpd-debuginfo-2.0.52-38.ent.i386.rpm f2fff3fd377adc85d0bed311e2e0f45c httpd-devel-2.0.52-38.ent.i386.rpm af796b5d498e912c27879906f0d7b9a1 httpd-manual-2.0.52-38.ent.i386.rpm 22c3deae4f0d49aa0051df04ce787de4 httpd-suexec-2.0.52-38.ent.i386.rpm 098b7c0ec963fd46a9db7aa43c7641a7 mod_ssl-2.0.52-38.ent.i386.rpm x86_64: 55c8b892978b926e42afd60af24b3749 httpd-2.0.52-38.ent.x86_64.rpm 6b4d6a9e4fd6c159596891743d0ccfe0 httpd-debuginfo-2.0.52-38.ent.x86_64.rpm cc62fc81c664900fd66a4b25f30d1046 httpd-devel-2.0.52-38.ent.x86_64.rpm 2574c6993386378b9dd9c1f033c0830f httpd-manual-2.0.52-38.ent.x86_64.rpm c901932e63e90f060a13bcaff5dbe665 httpd-suexec-2.0.52-38.ent.x86_64.rpm d5abe5155f7e86d6c3551358da6659e9 mod_ssl-2.0.52-38.ent.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-38.ent.src.rpm 30f125952a08e957d2f346c30ef7e7e7 httpd-2.0.52-38.ent.src.rpm i386: f95b69b489d295ef96739a29757f55f2 httpd-2.0.52-38.ent.i386.rpm 42d59887a92689c9f81ff10cf626793d httpd-debuginfo-2.0.52-38.ent.i386.rpm f2fff3fd377adc85d0bed311e2e0f45c httpd-devel-2.0.52-38.ent.i386.rpm af796b5d498e912c27879906f0d7b9a1 httpd-manual-2.0.52-38.ent.i386.rpm 22c3deae4f0d49aa0051df04ce787de4 httpd-suexec-2.0.52-38.ent.i386.rpm 098b7c0ec963fd46a9db7aa43c7641a7 mod_ssl-2.0.52-38.ent.i386.rpm ia64: cdce256cd1151d5d3e6b4bc7b8e52780 httpd-2.0.52-38.ent.ia64.rpm 0f15a50cebaf5efbc523419eee3e4f18 httpd-debuginfo-2.0.52-38.ent.ia64.rpm 405b21207461558c006ae8536cd27ef4 httpd-devel-2.0.52-38.ent.ia64.rpm e94df07dab0db9d976c7970e6ced9583 httpd-manual-2.0.52-38.ent.ia64.rpm 75646a0496eda2196eff7529f983c538 httpd-suexec-2.0.52-38.ent.ia64.rpm 58ab32351e3ecf0e0fd93d1ea4d86c85 mod_ssl-2.0.52-38.ent.ia64.rpm x86_64: 55c8b892978b926e42afd60af24b3749 httpd-2.0.52-38.ent.x86_64.rpm 6b4d6a9e4fd6c159596891743d0ccfe0 httpd-debuginfo-2.0.52-38.ent.x86_64.rpm cc62fc81c664900fd66a4b25f30d1046 httpd-devel-2.0.52-38.ent.x86_64.rpm 2574c6993386378b9dd9c1f033c0830f httpd-manual-2.0.52-38.ent.x86_64.rpm c901932e63e90f060a13bcaff5dbe665 httpd-suexec-2.0.52-38.ent.x86_64.rpm d5abe5155f7e86d6c3551358da6659e9 mod_ssl-2.0.52-38.ent.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-38.ent.src.rpm 30f125952a08e957d2f346c30ef7e7e7 httpd-2.0.52-38.ent.src.rpm i386: f95b69b489d295ef96739a29757f55f2 httpd-2.0.52-38.ent.i386.rpm 42d59887a92689c9f81ff10cf626793d httpd-debuginfo-2.0.52-38.ent.i386.rpm f2fff3fd377adc85d0bed311e2e0f45c httpd-devel-2.0.52-38.ent.i386.rpm af796b5d498e912c27879906f0d7b9a1 httpd-manual-2.0.52-38.ent.i386.rpm 22c3deae4f0d49aa0051df04ce787de4 httpd-suexec-2.0.52-38.ent.i386.rpm 098b7c0ec963fd46a9db7aa43c7641a7 mod_ssl-2.0.52-38.ent.i386.rpm ia64: cdce256cd1151d5d3e6b4bc7b8e52780 httpd-2.0.52-38.ent.ia64.rpm 0f15a50cebaf5efbc523419eee3e4f18 httpd-debuginfo-2.0.52-38.ent.ia64.rpm 405b21207461558c006ae8536cd27ef4 httpd-devel-2.0.52-38.ent.ia64.rpm e94df07dab0db9d976c7970e6ced9583 httpd-manual-2.0.52-38.ent.ia64.rpm 75646a0496eda2196eff7529f983c538 httpd-suexec-2.0.52-38.ent.ia64.rpm 58ab32351e3ecf0e0fd93d1ea4d86c85 mod_ssl-2.0.52-38.ent.ia64.rpm x86_64: 55c8b892978b926e42afd60af24b3749 httpd-2.0.52-38.ent.x86_64.rpm 6b4d6a9e4fd6c159596891743d0ccfe0 httpd-debuginfo-2.0.52-38.ent.x86_64.rpm cc62fc81c664900fd66a4b25f30d1046 httpd-devel-2.0.52-38.ent.x86_64.rpm 2574c6993386378b9dd9c1f033c0830f httpd-manual-2.0.52-38.ent.x86_64.rpm c901932e63e90f060a13bcaff5dbe665 httpd-suexec-2.0.52-38.ent.x86_64.rpm d5abe5155f7e86d6c3551358da6659e9 mod_ssl-2.0.52-38.ent.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHPGCDXlSAg2UNWIIRAmkCAJ4l5qrEN/JgZFf3Z5OPs56nAqYWlACgrwm6 dbX4aTfmevBEGAkI2H0QCzE= =eIln - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRz0AgCh9+71yA2DNAQLIywQAli0zKMsSpOJOwB35QuPxT9/tqIT09HMV HSc+nQXb89ihomdpiabfGgAtFlyL7AjT5Annxjv48ai0p+9acSqK8Ix5D8UMZV3J C/oxBKz0ce5enQBAXvdOIUVJ7yTiCc/CSmMQ3PTMJyn46ZpNpG4sdEZ8PIJybB8U aI64Ww2vDHc= =s8J7 -----END PGP SIGNATURE-----