RHSA-2018:2825 - Security Advisory

Overview
Updated Packages

Synopsis

Important: rh-perl526-mod_perl security update

Type/Severity

Security Advisory: Important

Topic

An update for rh-perl526-mod_perl is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code.

Security Fix(es):

mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.5 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.5 ppc64le
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.4 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.4 ppc64le
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.3 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.3 ppc64le
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
Red Hat Software Collections (for RHEL Server for ARM) 1 aarch64
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

BZ - 1623265 - CVE-2011-2767 mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess

CVEs

CVE-2011-2767

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
x86_64
rh-perl526-mod_perl-2.0.10-10.el7.x86_64.rpm	SHA-256: 5a468c61273f4cd761a7539a19f70d4792c922d040c45db0bdd84c3e71ad2171
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.x86_64.rpm	SHA-256: 91f0a48556a9d059a533c11e859c5d98c077600ba0fed89bd08693a83134789c
rh-perl526-mod_perl-devel-2.0.10-10.el7.x86_64.rpm	SHA-256: a658b1a780e6da8d13c287a61988a74c5b0578ec26fb3c6744fc9d68ab68d97b

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.5

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
s390x
rh-perl526-mod_perl-2.0.10-10.el7.s390x.rpm	SHA-256: 716eaedc189a085717e0a6825e47199f6e4cc40ff6f0a65877d379b64c4cc207
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.s390x.rpm	SHA-256: f72dc3f1dc39d747841ac90d8118e6bee54557bac2192aa87d54a889dc874ba1
rh-perl526-mod_perl-devel-2.0.10-10.el7.s390x.rpm	SHA-256: 23c115f7e8a0cba0b7ec9e4312ab2eda48032342c1507e364cf1f93603adfe4c

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.5

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
ppc64le
rh-perl526-mod_perl-2.0.10-10.el7.ppc64le.rpm	SHA-256: fcecda86869d701ee1598570df4be12fca3ea7bfacef3641796fca0fcf2f8fe6
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.ppc64le.rpm	SHA-256: 8fe7db4267d1527ee7f60b605460ba166adfc495123a9df1596663ad23ac4f6b
rh-perl526-mod_perl-devel-2.0.10-10.el7.ppc64le.rpm	SHA-256: 21040983ed58692276eb46aa5cb85c13e79d610c1a1e0c206cadacf5cead711a

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
x86_64
rh-perl526-mod_perl-2.0.10-10.el7.x86_64.rpm	SHA-256: 5a468c61273f4cd761a7539a19f70d4792c922d040c45db0bdd84c3e71ad2171
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.x86_64.rpm	SHA-256: 91f0a48556a9d059a533c11e859c5d98c077600ba0fed89bd08693a83134789c
rh-perl526-mod_perl-devel-2.0.10-10.el7.x86_64.rpm	SHA-256: a658b1a780e6da8d13c287a61988a74c5b0578ec26fb3c6744fc9d68ab68d97b

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.4

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
s390x
rh-perl526-mod_perl-2.0.10-10.el7.s390x.rpm	SHA-256: 716eaedc189a085717e0a6825e47199f6e4cc40ff6f0a65877d379b64c4cc207
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.s390x.rpm	SHA-256: f72dc3f1dc39d747841ac90d8118e6bee54557bac2192aa87d54a889dc874ba1
rh-perl526-mod_perl-devel-2.0.10-10.el7.s390x.rpm	SHA-256: 23c115f7e8a0cba0b7ec9e4312ab2eda48032342c1507e364cf1f93603adfe4c

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.4

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
ppc64le
rh-perl526-mod_perl-2.0.10-10.el7.ppc64le.rpm	SHA-256: fcecda86869d701ee1598570df4be12fca3ea7bfacef3641796fca0fcf2f8fe6
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.ppc64le.rpm	SHA-256: 8fe7db4267d1527ee7f60b605460ba166adfc495123a9df1596663ad23ac4f6b
rh-perl526-mod_perl-devel-2.0.10-10.el7.ppc64le.rpm	SHA-256: 21040983ed58692276eb46aa5cb85c13e79d610c1a1e0c206cadacf5cead711a

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
x86_64
rh-perl526-mod_perl-2.0.10-10.el7.x86_64.rpm	SHA-256: 5a468c61273f4cd761a7539a19f70d4792c922d040c45db0bdd84c3e71ad2171
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.x86_64.rpm	SHA-256: 91f0a48556a9d059a533c11e859c5d98c077600ba0fed89bd08693a83134789c
rh-perl526-mod_perl-devel-2.0.10-10.el7.x86_64.rpm	SHA-256: a658b1a780e6da8d13c287a61988a74c5b0578ec26fb3c6744fc9d68ab68d97b

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.3

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
s390x
rh-perl526-mod_perl-2.0.10-10.el7.s390x.rpm	SHA-256: 716eaedc189a085717e0a6825e47199f6e4cc40ff6f0a65877d379b64c4cc207
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.s390x.rpm	SHA-256: f72dc3f1dc39d747841ac90d8118e6bee54557bac2192aa87d54a889dc874ba1
rh-perl526-mod_perl-devel-2.0.10-10.el7.s390x.rpm	SHA-256: 23c115f7e8a0cba0b7ec9e4312ab2eda48032342c1507e364cf1f93603adfe4c

