English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2009-21
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 14 Jul 2009
 Last revised: 14 Jul 2009

 Package: httpd

 Summary: Two vulnerabilities exist in Apache

 More information:
    Apache is a powerful, full-featured, efficient, and freely-available
    Web server. Apache is also the most popular Web server on the Internet.

    The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module
    in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured,
    does not properly handle an amount of streamed data that exceeds the
    Content-Length value, which allows remote attackers to cause a denial
    of service (CPU consumption) via crafted requests. (CVE-2009-1890)

    The mod_deflate module in Apache httpd 2.2.11 and earlier compresses
    large files until completion even after the associated network connection
    is closed, which allows remote attackers to cause a denial of service (CPU consumption). (CVE-2009-1891)


 Affected Products:
    - Turbolinux Client 2008
    - Turbolinux Appliance Server 3.0 x64 Edition
    - Turbolinux Appliance Server 3.0
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server


 <Turbolinux Client 2008>

   Source Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/httpd-2.2.6-13.src.rpm
      4780085 4c1b58f85493c04a58fa59acbdea36b5

   Binary Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/httpd-2.2.6-13.i586.rpm
      1233333 5047806fa3ef4e435de8f9d3335d10e1
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/httpd-devel-2.2.6-13.i586.rpm
       148954 8183c2644bf132e768aed5be8b4598c3

 <Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   httpd-2.2.6-13.src.rpm
      4789364 66de8dd0c4188d445fe939f39dbf9ad5

   Binary Packages
   Size: MD5

   httpd-2.2.6-13.x86_64.rpm
      1250671 d3cdd4a77a577f618af67e48aca71325
   httpd-manual-2.2.6-13.x86_64.rpm
       859120 e9c7a5c39beaa9e8fd4d0a67085b4710
   httpd-rootsrv-2.2.6-13.x86_64.rpm
       229036 6a9394729487a1300f0220ec87fc9ba9
   mod_ssl-2.2.6-13.x86_64.rpm
        90024 53ae30f66575c251f8933af45aa2b051

 <Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   httpd-2.2.6-13.src.rpm
      4789364 66de8dd0c4188d445fe939f39dbf9ad5

   Binary Packages
   Size: MD5

   httpd-2.2.6-13.i686.rpm
      1176319 6a61f78a5a13e2e76f0e3b891c207e9b
   httpd-manual-2.2.6-13.i686.rpm
       859874 239d6246e7e10965ced00d0fc60790c6
   httpd-rootsrv-2.2.6-13.i686.rpm
       216631 67bfa5cfe5562ce838456ef88580c415
   mod_ssl-2.2.6-13.i686.rpm
        85628 ab3c1de4132ac089c5f1a3fa22fabd32

 <Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/httpd-2.2.6-13.src.rpm
      4789364 66de8dd0c4188d445fe939f39dbf9ad5

   Binary Packages
   Size: MD5

   httpd-2.2.6-13.x86_64.rpm
      1250671 d3cdd4a77a577f618af67e48aca71325
   httpd-devel-2.2.6-13.x86_64.rpm
       153912 3538ff11c0bb049c388d7824b033c899
   httpd-manual-2.2.6-13.x86_64.rpm
       859120 e9c7a5c39beaa9e8fd4d0a67085b4710
   mod_ssl-2.2.6-13.x86_64.rpm
        90024 53ae30f66575c251f8933af45aa2b051

 <Turbolinux 11 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/httpd-2.2.6-13.src.rpm
      4789364 66de8dd0c4188d445fe939f39dbf9ad5

   Binary Packages
   Size: MD5

   httpd-2.2.6-13.i686.rpm
      1176319 6a61f78a5a13e2e76f0e3b891c207e9b
   httpd-devel-2.2.6-13.i686.rpm
       153384 86b3458ff793c1cb0c479e3f90e86b62
   httpd-manual-2.2.6-13.i686.rpm
       859874 239d6246e7e10965ced00d0fc60790c6
   mod_ssl-2.2.6-13.i686.rpm
        85628 ab3c1de4132ac089c5f1a3fa22fabd32


 References:

 CVE
   [CVE-2009-1890]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890
   [CVE-2009-1891]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891

 --------------------------------------------------------------------------
 Revision History
    14 Jul 2009 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2009 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iEYEARECAAYFAkpcGf8ACgkQK0LzjOqIJMz8lwCgq4L6xTE3MYqeTJFA2DTPqoS3
tJUAn34o8xDzrlltwhaTVBDC1rxLuJl/
=30wA
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.