Updated versions of the Apache HTTP server, PHP, and mod_ssl are now
available for Stronghold 4.0 for Enterprise Linux.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Several security issues have been found in various packages in Stronghold
4.0:
A flaw in the strip_tags function in PHP, commonly used by PHP scripts to
prevent cross-site scripting attacks by removing HTML tags from
user-supplied form data. HTML tags can, in some cases, be passed intact
through the strip_tags function, which may allow a cross-site scripting
attack. (CVE-2004-0595)
A flaw if the memory_limit configuration setting is enabled in PHP. If a
remote attacker could force the PHP interpreter to allocate more memory
than the memory_limit setting before script execution begins, then the
attacker may be able to supply the contents of a PHP hash table remotely.
This hash table could then be used to execute arbitrary code in the context
of the server. (CVE-2004-0594)
Various flaws, including possible information disclosure, double free, and
negative reference index array underflow in the deserialization code of
PHP. PHP applications may use the unserialize function on untrusted user
data, which could allow a remote attacker to gain access to memory or
potentially execute arbitrary code. (CVE-2004-1019)
Flaws in shmop_write, pack, and unpack PHP functions. These functions are
not normally passed user-supplied data, so would require a malicious PHP
script to be exploited. (CVE-2004-1018)
A stack buffer overflow in mod_ssl. If FakeBasicAuth had been enabled, a
carefully crafted client certificate sent to mod_ssl can cause a stack
overflow. In order to exploit this issue, the malicious certificate would
have to be signed by a Certificate Authority which mod_ssl is configured to
trust. (CVE-2004-0488)
The mod_ssl module, when using the "SSLCipherSuite" directive in directory
or location context, allowed remote clients to bypass intended restrictions
by using any cipher suite that is allowed by the virtual host
configuration. (CVE-2004-0885)
A flaw in mod_ssl triggered if a virtual host was configured using
"SSLVerifyClient optional" and a directive "SSLVerifyClient required" is
set for a specific location. For servers configured in this fashion, an
attacker may be able to access resources that should otherwise be
protected. (CVE-2005-2700)
A flaw in the handling of regular expressions from configuration files
in the Apache HTTP Server could lead to a buffer overflow. To exploit this
issue, an attacker would need to have the ability to write to Apache
configuration files such as .htaccess or httpd.conf. (CVE-2003-0542)
mod_digest did not properly verify the nonce of a client response by using
a AuthNonce secret. This could allow a malicious user who is able to sniff
network traffic to conduct a replay attack against a website using Digest
protection. Note that mod_digest implements an older version of the MD5
Digest Authentication specification which is known not to work with modern
browsers. This issue does not affect mod_auth_digest. (CVE-2003-0987)
A buffer overflow in the get_tag function in mod_include allowed local
users who can create SSI documents to execute arbitrary code as the apache
user via SSI (XSSI) documents that trigger a length calculation error.
(CVE-2004-0940)
Users of Stronghold are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
| Red Hat Stronghold for Enterprise Linux |
|
| SRPMS: |
stronghold-apache-1.3.22-25.src.rpm
File outdated by: RHSA-2006:0692 |
049c475bd0b56ee035ac2bddf0969012 |
| stronghold-mod_ssl-2.8.7-9.src.rpm |
636c0ab5f8223ecebfed31a8584e72fd |
stronghold-php-4.1.2-7.src.rpm
File outdated by: RHSA-2007:0163 |
0c10caf1d418bbe5592deaa141b73ce1 |
| |
| IA-32: |
stronghold-apache-1.3.22-25.i386.rpm
File outdated by: RHSA-2006:0692 |
1187ef428a5b37098221bb513799124a |
stronghold-apache-devel-1.3.22-25.i386.rpm
File outdated by: RHSA-2006:0692 |
8f5ec71681a13733ab62bdfb6370aba3 |
stronghold-apache-manual-1.3.22-25.i386.rpm
File outdated by: RHSA-2006:0692 |
8c31c5a669fdcded626528dca434c060 |
| stronghold-mod_ssl-2.8.7-9.i386.rpm |
ae2bdc1b65627517fb03f43324916953 |
stronghold-php-4.1.2-7.i386.rpm
File outdated by: RHSA-2007:0163 |
ab7ba645fbf0707c499f104dfb78d5fe |
stronghold-php-devel-4.1.2-7.i386.rpm
File outdated by: RHSA-2007:0163 |
db92030b3686e49fe8f48f60d3f355e2 |
stronghold-php-imap-4.1.2-7.i386.rpm
File outdated by: RHSA-2007:0163 |
7754d68472de62bf627dee6d12fb37f5 |
stronghold-php-ldap-4.1.2-7.i386.rpm
File outdated by: RHSA-2007:0163 |
a8c61ddb232201f177d6bbb1c2a6724e |
stronghold-php-manual-4.1.2-7.i386.rpm
File outdated by: RHSA-2007:0163 |
1ca0abc9dda0dd09acf7d78ef12c6d51 |
stronghold-php-mysql-4.1.2-7.i386.rpm
File outdated by: RHSA-2007:0163 |
bd1e2d3fe7c632daae55eb6d1bb7af4e |
stronghold-php-odbc-4.1.2-7.i386.rpm
File outdated by: RHSA-2007:0163 |
7a9583334c7704c2d1b4bf98e53e9906 |
stronghold-php-pgsql-4.1.2-7.i386.rpm
File outdated by: RHSA-2007:0163 |
cb714a12f38ca1625acfccceaeaffb74 |
stronghold-php-snmp-4.1.2-7.i386.rpm
File outdated by: RHSA-2007:0163 |
abe38bfae15d2d747a90f774ab2bdc7e |
| |
(The unlinked packages above are only available from the Red Hat Network)
|
171694 - CVE-2003-0542 multiple flaws in Apache (CVE-2003-0542, CVE-2003-0987, CVE-2004-0940)
171695 - CVE-2004-0595 PHP flaws (CVE-2004-0594 CVE-2004-1018 CVE-2004-1019)
171696 - CVE-2004-0488 mod_ssl flaws (CVE-2004-0885 CVE-2005-2700)
apache, mod_ssl, php update for Stronghold