| Description: | Summary:
The remote host is missing an update for the 'Apache2' package(s) announced via the SUSE-SU-2013:1381-1 advisory.
Vulnerability Insight:
This collective update for Apache provides the following fixes:
*
Make sure that input that has already arrived on the socket is not discarded during a non-blocking read (read(2)
returns 0 and errno is set to -EAGAIN). (bnc#815621)
*
Close the connection just before an attempted re-negotiation if data has been read with pipelining. This is done by resetting the keepalive status. (bnc#815621)
*
Reset the renegotiation status of a clientserver connection to RENEG_INIT to prevent falsely assumed status.
(bnc#791794)
*
'OPTIONS *' internal requests are intercepted by a dummy filter that kicks in for the OPTIONS method. Apple iPrint uses 'OPTIONS *' to upgrade the connection to TLS/1.0 following RFC 2817. For compatibility, check if an Upgrade request header is present and skip the filter if yes. (bnc#791794)
*
Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. (bnc#829056,
CVE-2013-1896)
*
Client data written to the RewriteLog must have terminal escape sequences escaped. (bnc#829057,
CVE-2013-1862)
Security Issue references:
* CVE-2013-1896
>
* CVE-2013-1862
>
Affected Software/OS:
'Apache2' package(s) on SUSE Linux Enterprise Server 11-SP2, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Software Development Kit 11-SP2, SUSE Linux Enterprise Software Development Kit 11-SP3.
Solution:
Please install the updated package(s).
CVSS Score:
5.1
CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
