apache 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1314983387
업데이트 : 2011.09.03
상세내용
- apache 1.3.41-2 update
- 보안버그 수정 사항
. CVE-2010-0010
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c
in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms
allows remote origin servers to cause a denial of service (daemon crash)
or possibly execute arbitrary code via a large chunk size that triggers
a heap-based buffer overflow.
. CVE-2011-3192
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64,
and 2.2.x through 2.2.19 allows remote attackers to cause a denial of
service (memory and CPU consumption) via a Range header that expresses
multiple overlapping ranges, as exploited in the wild in August 2011, a
different vulnerability than CVE-2007-0086.
Autoupdates 지원 : Packages System
pkgadd -F "apache*"
update 패키지
RPMS :
. apache-1.3.41-2.i686.rpm
. apache-devel-1.3.41-2.i686.rpm
SRPMS :
. apache-1.3.41-2.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
|