ID de Prueba:	1.3.6.1.4.1.25623.1.0.64774
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu USN-802-2 (apache2)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to apache2 announced via advisory USN-802-2. Details follow: USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1890) It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption. (CVE-2009-1891) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.8 apache2-mpm-perchild 2.0.55-4ubuntu2.8 apache2-mpm-prefork 2.0.55-4ubuntu2.8 apache2-mpm-worker 2.0.55-4ubuntu2.8 libapr0 2.0.55-4ubuntu2.8 Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.11 apache2-mpm-perchild 2.2.8-1ubuntu0.11 apache2-mpm-prefork 2.2.8-1ubuntu0.11 apache2-mpm-worker 2.2.8-1ubuntu0.11 apache2.2-common 2.2.8-1ubuntu0.11 Ubuntu 8.10: apache2-mpm-event 2.2.9-7ubuntu3.3 apache2-mpm-prefork 2.2.9-7ubuntu3.3 apache2-mpm-worker 2.2.9-7ubuntu3.3 apache2.2-common 2.2.9-7ubuntu3.3 Ubuntu 9.04: apache2-mpm-event 2.2.11-2ubuntu2.3 apache2-mpm-prefork 2.2.11-2ubuntu2.3 apache2-mpm-worker 2.2.11-2ubuntu2.3 apache2.2-common 2.2.11-2ubuntu2.3 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-802-2 CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1891 AIX APAR: PK91361 http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361 AIX APAR: PK99480 http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html Bugtraq: 20091113 rPSA-2009-0142-2 httpd mod_ssl (Google Search) http://www.securityfocus.com/archive/1/507857/100/0/threaded Debian Security Information: DSA-1834 (Google Search) http://www.debian.org/security/2009/dsa-1834 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html http://security.gentoo.org/glsa/glsa-200907-04.xml HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: HPSBUX02612 http://marc.info/?l=bugtraq&m=129190899612998&w=2 HPdes Security Advisory: SSRT090208 HPdes Security Advisory: SSRT100345 http://www.mandriva.com/security/advisories?name=MDVSA-2009:149 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712 http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2 http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://osvdb.org/55782 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248 RedHat Security Advisories: RHSA-2009:1148 https://rhn.redhat.com/errata/RHSA-2009-1148.html http://www.redhat.com/support/errata/RHSA-2009-1156.html http://www.securitytracker.com/id?1022529 http://secunia.com/advisories/35721 http://secunia.com/advisories/35781 http://secunia.com/advisories/35793 http://secunia.com/advisories/35865 http://secunia.com/advisories/37152 http://secunia.com/advisories/37221 SuSE Security Announcement: SUSE-SA:2009:050 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html http://www.ubuntu.com/usn/USN-802-1 http://www.vupen.com/english/advisories/2009/1841 http://www.vupen.com/english/advisories/2009/3184 Common Vulnerability Exposure (CVE) ID: CVE-2009-1890 AIX APAR: PK91259 http://www-01.ibm.com/support/docview.wss?uid=swg1PK91259 BugTraq ID: 35565 http://www.securityfocus.com/bid/35565 Bugtraq: 20091112 rPSA-2009-0142-1 httpd mod_ssl (Google Search) http://www.securityfocus.com/archive/1/507852/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 https://lists.apache.org/thread.html/rb33be0aa9bd8cac9536293e3821dcd4cf8180ad95a8036eedd46365e@%3Cusers.mina.apache.org%3E http://osvdb.org/55553 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12330 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8616 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9403 http://www.securitytracker.com/id?1022509 http://secunia.com/advisories/35691
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.