Red Hat Product Errata RHSA-2011:1329 - Security Advisory

Issued:: 2011-09-21
Updated:: 2011-09-21

RHSA-2011:1329 - Security Advisory

Overview
Updated Packages

Synopsis

Important: httpd and httpd22 security update

Type/Severity

Security Advisory: Important

Topic

Updated httpd and httpd22 packages that fix one security issue are now
available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise
Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

The Apache HTTP Server is a popular web server.

A flaw was found in the way the Apache HTTP Server handled Range HTTP
headers. A remote attacker could use this flaw to cause the Apache HTTP
Server to use an excessive amount of memory and CPU time via HTTP requests
with a specially-crafted Range header. (CVE-2011-3192)

All users of JBoss Enterprise Web Server 1.0.2 should upgrade to these
updated packages, which contain a backported patch to correct this issue.
After installing the updated packages, Red Hat Enterprise Linux 4 users
must restart the httpd22 service, and Red Hat Enterprise Linux 5 and 6
users must restart the httpd service, for the update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

JBoss Enterprise Web Server 1 for RHEL 6 x86_64
JBoss Enterprise Web Server 1 for RHEL 6 i386
JBoss Enterprise Web Server 1 for RHEL 5 x86_64
JBoss Enterprise Web Server 1 for RHEL 5 i386

Fixes

BZ - 732928 - CVE-2011-3192 httpd: multiple ranges DoS

CVEs

CVE-2011-3192

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Web Server 1 for RHEL 6

SRPM
httpd-2.2.17-13.2.ep5.el6.src.rpm	SHA-256: a4881e402c62aadbb429e617195d7ae61a40e4eff10a2ddea1cf88f2aae1ad66
x86_64
httpd-2.2.17-13.2.ep5.el6.x86_64.rpm	SHA-256: 202393a257cb12ebe544320bfa256fc1727aced6b8ff2e010ec73c5931ccde45
httpd-devel-2.2.17-13.2.ep5.el6.x86_64.rpm	SHA-256: b12a8e682dcf074b83bbcb928c2308fa2c430a3c123da9a48897c75043617622
httpd-manual-2.2.17-13.2.ep5.el6.x86_64.rpm	SHA-256: 8beef2a7d69e7e33ffa8daf7c2a014c8a4ae5ca4ee28e2fc88e9ea3a3ef82f96
httpd-tools-2.2.17-13.2.ep5.el6.x86_64.rpm	SHA-256: 3050d648fe5e34e571beade7f94387a1790f81b6ceaf72a9db5bbfc1322827d9
mod_ssl-2.2.17-13.2.ep5.el6.x86_64.rpm	SHA-256: 46ce40bcfe622359f803b7d3afd1a77ad7bd128c757582dc6aca70e68fe04324
i386
httpd-2.2.17-13.2.ep5.el6.i386.rpm	SHA-256: 2a622387a4192937f011ad8c747f30b9f4aba1bfa9a814f94268bd221ce04bce
httpd-devel-2.2.17-13.2.ep5.el6.i386.rpm	SHA-256: 8a27102ba10ae4ca2558df69c196d2067ae73e874ed9323c76a706e8bb5c85a9
httpd-manual-2.2.17-13.2.ep5.el6.i386.rpm	SHA-256: 50d8a6b9fb84d683de8152ed727720400f55544f806acf755c5e916244d32c8b
httpd-tools-2.2.17-13.2.ep5.el6.i386.rpm	SHA-256: fe0482602307699a1e4fa8c6ef7649ac3ad68ef4dc01d2e0989f446d5422731d
mod_ssl-2.2.17-13.2.ep5.el6.i386.rpm	SHA-256: d682f562f8e07468b0df02a6789eeba5ec489c5f56b06a490d1abfb423f2c543

JBoss Enterprise Web Server 1 for RHEL 5

SRPM
httpd-2.2.17-14.1.ep5.el5.src.rpm	SHA-256: bac3a712d0039b6fb6a9ca8154f67a4a5a17d77e94cd6d51b027c9c15fba15b5
x86_64
httpd-2.2.17-14.1.ep5.el5.x86_64.rpm	SHA-256: 84f3a5dc892ca515b72d9d1f99557c5e30ac5fe01056f3dcd12da3de493c9bac
httpd-devel-2.2.17-14.1.ep5.el5.x86_64.rpm	SHA-256: 50d9d01442bec15e56381b65334f980f48bd4bb402e4bc717ba1ad13f6eb7dbc
httpd-manual-2.2.17-14.1.ep5.el5.x86_64.rpm	SHA-256: a1f0d231bb701d27126e64cfee17e72307f1c308efe4a502f9fc1393e296e291
mod_ssl-2.2.17-14.1.ep5.el5.x86_64.rpm	SHA-256: 759e5cd3e2a047cc7babd3cc06e70ddd8470f874cf2fbbe9e7695a82fb2d2ddb
i386
httpd-2.2.17-14.1.ep5.el5.i386.rpm	SHA-256: 645322ba3d2e351042f4800a2b3e8f3bd46f6b92047550fa0a6324f12a599f64
httpd-devel-2.2.17-14.1.ep5.el5.i386.rpm	SHA-256: c055fa6e52d2e63a1bacec7c2b9464e1324acaa6148af9bfb18d2653978e9521
httpd-manual-2.2.17-14.1.ep5.el5.i386.rpm	SHA-256: 16e29bf2509bf60445dde21ff5c3a46fa2435768a4a3123a60b77d75aec8bee3
mod_ssl-2.2.17-14.1.ep5.el5.i386.rpm	SHA-256: 9215354804ab28b8589cbe2f71c57527b11d3f1bd7d5d4ea67d18513f6b17c97

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories