Red Hat Product Errata RHSA-2015:1855 - Security Advisory

Issued:: 2015-10-01
Updated:: 2015-10-01

RHSA-2015:1855 - Security Advisory

Overview
Updated Packages

Synopsis

Low: mod_proxy_fcgi security update

Type/Severity

Security Advisory: Low

Topic

An updated mod_proxy_fcgi package that fixes one security issue is now
available for Red Hat Ceph Storage 1.2 for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

Red Hat Ceph Storage is a massively scalable, open, software-defined
storage platform that combines the most stable version of the Ceph storage
system with a Ceph management platform, deployment tools, and support
services.

The mod_proxy_fcgi package provides a proxy module for the Apache 2.2 HTTP
server.

A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers()
function. A malicious FastCGI server that httpd is configured to connect to
could send a carefully crafted response that would cause an httpd child
process handling the request to crash. (CVE-2014-3583)

All mod_proxy_fcgi users are advised to upgrade to this updated package,
which corrects this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 x86_64

Fixes

BZ - 1163555 - CVE-2014-3583 httpd: mod_proxy_fcgi handle_headers() buffer over read

CVEs

CVE-2014-3583

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
mod_proxy_fcgi-2.4.10-5.20150415gitd45a11f.el6cp.src.rpm	SHA-256: 24c260ebfe3f5ac86e4553cb73c4758b6e683438ab3644510a6e19fa1fdea627
x86_64
mod_proxy_fcgi-2.4.10-5.20150415gitd45a11f.el6cp.x86_64.rpm	SHA-256: dfe554d2137e9b4a0d5f5dde1edb83d9efdd42d886b661eeacc9714b2bb559e9
mod_proxy_fcgi-debuginfo-2.4.10-5.20150415gitd45a11f.el6cp.x86_64.rpm	SHA-256: 77620a7684eafca04fc4442656c60717822af632703464c1d421d1f81a1082fb

Red Hat Enterprise Linux Server from RHUI 6

SRPM
mod_proxy_fcgi-2.4.10-5.20150415gitd45a11f.el6cp.src.rpm	SHA-256: 24c260ebfe3f5ac86e4553cb73c4758b6e683438ab3644510a6e19fa1fdea627
x86_64
mod_proxy_fcgi-2.4.10-5.20150415gitd45a11f.el6cp.x86_64.rpm	SHA-256: dfe554d2137e9b4a0d5f5dde1edb83d9efdd42d886b661eeacc9714b2bb559e9
mod_proxy_fcgi-debuginfo-2.4.10-5.20150415gitd45a11f.el6cp.x86_64.rpm	SHA-256: 77620a7684eafca04fc4442656c60717822af632703464c1d421d1f81a1082fb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories