[security-announce] SUSE-SU-2011:1010-1: important: Security update for Apache

SUSE Security Update: Security update for Apache ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:1010-1 Rating: important References: #555098 #661597 #663359 #690734 #713966 Cross-References: CVE-2011-3192 Affected Products: SUSE Linux Enterprise Server 10 SP3 SLE SDK 10 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update fixes a remote denial of service bug (memory exhaustion) in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges. (CVE-2011-3192) It also fixes some non-security bugs: * take LimitRequestFieldsize config option into account when parsing headers from backend. Thereby avoid that the receiving buffers are too small. bnc#690734. * add / when on a directory to feed correctly linked listings. bnc#661597 * a2enmod shalt not disable a module in query mode. bnc#663359 * New option SSLRenegBufferSize fixes "413 Request Entity Too Large occur" problem. * fixes graceful restart hangs, bnc#555098. Security Issue reference: * CVE-2011-3192 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

Indications: Please install this update. Package List: - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64): apache2-2.2.3-16.32.35.1 apache2-devel-2.2.3-16.32.35.1 apache2-doc-2.2.3-16.32.35.1 apache2-example-pages-2.2.3-16.32.35.1 apache2-prefork-2.2.3-16.32.35.1 apache2-worker-2.2.3-16.32.35.1 - SLE SDK 10 SP3 (i586 ia64 ppc s390x x86_64): apache2-2.2.3-16.32.35.1 apache2-devel-2.2.3-16.32.35.1 apache2-doc-2.2.3-16.32.35.1 apache2-example-pages-2.2.3-16.32.35.1 apache2-prefork-2.2.3-16.32.35.1 apache2-worker-2.2.3-16.32.35.1 References: http://support.novell.com/security/cve/CVE-2011-3192.html https://bugzilla.novell.com/555098 https://bugzilla.novell.com/661597 https://bugzilla.novell.com/663359 https://bugzilla.novell.com/690734 https://bugzilla.novell.com/713966 http://download.novell.com/patch/finder/?keywords=c1d4ee926550fcf7502509517b... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org