Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3623-1] apache2 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3623-1] apache2 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3623-1] apache2 security update
  • Date: Wed, 20 Jul 2016 08:39:47 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1bPn2h-0004GG-DW AT master.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 20 Jul 2016 08:40:04 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <7P57nKcfxLP.A.kaB.kjzjXB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3623-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 20, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : apache2
CVE ID : CVE-2016-5387

Scott Geary of VendHQ discovered that the Apache HTTPD server used the
value of the Proxy header from HTTP requests to initialize the
HTTP_PROXY environment variable for CGI scripts, which in turn was
incorrectly used by certain HTTP client implementations to configure the
proxy for outgoing HTTP requests. A remote attacker could possibly use
this flaw to redirect HTTP requests performed by a CGI script to an
attacker-controlled proxy via a malicious HTTP request.

For the stable distribution (jessie), this problem has been fixed in
version 2.4.10-10+deb8u5.

We recommend that you upgrade your apache2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXjzUzAAoJEAVMuPMTQ89EUioP+wWzh9kdX1UZM5ATmobng6zu
qL1dAlsjUGf3jPG8M6PP3RSt0Sy/rDcd2L1ktM3PFXwkfrRrvTlZINcCGeUSqs2b
0L7fDZZ36ZUXJr4GC1ohWqvYShG20+aAmSdSLjyhxLPc9k7Cu4GUzIPVJuqJlw4U
66MBgEICyuhNb1NyYp3iunU71j948Fa1VbYoCeT4nA2+AkNOFHeNUwFTqzw3sUJK
7KXKrb0GVTkTt0ox/1iRLUnAouXpm8Z9t0nKsdA1kTH7hsMNGXWwOZZ1NSCstZHG
RWpjW67jjFU7Q/uHvkue2Fe70MXxGmSLOHjd+uUOTDVrvvzev1P+JVZb4QbIjf/x
DHsyuXtIe8GLla+7oSoAx6l9oXc40YJ+ycaE2geNKA1rLKznHaV2xwfa0trnNsK2
ffnxMR1scF6/tk46IlwypTZEADqmSYJqMOTKtWaGUyFMHc8d5Wranvz2kCkvT7o5
gIzPp7kE7ssPEmfkAg6rT0hCb8rUJm8Wy6Ju1pBH9fgw+aWCshnVUlr78z2592sx
XPK9B4J5A9GCUWjq2QQMAEwWEDRt/AIA4ykvWiYBL/TVRYMjCKYr/AEXueQxw5uW
rFtlkjH5hSn56zupDVB9KF9cayvdKPL3BFZjPAGybj7ZpWDS67t91k3Kn/8072QZ
mh8gBTatVkMSIDyYjxn8
=pWeA
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 3623-1] apache2 security update, Salvatore Bonaccorso, 20.07.2016

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang