Skip to navigation

Security Advisory Important: httpd and httpd22 security update

Advisory: RHSA-2011:1329-1
Type: Security Advisory
Severity: Important
Issued on: 2011-09-21
Last updated on: 2011-09-21
Affected Products: JBoss Enterprise Web Server v1 EL4
JBoss Enterprise Web Server v1 EL5
JBoss Enterprise Web Server v1 EL6
CVEs (cve.mitre.org): CVE-2011-3192

Details

Updated httpd and httpd22 packages that fix one security issue are now
available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise
Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The Apache HTTP Server is a popular web server.

A flaw was found in the way the Apache HTTP Server handled Range HTTP
headers. A remote attacker could use this flaw to cause the Apache HTTP
Server to use an excessive amount of memory and CPU time via HTTP requests
with a specially-crafted Range header. (CVE-2011-3192)

All users of JBoss Enterprise Web Server 1.0.2 should upgrade to these
updated packages, which contain a backported patch to correct this issue.
After installing the updated packages, Red Hat Enterprise Linux 4 users
must restart the httpd22 service, and Red Hat Enterprise Linux 5 and 6
users must restart the httpd service, for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

JBoss Enterprise Web Server v1 EL4

SRPMS:
httpd22-2.2.17-16.ep5.el4.src.rpm     MD5: 6b418c9d626c0c18bccccc1c32ce29c5
SHA-256: cbd53caea8050dc325ff172666a603be0f10df79c5933e29b825cc4759fed86d
 
IA-32:
httpd22-2.2.17-16.ep5.el4.i386.rpm     MD5: db09a7dfb15c6a189ea7d6ed2828a687
SHA-256: 074479dea6cd4d53f0c7a68bbae6fc42ab9fd15042b95f046e797e09f2661b55
httpd22-apr-2.2.17-16.ep5.el4.i386.rpm     MD5: 2fe4546291ccb7c3aadbcf394be07058
SHA-256: 1f6c34f5ceaecc8f6bbd6904eb4febe6b3e0919efb38ed874d74f55f38c7a265
httpd22-apr-devel-2.2.17-16.ep5.el4.i386.rpm     MD5: 824aae02926714e396e51ae86a0171d7
SHA-256: 5c87fddc7f4897b504100a9b64940eb7c7d6380ddd352ef9632e2ec0def42b6b
httpd22-apr-util-2.2.17-16.ep5.el4.i386.rpm     MD5: 46e4cd6a1aecc4d25a03ca99e859dae7
SHA-256: 796ba8cf5d31ffcd6a256c0eda0ae37a945b20df8365784b519a248d8fad6ef4
httpd22-apr-util-devel-2.2.17-16.ep5.el4.i386.rpm     MD5: 9830dc17b2cfb9e7b20469b8634b88dc
SHA-256: f342bcab704555285f5cdeff82fa92b97ec653145ef4bd4b7aa962080c49636e
httpd22-devel-2.2.17-16.ep5.el4.i386.rpm     MD5: b66560131af85bdb5d3f8d088ed45ced
SHA-256: 7c05150653979cdbe106af51379dfc1bd425cb583b9b3fcc417c6215a4b32e27
httpd22-manual-2.2.17-16.ep5.el4.i386.rpm     MD5: 6a7ff7f7239740d0dad4dadd3393e3bc
SHA-256: 9dd61798e86675129277e2059b0f088ce3e8ef4f57662ae34d6d9806c435a36c
mod_ssl22-2.2.17-16.ep5.el4.i386.rpm     MD5: ef9f9d99980e3913ba1f1eab8c358c68
SHA-256: eda6bdc995658092ff033c3162c13c342684380c9d74eacd6251b67600b1f26b
 
x86_64:
httpd22-2.2.17-16.ep5.el4.x86_64.rpm     MD5: 9ea3b61c478f94ff69de3c1c3f5e8734
SHA-256: bdba656dbfb6efae36bf4274432173195c36cad6183769b7e128fe25c5528199
httpd22-apr-2.2.17-16.ep5.el4.x86_64.rpm     MD5: 86d54d8c15acb10c8ac386869521007d
SHA-256: 1a7b6b7d0e02c76dafea4254fd947c4fe461cb8df529e153090c470fcfdaf537
httpd22-apr-devel-2.2.17-16.ep5.el4.x86_64.rpm     MD5: f8dcdae7536bfd8a3222caac72235afc
SHA-256: 1eca7b02c6c5923757747c1befff6fc74f4910ee1e9c4b65c85e942d9b3f5af9
httpd22-apr-util-2.2.17-16.ep5.el4.x86_64.rpm     MD5: 2fcbecc63b9e7da88cf588e546a9a9d7
SHA-256: 546be9ea7373dcd13cce96cd15f9cdec8f454a57f97b600934d68e070c8bd757
httpd22-apr-util-devel-2.2.17-16.ep5.el4.x86_64.rpm     MD5: 9d70d2a22c6b2c2f09d51dd849531627
SHA-256: cd5cbb0267d8e9f66955af0aa2001141b3c9970650f0771e93ac0f1cdd90bc7f
httpd22-devel-2.2.17-16.ep5.el4.x86_64.rpm     MD5: 4ab1cafa58a7f159dba45fb4c0d204d2
SHA-256: 32e451b588194d984cc60771a75fea3c70c8aaab08facad3231f08669efd973d
httpd22-manual-2.2.17-16.ep5.el4.x86_64.rpm     MD5: 04f47910c283b9a910a5a589629b0c14
SHA-256: 610750f7147fb883d226de45678db360723122ca6d3dfa7ec8971c11a6ae99cc
mod_ssl22-2.2.17-16.ep5.el4.x86_64.rpm     MD5: c6c39b791cc0ce5ea03ae952126369bc
SHA-256: 787185d941b5604648ae6e6ac9ef3ed426646eb363ae2eb9f0fa11811078431b
 
