セキュリティバグフィックス情報は下記となります、下記の情報は全てApache(httpd)バーション2.2.16にフィックス済みの形になりました。影響されたApacheバーションについてバーション2.2.16にアップグレードが必要です。
1)mod_dav, mod_cache: Fix Handling of requests without a path segment.
CVE Name CVE-2010-1452
[Credit: Mark Drayton, Jeff Trawick]
2)mod_proxy_ajp, mod_proxy_http, mod_reqtimeout: Fix timeout detection for platforms Windows, Netware and OS2.
CVE Name CVE-2010-2068
[Credit: Rainer Jung]
3)Apacheのcoreコーディング: Filter init functions are now run strictly once per request before handler invocation.
The init functions are no longer run for connection filters.
[Credit: Joe Orton]
4)mod_filter: enable it to act on non-200 responses.
[Credit: Nick Kew]
5)mod_ldap: LDAP caching was suppressed (and ldap-status handler returns title page only) when any mod_ldap directives were used in VirtualHost context.
[Credit: Eric Covener]
6)mod_ssl: Fix segfault at startup if proxy client certs are shared across multiple vhosts.
[Credit: Joe Orton]
7)mod_proxy_http: Log the port of the remote server in various messages.
[Credit: Igor Galić | galic brainsware org]
8)apxs: Fix -A and -a options to ignore whitespace in httpd.conf
[Credit: Philip M. Gollucci]
9)mod_dir: add FallbackResource directive, to enable admin to specify an action to happen when a URL maps to no file, without resorting to ErrorDocument or mod_rewrite.
[Credit: Nick Kew]
10)mod_rewrite: Allow to set environment variables without explicitely giving a value.
[Credit: Rainer Jung]
CVE Name CVE-2010-1452
[Credit: Mark Drayton, Jeff Trawick]
2)mod_proxy_ajp, mod_proxy_http, mod_reqtimeout: Fix timeout detection for platforms Windows, Netware and OS2.
CVE Name CVE-2010-2068
[Credit: Rainer Jung]
3)Apacheのcoreコーディング: Filter init functions are now run strictly once per request before handler invocation.
The init functions are no longer run for connection filters.
[Credit: Joe Orton]
4)mod_filter: enable it to act on non-200 responses.
[Credit: Nick Kew]
5)mod_ldap: LDAP caching was suppressed (and ldap-status handler returns title page only) when any mod_ldap directives were used in VirtualHost context.
[Credit: Eric Covener]
6)mod_ssl: Fix segfault at startup if proxy client certs are shared across multiple vhosts.
[Credit: Joe Orton]
7)mod_proxy_http: Log the port of the remote server in various messages.
[Credit: Igor Galić | galic brainsware org]
8)apxs: Fix -A and -a options to ignore whitespace in httpd.conf
[Credit: Philip M. Gollucci]
9)mod_dir: add FallbackResource directive, to enable admin to specify an action to happen when a URL maps to no file, without resorting to ErrorDocument or mod_rewrite.
[Credit: Nick Kew]
10)mod_rewrite: Allow to set environment variables without explicitely giving a value.
[Credit: Rainer Jung]
リファレンス↓
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068
http://svn.apache.org/viewvc?view=revision&revision=966349
https://issues.apache.org/bugzilla/show_bug.cgi?id=49246
http://www.apache.org/dist/httpd/CHANGES_2.2.16
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068
http://svn.apache.org/viewvc?view=revision&revision=966349
https://issues.apache.org/bugzilla/show_bug.cgi?id=49246
http://www.apache.org/dist/httpd/CHANGES_2.2.16
---
株式会社ケイエルジェイテック
http://www.kljtech.com
セキュリティモニターセンター
0 件のコメント:
コメントを投稿