You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa apache2

Sigurnosni nedostatak programskog paketa apache2

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LDE

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-3913-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2017 https://www.debian.org/security/faq
– ————————————————————————-

Package : apache2
CVE ID : CVE-2017-9788
Debian Bug : 868467

Robert Swiecki reported that mod_auth_digest does not properly
initialize or reset the value placeholder in [Proxy-]Authorization
headers of type ‘Digest’ between successive key=value assignments,
leading to information disclosure or denial of service.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.4.10-10+deb8u10.

For the stable distribution (stretch), this problem has been fixed in
version 2.4.25-3+deb9u2.

For the unstable distribution (sid), this problem has been fixed in
version 2.4.27-1.

We recommend that you upgrade your apache2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllubdFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SZwg//enifOmkmoMzdFfJR2mGsJJGwUNR2MaLs28qvnDo7PsTVni1OcU/kohnM
cYyP0RWZcaZq3rWMLnKArU6gir0xAdRhIiyKR6F+uui1QBpKuMZyEON9c90U4u6T
6KsL4tXQ0EFwA8F/V7vladPqqnwlmXQ3GgadznWdJPQKcfbG1yWKtJEaxg69xqDO
BXSwQmF5t7rvG1eGVSP8xGiBqeKu7TbTDI7k0SucDHpvCPRU6KRu3s7GcELShQEx
n30rf3UdKJdYMtv+TGfxIKXqX+5/yBz5WPRkaGPJP7UOXFBTG1VnEku315l84tUA
JjMJ44vHzqYQ7mva0abKYdHOyDoERbfvd6etlGPkunrnPPcTnM5AQGOKoZAC6LQ1
vGFmaH9V/LhGO9LI2eTAapGHNhQIQRkCMDZXUQ/O/llOIFuQOz0m1++Q6zOMr+j7
KtoJtcy8kuG70hDWL35VwbDrtt8wdXkh6IJp9RNgzVu0p9KqpKD2zhBwsCDZVF1h
3QYPwpbeQYpo1XCCxbLv4REFhZZviBYfZwNcNwRSbKAf0tyqttRw51W6iaWNVUdA
LuWMxJmSGeW2WPlHa6ojgkRQaEccGzAL8se6q/1NWnuczEVKFMQ4nNvclho0ZfAQ
2Ixvp2a9FkOqkmdJQnIkpxcDC4Pz36WwslLQVM1ESaRxhMsD9IA=
=bTmY
—–END PGP SIGNATURE—–

AutorVlatka Misic
Cert idNCERT-REF-2017-07-0124-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libtasn1-3

Otkriven je sigurnosni nedostatak u programskoj biblioteci libtasn1-3 za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izvršavanje proizvoljnog...

Close