Red Hat Product Errata RHSA-2018:2826 - Security Advisory
Issued:
2018-09-27
Updated:
2018-09-27

RHSA-2018:2826 - Security Advisory

Synopsis

Important: rh-perl524-mod_perl security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-perl524-mod_perl is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code.

Security Fix(es):

  • mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64

Fixes

  • BZ - 1623265 - CVE-2011-2767 mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7

SRPM
rh-perl524-mod_perl-2.0.9-10.el7.src.rpm SHA-256: e8e8a58ec74dee9747c47a54374da76abc804449b167ad02de0828e9f48f5fda
x86_64
rh-perl524-mod_perl-2.0.9-10.el7.x86_64.rpm SHA-256: 9b3817135da998871b3237b2565a221230a25c062db7d3ce2536fc420f6683fb
rh-perl524-mod_perl-debuginfo-2.0.9-10.el7.x86_64.rpm SHA-256: d67812909d251cff6205515f951a760843070e29ac4845207dad8ce097abfad5
rh-perl524-mod_perl-devel-2.0.9-10.el7.x86_64.rpm SHA-256: 02a1dc610993ebb26cd6becab05acaa1bf32cab6a900513655dbf142a428dec2

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6

SRPM
rh-perl524-mod_perl-2.0.9-10.el7.src.rpm SHA-256: e8e8a58ec74dee9747c47a54374da76abc804449b167ad02de0828e9f48f5fda
x86_64
rh-perl524-mod_perl-2.0.9-10.el7.x86_64.rpm SHA-256: 9b3817135da998871b3237b2565a221230a25c062db7d3ce2536fc420f6683fb
rh-perl524-mod_perl-debuginfo-2.0.9-10.el7.x86_64.rpm SHA-256: d67812909d251cff6205515f951a760843070e29ac4845207dad8ce097abfad5
rh-perl524-mod_perl-devel-2.0.9-10.el7.x86_64.rpm SHA-256: 02a1dc610993ebb26cd6becab05acaa1bf32cab6a900513655dbf142a428dec2

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5

SRPM
rh-perl524-mod_perl-2.0.9-10.el7.src.rpm SHA-256: e8e8a58ec74dee9747c47a54374da76abc804449b167ad02de0828e9f48f5fda
x86_64
rh-perl524-mod_perl-2.0.9-10.el7.x86_64.rpm SHA-256: 9b3817135da998871b3237b2565a221230a25c062db7d3ce2536fc420f6683fb
rh-perl524-mod_perl-debuginfo-2.0.9-10.el7.x86_64.rpm SHA-256: d67812909d251cff6205515f951a760843070e29ac4845207dad8ce097abfad5
rh-perl524-mod_perl-devel-2.0.9-10.el7.x86_64.rpm SHA-256: 02a1dc610993ebb26cd6becab05acaa1bf32cab6a900513655dbf142a428dec2

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4

SRPM
rh-perl524-mod_perl-2.0.9-10.el7.src.rpm SHA-256: e8e8a58ec74dee9747c47a54374da76abc804449b167ad02de0828e9f48f5fda
x86_64
rh-perl524-mod_perl-2.0.9-10.el7.x86_64.rpm SHA-256: 9b3817135da998871b3237b2565a221230a25c062db7d3ce2536fc420f6683fb
rh-perl524-mod_perl-debuginfo-2.0.9-10.el7.x86_64.rpm SHA-256: d67812909d251cff6205515f951a760843070e29ac4845207dad8ce097abfad5
rh-perl524-mod_perl-devel-2.0.9-10.el7.x86_64.rpm SHA-256: 02a1dc610993ebb26cd6becab05acaa1bf32cab6a900513655dbf142a428dec2

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3

SRPM
rh-perl524-mod_perl-2.0.9-10.el7.src.rpm SHA-256: e8e8a58ec74dee9747c47a54374da76abc804449b167ad02de0828e9f48f5fda
x86_64
rh-perl524-mod_perl-2.0.9-10.el7.x86_64.rpm SHA-256: 9b3817135da998871b3237b2565a221230a25c062db7d3ce2536fc420f6683fb
rh-perl524-mod_perl-debuginfo-2.0.9-10.el7.x86_64.rpm SHA-256: d67812909d251cff6205515f951a760843070e29ac4845207dad8ce097abfad5
rh-perl524-mod_perl-devel-2.0.9-10.el7.x86_64.rpm SHA-256: 02a1dc610993ebb26cd6becab05acaa1bf32cab6a900513655dbf142a428dec2

