Bulletin d'alerte Debian
DSA-2035-1 apache2 -- Plusieurs problèmes
- Date du rapport :
- 17 avril 2010
- Paquets concernés :
- apache2
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le dictionnaire CVE du Mitre : CVE-2010-0408, CVE-2010-0434.
- Plus de précisions :
-
Deux problèmes ont été découverts dans le serveur web HTTPD Apache :
- CVE-2010-0408
mod_proxy_ajp reverrait le mauvais code d'état en cas d'erreur, provoquant une mise en état d'erreur du serveur moteur jusqu'à expiration du délai de réessai. Un attaquant distant pourrait envoyer des requêtes malveillantes pour déclencher ce problème, provoquant un déni de service.
- CVE-2010-0434
Un défaut dans le code de traitement de sous-requête principal a été découvert. Cela pourrait conduire au plantage du démon (erreur de segmentation) ou à la révélation de renseignements sensibles si les en-têtes d'une sous-requête étaient modifiés par des modules comme mod_headers.
Pour la distribution stable (Lenny), ces problèmes ont été corrigés dans la version 2.2.9-10+lenny7.
Pour la distribution testing (Squeeze) et la distribution unstable (Sid), ces problèmes ont été corrigés dans la version 2.2.15-1.
Cette annonce fournit aussi les paquets apache2-mpm-itk mis à jour qui ont été recompilés avec les nouveaux paquets apache2.
Nous vous recommandons de mettre à jour vos paquets apache2 et apache2-mpm-itk.
- CVE-2010-0408
- Corrigé dans :
-
Debian GNU/Linux 5.0 (lenny)
- Source :
- http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.dsc
- http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.diff.gz
- http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz
- http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.diff.gz
- Composant indépendant de l'architecture :
- http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7_all.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny7_all.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny7_all.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny7_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b4_alpha.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_amd64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_arm.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_arm.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_arm.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_arm.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_arm.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_arm.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_arm.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_arm.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_arm.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_arm.deb
- http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_arm.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_armel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_armel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_armel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_armel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_armel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_armel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_armel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_armel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_armel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_armel.deb
- http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_armel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_hppa.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_i386.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_i386.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_i386.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_i386.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_i386.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_i386.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_i386.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_i386.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_i386.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_i386.deb
- http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_i386.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_ia64.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_mips.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_mips.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_mips.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_mips.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_mips.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_mips.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_mips.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_mips.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_mips.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_mips.deb
- http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_mips.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_mipsel.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_powerpc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_s390.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_s390.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_s390.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_s390.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_s390.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_s390.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_s390.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_s390.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_s390.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_s390.deb
- http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_s390.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_sparc.deb
- http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.