Summary: | <www-servers/apache-{2.4.9,2.2.27-r4}: two DoS (CVE-2013-6438, CVE-2014-0098) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Nilesh Govindrajan <me> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | patrick, polynomial-c |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Nilesh Govindrajan
2014-03-18 16:45:39 UTC
Changelog: CVE-2014-0098 (cve.mitre.org) Segfaults with truncated cookie logging. mod_log_config: Prevent segfaults when logging truncated cookies. Clean up the cookie logging parser to recognize only the cookie=value pairs, not valueless cookies. CVE-2013-6438 (cve.mitre.org) mod_dav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential denial of service from specifically crafted DAV WRITE requests +*apache-2.4.9 (18 Mar 2014) + + 18 Mar 2014; Lars Wendler <polynomial-c@gentoo.org> -apache-2.4.6-r2.ebuild, + +apache-2.4.9.ebuild: + Security bump (bug #504990). Removed old. + Patrick, do you know if those vulnerabilities affect 2.2.x too? Reopening, as according to RHSA about those CVEs[1], 2.2 branch is also vulnerable [1] - https://rhn.redhat.com/errata/RHSA-2014-0369.html These two CVE's are fixed in the 2.2 branch in 2.2.27, which is currently stable. Adding to an existing GLSA request. CVE-2014-0098 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0098): The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. CVE-2013-6438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6438): The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. This issue was resolved and addressed in GLSA 201408-12 at http://security.gentoo.org/glsa/glsa-201408-12.xml by GLSA coordinator Kristian Fiskerstrand (K_F). This issue was resolved and addressed in GLSA 201408-12 at http://security.gentoo.org/glsa/glsa-201408-12.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |