Summary: | <www-servers/apache-2.2.27: truncated cookie logging segfault and mod_dav DOS (CVE-2013-6438,CVE-2014-0098) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.apache.org/dist/httpd/CHANGES_2.2.27 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 504300 | ||
Bug Blocks: |
Description
Lars Wendler (Polynomial-C) (RETIRED)
2014-04-17 05:47:08 UTC
Arches please test and mark stable the following packages: =app-admin/apache-tools-2.2.27 =www-servers/apache-2.2.27 Target keywords: alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd amd64 stable Stable for HPPA. x86 stable arm stable CVE-2014-0098 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0098): The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. CVE-2013-6438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6438): The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. ppc stable ppc64 stable ia64 stable sparc stable alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. New GLSA Request filed. (In reply to Yury German from comment #13) > Maintainer(s), please drop the vulnerable version. > Done. (In reply to Lars Wendler (Polynomial-C) from comment #14) > (In reply to Yury German from comment #13) > > Maintainer(s), please drop the vulnerable version. > > > Done. Thank you for cleanup. This issue was resolved and addressed in GLSA 201408-12 at http://security.gentoo.org/glsa/glsa-201408-12.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |