GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Oct 06, 2016 5:26 pm Post subject: [ GLSA 201610-02 ] Apache |
 |
|
Gentoo Linux Security Advisory
Title: Apache: Multiple vulnerabilities (GLSA 201610-02)
Severity: normal
Exploitable: remote
Date: October 06, 2016
Updated: October 13, 2016
Bug(s): #524680, #536684, #554948, #557198, #583276, #588138
ID: 201610-02
Synopsis
Multiple vulnerabilities have been found in Apache, the worst of
which could allow HTTP request smuggling attacks or a Denial of Service
condition.
Background
Apache HTTP Server is one of the most popular web servers on the
Internet.
Affected Packages
Package: www-servers/apache
Vulnerable: < 2.4.23
Unaffected: >= 2.2.31 < 2.2.32
Unaffected: >= 2.4.23
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Apache HTTP Server.
Please review the CVE identifiers referenced below for details.
Impact
Remote attackers could bypass intended access restrictions, conduct HTTP
request smuggling attacks, or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.23"
|
References
CVE-2014-3581
CVE-2015-3183
CVE-2016-1546
CVE-2016-4979
Last edited by GLSA on Fri Oct 14, 2016 4:17 am; edited 1 time in total |
|
News & Announcements
