Bug 33286 - apache2: Multiple issues (3.2)
apache2: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.0
Other Linux
: P3 normal (vote)
: UCS 3.2-7-errata
Assigned To: Stefan Gohmann
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-12 11:25 CET by Moritz Muehlenhoff
Modified: 2015-09-09 11:31 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2013-11-12 11:25:23 CET
+++ This bug was initially created as a clone of Bug #31300 +++

mod_write doesn't filter log file data for non-printable character (CVE-2013-1862)

Denial of service in mod_dav (CVE-2013-1896)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-03-18 07:03:55 CET
Denial of service in mod_log_config (CVE-2014-0098)
Denial of service in mod_dav (CVE-2013-6438)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-04-30 14:51:31 CEST
(In reply to Moritz Muehlenhoff from comment #0)
> +++ This bug was initially created as a clone of Bug #31300 +++
> 
> mod_write doesn't filter log file data for non-printable character
> (CVE-2013-1862)
> 
> Denial of service in mod_dav (CVE-2013-1896)

These two issues were fixed with the update to Squeeze 6.0.9 (Bug 34588), the other issues remain unfixed.
Comment 3 Moritz Muehlenhoff univentionstaff 2014-05-30 15:08:01 CEST
(In reply to Moritz Muehlenhoff from comment #1)
> Denial of service in mod_log_config (CVE-2014-0098)

The vulnerable code isn't present yet in the version in UCS 3.x
Comment 4 Moritz Muehlenhoff univentionstaff 2014-07-09 11:29:13 CEST
Currrently only this issue is open:
Denial of service in mod_dav (CVE-2013-6438)
Comment 5 Moritz Muehlenhoff univentionstaff 2014-07-23 16:31:57 CEST
Denial of service in mod_proxy (CVE-2014-0117)
Heap overflow in mod_status scoreboard handling (CVE-2014-0226)
Denial of service in mod_deflate (CVE-2014-0118)
Denial of service in mod_cgid (CVE-2014-0231)
Comment 6 Moritz Muehlenhoff univentionstaff 2014-10-04 11:04:45 CEST
Denial of service in mod_cache (CVE-2014-3581)
Comment 7 Moritz Muehlenhoff univentionstaff 2014-11-19 13:26:39 CET
Denial of service through malicious fcgi scripts (CVE-2014-3583)
Comment 8 Moritz Muehlenhoff univentionstaff 2014-11-25 07:26:23 CET
Incorrect handling of chunked trailer fields in mod_headers (CVE-2013-5704)
Comment 9 Moritz Muehlenhoff univentionstaff 2014-12-10 08:28:32 CET
(In reply to Moritz Muehlenhoff from comment #5)
> Denial of service in mod_proxy (CVE-2014-0117)

This doesn't affect UCS 3.x
Comment 10 Moritz Muehlenhoff univentionstaff 2015-01-05 09:31:11 CET
(In reply to Moritz Muehlenhoff from comment #7)
> Denial of service through malicious fcgi scripts (CVE-2014-3583)

This only affects Apache 2.4
Comment 11 Moritz Muehlenhoff univentionstaff 2015-01-05 09:31:45 CET
(In reply to Moritz Muehlenhoff from comment #7)
> Denial of service through malicious fcgi scripts (CVE-2014-3583)

This only affects Apache 2.4
Comment 12 Arvid Requate univentionstaff 2015-08-03 12:43:00 CEST
* HTTP request smuggling attack against chunked request parser, allowing cache poisoning or credential hijacking if an intermediary proxy is in use (CVE-2015-3183)

Fixed upstream in Debian package version 2.2.16-6+squeeze15
Comment 13 Stefan Gohmann univentionstaff 2015-08-29 20:50:49 CEST
2.2.16-6+squeeze15 has been imported.

YAML: 2015-08-29-apache2.yaml
Comment 14 Stefan Gohmann univentionstaff 2015-08-31 08:34:00 CEST
My tests were successful.
Comment 15 Janek Walkenhorst univentionstaff 2015-09-04 18:47:40 CEST
Advisory: OK
Changelog: OK
Tests (amd64): OK
Comment 16 Janek Walkenhorst univentionstaff 2015-09-09 11:31:14 CEST
<http://errata.software-univention.de/ucs/3.2/365.html>