[arch-security] [ASA-201707-15] apache: multiple issues

Remi Gacogne rgacogne at archlinux.org
Fri Jul 14 19:26:55 UTC 2017 

Arch Linux Security Advisory ASA-201707-15
==========================================

Severity: Critical
Date    : 2017-07-14
CVE-ID  : CVE-2017-9788 CVE-2017-9789
Package : apache
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-350

Summary
=======

The package apache before version 2.4.27-1 is vulnerable to multiple
issues including arbitrary code execution and information disclosure.

Resolution
==========

Upgrade to 2.4.27-1.

# pacman -Syu "apache>=2.4.27-1"

The problems have been fixed upstream in version 2.4.27.

Workaround
==========

None.

Description
===========

- CVE-2017-9788 (information disclosure)

A security issue has been found in apache's mod_auth_digest <= 2.4.26,
leading to information disclosure or denial of service. The value
placeholder in [Proxy-]Authorization headers of type 'Digest' was not
initialized or reset before or between successive key=value assignments
by mod_auth_digest. Providing an initial key with no '=' assignment
could reflect the stale value of uninitialized pool memory used by the
prior request, leading to leakage of potentially confidential
information, and a segfault.

- CVE-2017-9789 (arbitrary code execution)

A security issue has been found in apache's mod_http2 <= 2.4.26. When
under stress, closing many connections, the HTTP/2 handling code would
sometimes access memory after it has been freed, resulting in
potentially erratic behaviour.

Impact
======

A remote attacker could access sensitive information if mod_auth_digest
is enabled, or be able to execute arbitrary code on the affected host
if mod_http2 is enabled.

References
==========

https://httpd.apache.org/security/vulnerabilities_24.html
https://security.archlinux.org/CVE-2017-9788
https://security.archlinux.org/CVE-2017-9789

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170714/c5030b85/attachment.asc>

More information about the arch-security mailing list