Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 624868 (CVE-2017-9788, CVE-2017-9789) - <www-servers/apache-2.4.27: read after free + use of uninitialized memory
Summary: <www-servers/apache-2.4.27: read after free + use of uninitialized memory
Status: RESOLVED FIXED
Alias: CVE-2017-9788, CVE-2017-9789
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: A4 [glsa cve]
Keywords:
Depends on: CVE-2017-9798
Blocks: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, CVE-2017-7679
  Show dependency tree
 
Reported: 2017-07-13 13:16 UTC by Hanno Böck
Modified: 2017-10-29 23:05 UTC (History)
1 user (show)

See Also:
Package list:
=app-admin/apache-tools-2.4.27 =www-servers/apache-2.4.27
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2017-07-13 13:16:43 UTC
Two vulns, one of them affecting all older apache versions:
http://www.openwall.com/lists/oss-security/2017/07/13/3
http://www.openwall.com/lists/oss-security/2017/07/13/4

Bump for 2.4.27 is already done, needs stabilization
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2017-07-13 13:43:14 UTC
Arches please test and mark stable the following list of packages:

=app-admin/apache-tools-2.4.27
=www-servers/apache-2.4.27


target KEYWORDS are:

alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris
Comment 2 Markus Meier gentoo-dev 2017-07-14 04:57:45 UTC
arm stable
Comment 3 Tobias Klausmann (RETIRED) gentoo-dev 2017-07-15 09:59:09 UTC
Stable on alpha.
Comment 4 Tobias Klausmann (RETIRED) gentoo-dev 2017-07-15 10:05:12 UTC
(In reply to Tobias Klausmann from comment #3)
> Stable on alpha.

Bullshit. Amd64 stable.
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2017-07-15 10:12:51 UTC
ia64 stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2017-07-16 11:15:44 UTC
Stable on alpha.
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-18 19:44:10 UTC
x86 stable
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-07 21:03:07 UTC
sparc stable (thanks to Dakon)
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2017-09-18 13:08:49 UTC
Superseded by bug 631308.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2017-10-29 23:05:17 UTC
This issue was resolved and addressed in
 GLSA 201710-32 at https://security.gentoo.org/glsa/201710-32
by GLSA coordinator Aaron Bauman (b-man).