Security Advisory Moderate: httpd security update

Advisory: RHSA-2008:0005-4
Type: Security Advisory
Severity: Moderate
Issued on: 2008-01-15
Last updated on: 2008-01-15
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
OVAL: com.redhat.rhsa-20080005.xml
CVEs (cve.mitre.org): CVE-2007-3847
CVE-2007-4465
CVE-2007-5000
CVE-2007-6388
CVE-2008-0005

Details

Updated Apache httpd packages that fix several security issues are now
available for Red Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Apache HTTP Server is a popular Web server.

A flaw was found in the mod_imap module. On sites where mod_imap was
enabled and an imagemap file was publicly available, a cross-site scripting
attack was possible. (CVE-2007-5000)

A flaw was found in the mod_autoindex module. On sites where directory
listings are used, and the "AddDefaultCharset" directive has been removed
from the configuration, a cross-site scripting attack was possible against
Web browsers which did not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465)

A flaw was found in the mod_proxy module. On sites where a reverse proxy is
configured, a remote attacker could send a carefully crafted request that
would cause the Apache child process handling that request to crash. On
sites where a forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a malicious site using
the proxy. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-3847)

A flaw was found in the mod_status module. On sites where mod_status was
enabled and the status pages were publicly available, a cross-site
scripting attack was possible. (CVE-2007-6388)

A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp
was enabled and a forward proxy was configured, a cross-site scripting
attack was possible against Web browsers which did not correctly derive the
response character set following the rules in RFC 2616. (CVE-2008-0005)

Users of Apache httpd should upgrade to these updated packages, which
contain backported patches to resolve these issues. Users should restart
httpd after installing this update.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
httpd-2.0.46-70.ent.src.rpm     b2da904635ee4c5a92b15a854a83a8b9
 
IA-32:
httpd-2.0.46-70.ent.i386.rpm     847875ca5096f6bc40cf745bf84de492
httpd-devel-2.0.46-70.ent.i386.rpm     b8859c02a0933996a55b1efaf69df9d0
mod_ssl-2.0.46-70.ent.i386.rpm     e967058179994cac2caba0553179b33d
 
x86_64:
httpd-2.0.46-70.ent.x86_64.rpm     3c5fca78b3b47f8fa279ae68193785b6
httpd-devel-2.0.46-70.ent.x86_64.rpm     7ba3bd3872eae4a1dca50a3b8ca05539
mod_ssl-2.0.46-70.ent.x86_64.rpm     391c0884aabfe1d7f3080ab703eb830c
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
httpd-2.0.46-70.ent.src.rpm     b2da904635ee4c5a92b15a854a83a8b9
 
IA-32:
httpd-2.0.46-70.ent.i386.rpm     847875ca5096f6bc40cf745bf84de492
httpd-devel-2.0.46-70.ent.i386.rpm     b8859c02a0933996a55b1efaf69df9d0
mod_ssl-2.0.46-70.ent.i386.rpm     e967058179994cac2caba0553179b33d
 
IA-64:
httpd-2.0.46-70.ent.ia64.rpm     042faca4d000881243b379f2b9368eef
httpd-devel-2.0.46-70.ent.ia64.rpm     e5c61749634e68840c66b7d9f5d848a1
mod_ssl-2.0.46-70.ent.ia64.rpm     38be7784447090d10b0dafc092f45e6b
 
PPC:
httpd-2.0.46-70.ent.ppc.rpm     47445147d08190f17bc627c818045eb0
httpd-devel-2.0.46-70.ent.ppc.rpm     4cf010a9e15b0010ea99ffc8f5e0f8c6
mod_ssl-2.0.46-70.ent.ppc.rpm     6dfea1c91a5d17ac9ae0367f8e5a096a
 
s390:
httpd-2.0.46-70.ent.s390.rpm     a29b0bae45123b529ee562add299484e
httpd-devel-2.0.46-70.ent.s390.rpm     65f6b82eaefa26e8381cd9bc9d51b89b
mod_ssl-2.0.46-70.ent.s390.rpm     ba5a9db88f1c771f2ddc869b0dea0c0e
 
s390x:
httpd-2.0.46-70.ent.s390x.rpm     5a31a0ede6ef6dd3890c7de645643caa
httpd-devel-2.0.46-70.ent.s390x.rpm     b1afdf881aec6e7c05fd8bf0844055b7
mod_ssl-2.0.46-70.ent.s390x.rpm     fd20968c556efdd91ce7073b4a62cb80
 
x86_64:
httpd-2.0.46-70.ent.x86_64.rpm     3c5fca78b3b47f8fa279ae68193785b6
httpd-devel-2.0.46-70.ent.x86_64.rpm     7ba3bd3872eae4a1dca50a3b8ca05539
mod_ssl-2.0.46-70.ent.x86_64.rpm     391c0884aabfe1d7f3080ab703eb830c
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
httpd-2.0.46-70.ent.src.rpm     b2da904635ee4c5a92b15a854a83a8b9
 
IA-32:
httpd-2.0.46-70.ent.i386.rpm     847875ca5096f6bc40cf745bf84de492
httpd-devel-2.0.46-70.ent.i386.rpm     b8859c02a0933996a55b1efaf69df9d0
mod_ssl-2.0.46-70.ent.i386.rpm     e967058179994cac2caba0553179b33d
 
IA-64:
httpd-2.0.46-70.ent.ia64.rpm     042faca4d000881243b379f2b9368eef
httpd-devel-2.0.46-70.ent.ia64.rpm     e5c61749634e68840c66b7d9f5d848a1
mod_ssl-2.0.46-70.ent.ia64.rpm     38be7784447090d10b0dafc092f45e6b
 
x86_64:
httpd-2.0.46-70.ent.x86_64.rpm     3c5fca78b3b47f8fa279ae68193785b6
httpd-devel-2.0.46-70.ent.x86_64.rpm     7ba3bd3872eae4a1dca50a3b8ca05539
mod_ssl-2.0.46-70.ent.x86_64.rpm     391c0884aabfe1d7f3080ab703eb830c
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
httpd-2.0.46-70.ent.src.rpm     b2da904635ee4c5a92b15a854a83a8b9
 
IA-32:
httpd-2.0.46-70.ent.i386.rpm     847875ca5096f6bc40cf745bf84de492
httpd-devel-2.0.46-70.ent.i386.rpm     b8859c02a0933996a55b1efaf69df9d0
mod_ssl-2.0.46-70.ent.i386.rpm     e967058179994cac2caba0553179b33d
 
IA-64:
httpd-2.0.46-70.ent.ia64.rpm     042faca4d000881243b379f2b9368eef
httpd-devel-2.0.46-70.ent.ia64.rpm     e5c61749634e68840c66b7d9f5d848a1
mod_ssl-2.0.46-70.ent.ia64.rpm     38be7784447090d10b0dafc092f45e6b
 
x86_64:
httpd-2.0.46-70.ent.x86_64.rpm     3c5fca78b3b47f8fa279ae68193785b6
httpd-devel-2.0.46-70.ent.x86_64.rpm     7ba3bd3872eae4a1dca50a3b8ca05539
mod_ssl-2.0.46-70.ent.x86_64.rpm     391c0884aabfe1d7f3080ab703eb830c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

250731 - CVE-2007-3847 httpd out of bounds read
289511 - CVE-2007-4465 mod_autoindex XSS
419931 - CVE-2007-5000 mod_imagemap XSS
427228 - CVE-2007-6388 apache mod_status cross-site scripting
427739 - CVE-2008-0005 mod_proxy_ftp XSS


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/