https://bugzilla.novell.com/show_bug.cgi?id=714306 https://bugzilla.novell.com/show_bug.cgi?id=714306#c0 Summary: Range header DoS vulnerability Apache HTTPD CVE-2011-3192 Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: Apache AssignedTo: bnc-team-apache@forge.provo.novell.com ReportedBy: freespacer@gmx.de QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0 This vulnerability of Apache is public now. We need the patch from the Apache developers to fix the potentially DoS issue of Apache. The patch comes surely very next day. http://www.h-online.com/open/news/item/Tool-causes-Apache-web-server-to-free... http://article.gmane.org/gmane.comp.apache.announce/58 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 We should apply the patch ASAP in - openSUSE 11.3 - openSUSE 11.4 - Apache Repository (http://download.opensuse.org/repositories/Apache) Reproducible: Always Steps to Reproduce: 1. Send an insane range header Actual Results: Out of memory Expected Results: It does not run into an out of memory -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.