Nacionalni CERT

Sigurnosni nedostaci programskog paketa httpd

<p>--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-9ded7c5670<br />2017-07-15 13:05:00.639853<br />--------------------------------------------------------------------------------<br /><br />Name : httpd<br />Product : Fedora 25<br />Version : 2.4.27<br />Release : 2.fc25<br />URL : http://httpd.apache.org/<br />Summary : Apache HTTP Server<br />Description :<br />The Apache HTTP Server is a powerful, efficient, and extensible<br />web server.<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />File /etc/sysconfig/httpd is ghosted now ---- Version update ---- Security<br />fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679<br />--------------------------------------------------------------------------------<br />References:<br /><br /> [ 1 ] Bug #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1463207<br /> [ 2 ] Bug #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1463205<br /> [ 3 ] Bug #1463199 - CVE-2017-7659 httpd: mod_http2 NULL pointer dereference<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1463199<br /> [ 4 ] Bug #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1463197<br /> [ 5 ] Bug #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1463194<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade httpd' at the command line.<br />For more information, refer to the dnf documentation available at<br />http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-lab... /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br />https://fedoraproject.org/keys<br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list -- package-announce@lists.fedoraproject.org<br />To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org</p>
Otkriveni su sigurnosni nedostaci u programskom paketu httpd za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili zaobilaženje sigurnosnih ograničenja. Savjetuje se ažuriranje izdanim zakrpama.