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-perl524-mod_perl-2.0.9-10.el7.src.rpm SHA-256: e8e8a58ec74dee9747c47a54374da76abc804449b167ad02de0828e9f48f5fda
x86_64
rh-perl524-mod_perl-2.0.9-10.el7.x86_64.rpm SHA-256: 9b3817135da998871b3237b2565a221230a25c062db7d3ce2536fc420f6683fb
rh-perl524-mod_perl-debuginfo-2.0.9-10.el7.x86_64.rpm SHA-256: d67812909d251cff6205515f951a760843070e29ac4845207dad8ce097abfad5
rh-perl524-mod_perl-devel-2.0.9-10.el7.x86_64.rpm SHA-256: 02a1dc610993ebb26cd6becab05acaa1bf32cab6a900513655dbf142a428dec2

Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7

SRPM
rh-perl524-mod_perl-2.0.9-10.el6.src.rpm SHA-256: 5836f413392f1c67e32e98e8390224030d0103941ef2864b77968e07addcc2ca
x86_64
rh-perl524-mod_perl-2.0.9-10.el6.x86_64.rpm SHA-256: 9039ad7e8c53f189f70ac245702d366e18c764b7fde5fae9cafcb91d396324f2
rh-perl524-mod_perl-debuginfo-2.0.9-10.el6.x86_64.rpm SHA-256: 0a9f5305a3bf0cf1d6afae46adbd4bbc59f4ddf2cb6c478d0ac2f857389dbac8
rh-perl524-mod_perl-devel-2.0.9-10.el6.x86_64.rpm SHA-256: 710257a2e7e932aca5c05d70e97037f272834140693d079fb1dd59c0cdcb55ea

Red Hat Software Collections (for RHEL Server) 1 for RHEL 6

SRPM
rh-perl524-mod_perl-2.0.9-10.el6.src.rpm SHA-256: 5836f413392f1c67e32e98e8390224030d0103941ef2864b77968e07addcc2ca
x86_64
rh-perl524-mod_perl-2.0.9-10.el6.x86_64.rpm SHA-256: 9039ad7e8c53f189f70ac245702d366e18c764b7fde5fae9cafcb91d396324f2
rh-perl524-mod_perl-debuginfo-2.0.9-10.el6.x86_64.rpm SHA-256: 0a9f5305a3bf0cf1d6afae46adbd4bbc59f4ddf2cb6c478d0ac2f857389dbac8
rh-perl524-mod_perl-devel-2.0.9-10.el6.x86_64.rpm SHA-256: 710257a2e7e932aca5c05d70e97037f272834140693d079fb1dd59c0cdcb55ea

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-perl524-mod_perl-2.0.9-10.el7.src.rpm SHA-256: e8e8a58ec74dee9747c47a54374da76abc804449b167ad02de0828e9f48f5fda
x86_64
rh-perl524-mod_perl-2.0.9-10.el7.x86_64.rpm SHA-256: 9b3817135da998871b3237b2565a221230a25c062db7d3ce2536fc420f6683fb
rh-perl524-mod_perl-debuginfo-2.0.9-10.el7.x86_64.rpm SHA-256: d67812909d251cff6205515f951a760843070e29ac4845207dad8ce097abfad5
rh-perl524-mod_perl-devel-2.0.9-10.el7.x86_64.rpm SHA-256: 02a1dc610993ebb26cd6becab05acaa1bf32cab6a900513655dbf142a428dec2

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6

SRPM
rh-perl524-mod_perl-2.0.9-10.el6.src.rpm SHA-256: 5836f413392f1c67e32e98e8390224030d0103941ef2864b77968e07addcc2ca
x86_64
rh-perl524-mod_perl-2.0.9-10.el6.x86_64.rpm SHA-256: 9039ad7e8c53f189f70ac245702d366e18c764b7fde5fae9cafcb91d396324f2
rh-perl524-mod_perl-debuginfo-2.0.9-10.el6.x86_64.rpm SHA-256: 0a9f5305a3bf0cf1d6afae46adbd4bbc59f4ddf2cb6c478d0ac2f857389dbac8
rh-perl524-mod_perl-devel-2.0.9-10.el6.x86_64.rpm SHA-256: 710257a2e7e932aca5c05d70e97037f272834140693d079fb1dd59c0cdcb55ea

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.