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.3

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
ppc64le
rh-perl526-mod_perl-2.0.10-10.el7.ppc64le.rpm	SHA-256: fcecda86869d701ee1598570df4be12fca3ea7bfacef3641796fca0fcf2f8fe6
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.ppc64le.rpm	SHA-256: 8fe7db4267d1527ee7f60b605460ba166adfc495123a9df1596663ad23ac4f6b
rh-perl526-mod_perl-devel-2.0.10-10.el7.ppc64le.rpm	SHA-256: 21040983ed58692276eb46aa5cb85c13e79d610c1a1e0c206cadacf5cead711a

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
x86_64
rh-perl526-mod_perl-2.0.10-10.el7.x86_64.rpm	SHA-256: 5a468c61273f4cd761a7539a19f70d4792c922d040c45db0bdd84c3e71ad2171
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.x86_64.rpm	SHA-256: 91f0a48556a9d059a533c11e859c5d98c077600ba0fed89bd08693a83134789c
rh-perl526-mod_perl-devel-2.0.10-10.el7.x86_64.rpm	SHA-256: a658b1a780e6da8d13c287a61988a74c5b0578ec26fb3c6744fc9d68ab68d97b

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
s390x
rh-perl526-mod_perl-2.0.10-10.el7.s390x.rpm	SHA-256: 716eaedc189a085717e0a6825e47199f6e4cc40ff6f0a65877d379b64c4cc207
rh-perl526-mod_perl-2.0.10-10.el7.s390x.rpm	SHA-256: 716eaedc189a085717e0a6825e47199f6e4cc40ff6f0a65877d379b64c4cc207
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.s390x.rpm	SHA-256: f72dc3f1dc39d747841ac90d8118e6bee54557bac2192aa87d54a889dc874ba1
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.s390x.rpm	SHA-256: f72dc3f1dc39d747841ac90d8118e6bee54557bac2192aa87d54a889dc874ba1
rh-perl526-mod_perl-devel-2.0.10-10.el7.s390x.rpm	SHA-256: 23c115f7e8a0cba0b7ec9e4312ab2eda48032342c1507e364cf1f93603adfe4c
rh-perl526-mod_perl-devel-2.0.10-10.el7.s390x.rpm	SHA-256: 23c115f7e8a0cba0b7ec9e4312ab2eda48032342c1507e364cf1f93603adfe4c

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
ppc64le
rh-perl526-mod_perl-2.0.10-10.el7.ppc64le.rpm	SHA-256: fcecda86869d701ee1598570df4be12fca3ea7bfacef3641796fca0fcf2f8fe6
rh-perl526-mod_perl-2.0.10-10.el7.ppc64le.rpm	SHA-256: fcecda86869d701ee1598570df4be12fca3ea7bfacef3641796fca0fcf2f8fe6
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.ppc64le.rpm	SHA-256: 8fe7db4267d1527ee7f60b605460ba166adfc495123a9df1596663ad23ac4f6b
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.ppc64le.rpm	SHA-256: 8fe7db4267d1527ee7f60b605460ba166adfc495123a9df1596663ad23ac4f6b
rh-perl526-mod_perl-devel-2.0.10-10.el7.ppc64le.rpm	SHA-256: 21040983ed58692276eb46aa5cb85c13e79d610c1a1e0c206cadacf5cead711a
rh-perl526-mod_perl-devel-2.0.10-10.el7.ppc64le.rpm	SHA-256: 21040983ed58692276eb46aa5cb85c13e79d610c1a1e0c206cadacf5cead711a

Red Hat Software Collections (for RHEL Server for ARM) 1

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
aarch64
rh-perl526-mod_perl-2.0.10-10.el7.aarch64.rpm	SHA-256: 2d919fbc7a26f7dacdf8c3c092312c873cd05b6778f23933b4dc685f30b76d4b
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.aarch64.rpm	SHA-256: 0ff47f4598f2a21062affdfd70e89e5b293c936460af3dfeeb8a4839c4b4ebe6
rh-perl526-mod_perl-devel-2.0.10-10.el7.aarch64.rpm	SHA-256: cfa98a1b6cd79bf51a1b18ded3f726725e114b239fb04bf33d8b92942fa9593b

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-perl526-mod_perl-2.0.10-10.el7.src.rpm	SHA-256: 0855fe9d539b3ae69dc8e652fd6eae775bcfac84ef50b4f87d6db5dae89285d2
x86_64
rh-perl526-mod_perl-2.0.10-10.el7.x86_64.rpm	SHA-256: 5a468c61273f4cd761a7539a19f70d4792c922d040c45db0bdd84c3e71ad2171
rh-perl526-mod_perl-debuginfo-2.0.10-10.el7.x86_64.rpm	SHA-256: 91f0a48556a9d059a533c11e859c5d98c077600ba0fed89bd08693a83134789c
rh-perl526-mod_perl-devel-2.0.10-10.el7.x86_64.rpm	SHA-256: a658b1a780e6da8d13c287a61988a74c5b0578ec26fb3c6744fc9d68ab68d97b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.