JBoss Enterprise Web Server v1 EL5

SRPMS:
httpd-2.2.17-14.1.ep5.el5.src.rpm
File outdated by:  RHSA-2012:0542
    MD5: a555d31f2cd543938b327af217b19992
SHA-256: bac3a712d0039b6fb6a9ca8154f67a4a5a17d77e94cd6d51b027c9c15fba15b5
 
IA-32:
httpd-2.2.17-14.1.ep5.el5.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: 1c0817d04b2b343bdb873b97c60e6eab
SHA-256: 645322ba3d2e351042f4800a2b3e8f3bd46f6b92047550fa0a6324f12a599f64
httpd-devel-2.2.17-14.1.ep5.el5.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: 437407ae373ceff02b9d0146047f83e8
SHA-256: c055fa6e52d2e63a1bacec7c2b9464e1324acaa6148af9bfb18d2653978e9521
httpd-manual-2.2.17-14.1.ep5.el5.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: eeb1a3eeebc981822ed496924b507aa8
SHA-256: 16e29bf2509bf60445dde21ff5c3a46fa2435768a4a3123a60b77d75aec8bee3
mod_ssl-2.2.17-14.1.ep5.el5.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: aad9348b424f51451e0a7e8ab544720c
SHA-256: 9215354804ab28b8589cbe2f71c57527b11d3f1bd7d5d4ea67d18513f6b17c97
 
x86_64:
httpd-2.2.17-14.1.ep5.el5.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: a68f1651d6d26a38982e31d9d760a449
SHA-256: 84f3a5dc892ca515b72d9d1f99557c5e30ac5fe01056f3dcd12da3de493c9bac
httpd-devel-2.2.17-14.1.ep5.el5.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: 2fbe8a17eb2eafe023ec22b1e3758c27
SHA-256: 50d9d01442bec15e56381b65334f980f48bd4bb402e4bc717ba1ad13f6eb7dbc
httpd-manual-2.2.17-14.1.ep5.el5.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: 12d2be714bd3ef0a2cf4090469cf83ed
SHA-256: a1f0d231bb701d27126e64cfee17e72307f1c308efe4a502f9fc1393e296e291
mod_ssl-2.2.17-14.1.ep5.el5.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: 92729d10239b67d80bb7a1e637579bf1
SHA-256: 759e5cd3e2a047cc7babd3cc06e70ddd8470f874cf2fbbe9e7695a82fb2d2ddb
 
JBoss Enterprise Web Server v1 EL6

SRPMS:
httpd-2.2.17-13.2.ep5.el6.src.rpm
File outdated by:  RHSA-2012:0542
    MD5: d9af6be8f3dc5cdbe9168685f3a3e67a
SHA-256: a4881e402c62aadbb429e617195d7ae61a40e4eff10a2ddea1cf88f2aae1ad66
 
IA-32:
httpd-2.2.17-13.2.ep5.el6.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: 110d3fa434388ebadcc8b4556fd7c48e
SHA-256: 2a622387a4192937f011ad8c747f30b9f4aba1bfa9a814f94268bd221ce04bce
httpd-devel-2.2.17-13.2.ep5.el6.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: 844ada15d71778f736e0a0f95dd2ecac
SHA-256: 8a27102ba10ae4ca2558df69c196d2067ae73e874ed9323c76a706e8bb5c85a9
httpd-manual-2.2.17-13.2.ep5.el6.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: c0cd424888ded993c717cf63bce58cdf
SHA-256: 50d8a6b9fb84d683de8152ed727720400f55544f806acf755c5e916244d32c8b
httpd-tools-2.2.17-13.2.ep5.el6.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: 925ab38ba36c1e1412b7422dbac6e818
SHA-256: fe0482602307699a1e4fa8c6ef7649ac3ad68ef4dc01d2e0989f446d5422731d
mod_ssl-2.2.17-13.2.ep5.el6.i386.rpm
File outdated by:  RHSA-2012:0542
    MD5: b019674e5f30d749cb9123a671d95470
SHA-256: d682f562f8e07468b0df02a6789eeba5ec489c5f56b06a490d1abfb423f2c543
 
x86_64:
httpd-2.2.17-13.2.ep5.el6.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: 8e1bd6bf0ed1a4f45415186011d35bec
SHA-256: 202393a257cb12ebe544320bfa256fc1727aced6b8ff2e010ec73c5931ccde45
httpd-devel-2.2.17-13.2.ep5.el6.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: dac45058211b174f6c73c498356113d0
SHA-256: b12a8e682dcf074b83bbcb928c2308fa2c430a3c123da9a48897c75043617622
httpd-manual-2.2.17-13.2.ep5.el6.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: 3d64767ba183146d2e7ce941607c6f2d
SHA-256: 8beef2a7d69e7e33ffa8daf7c2a014c8a4ae5ca4ee28e2fc88e9ea3a3ef82f96
httpd-tools-2.2.17-13.2.ep5.el6.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: 1914e7a822af248bc97dbec4973531ae
SHA-256: 3050d648fe5e34e571beade7f94387a1790f81b6ceaf72a9db5bbfc1322827d9
mod_ssl-2.2.17-13.2.ep5.el6.x86_64.rpm
File outdated by:  RHSA-2012:0542
    MD5: 08c12d9bdc29fd752c01cd931c10523d
SHA-256: 46ce40bcfe622359f803b7d3afd1a77ad7bd128c757582dc6aca70e68fe04324
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

732928 - CVE-2011-3192 httpd: multiple ranges DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/