Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 227111 - www-servers/apache <2.2.9 CSRF and DoS (CVE-2007-6420,CVE-2008-2364)
Summary: www-servers/apache <2.2.9 CSRF and DoS (CVE-2007-6420,CVE-2008-2364)
Status: VERIFIED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.apache.org/dist/httpd/CHAN...
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-06-15 10:33 UTC by Mike Limansky
Modified: 2020-04-09 19:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Limansky 2008-06-15 10:33:19 UTC 
Apache httpd 2.2.9 was released. It's bugfix release, some bugs are sequrity related.

Reproducible: Always

Steps to Reproduce:
Comment 1 Carsten Lohrke (RETIRED) gentoo-dev 2008-06-15 14:58:39 UTC 
  *) SECURITY: CVE-2008-2364 (cve.mitre.org)
     mod_proxy_http: Better handling of excessive interim responses
     from origin server to prevent potential denial of service and high
     memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
     Joe Orton, Jim Jagielski]

  *) SECURITY: CVE-2007-6420 (cve.mitre.org)
     mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager
     interface.  [Joe Orton]
Comment 2 Carsten Lohrke (RETIRED) gentoo-dev 2008-06-15 15:23:57 UTC 
Eh, assign...
Comment 3 Benedikt Böhm (RETIRED) gentoo-dev 2008-06-15 16:10:14 UTC 
2.2.9 in cvs, ready for stabilization
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-06-15 17:54:49 UTC 
Arches, please test and mark stable:
=www-servers/apache-2.2.9
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release s390 sh sparc x86"
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2008-06-15 19:00:13 UTC 
ppc stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2008-06-16 00:35:18 UTC 
Stable for HPPA.
Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2008-06-16 07:23:02 UTC 
x86 stable
Comment 8 Benedikt Böhm (RETIRED) gentoo-dev 2008-06-16 11:42:29 UTC 
amd64 stable
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2008-06-16 13:32:30 UTC 
alpha/ia64/sparc stable
Comment 10 Brent Baude (RETIRED) gentoo-dev 2008-06-16 16:16:54 UTC 
ppc64 done
Comment 11 Peter Volkov (RETIRED) gentoo-dev 2008-06-16 16:49:02 UTC 
Fixed in release snapshot.
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2008-07-09 22:01:14 UTC 
GLSA 200807-06