GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Oct 30, 2017 12:26 am Post subject: [ GLSA 201710-32 ] Apache |
 |
|
Gentoo Linux Security Advisory
Title: Apache: Multiple vulnerabilities (GLSA 201710-32)
Severity: normal
Exploitable: remote
Date: 2017-10-29
Bug(s): #622240, #624868, #631308
ID: 201710-32
Synopsis
Multiple vulnerabilities have been found in Apache, the worst of
which may result in the loss of secrets.
Background
The Apache HTTP server is one of the most popular web servers on the
Internet.
Affected Packages
Package: www-servers/apache
Vulnerable: < 2.4.27-r1
Unaffected: >= 2.4.27-r1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Apache. Please review
the referenced CVE identifiers for details.
Impact
The Optionsbleed vulnerability can leak arbitrary memory from the server
process that may contain secrets. Additionally attackers may cause a
Denial of Service condition, bypass authentication, or cause information
loss.
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.27-r1"
|
References
CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679
CVE-2017-9788
CVE-2017-9789
CVE-2017-9798
Last edited by GLSA on Mon Jan 15, 2018 4:16 am; edited 1 time in total |
|
News & Announcements
