Security release needed for 2.0

Fri, 09 Sep 2005 02:22:28 -0700 

We've a few security issues fixed recently that haven't made it out into 
releases from the ASF, but have made it out into releases from the various 
OS vendors.  One issue is "important" severity, and public now for 10 
days.

I don't watch this list much, are there other things holding up a release?  
If so we ought to consider doing a 2.0.55 with just fixes for these issues
over 2.0.54:

CAN-2005-2700 important: SSLVerifyClient bypass

        A flaw in the mod_ssl handling of the "SSLVerifyClient"  
        directive. This flaw would occur if a virtual host has been
        configured using "SSLVerifyClient optional" and further a
        directive "SSLVerifyClient required" is set for a specific
        location.  For servers configured in this fashion, an attacker may
        be able to access resources that should otherwise be protected, by
        not supplying a client certificate when connecting.
        public=20050830
        [*** needs committing]

CAN-2005-2728 moderate: Byterange filter DoS

        A flaw in the byterange filter would cause some responses to be
        buffered into memory. If a server has a dynamic resource such as a
        CGI script or PHP script which generates a large amount of data,
        an attacker could send carefully crafted requests in order to
        consume resources, potentially leading to a Denial of Service.
        public=20050707
        [committed]

CAN-2005-2088 moderate: HTTP Request Spoofing

        A flaw occured when using the Apache server as a HTTP proxy. A
        remote attacker could send a HTTP request with both a
        "Transfer-Encoding:  chunked" header and a Content-Length header,
        causing Apache to incorrectly handle and forward the body of the
        request in a way that causes the receiving server to process it as
        a separate HTTP request.  This could allow the bypass of web
        application firewall protection or lead to cross-site scripting
        (XSS) attacks.
        public=20050611
        [committed]

CAN-2005-1268 low: Malicious CRL off-by-one

        An off-by-one stack overflow was discovered in the mod_ssl CRL
        verification callback. In order to exploit this issue the Apache
        server would need to be configured to use a malicious certificate
        revocation list (CRL)
        public=200506085~
        [committed]

CAN-2005-2491 low: PCRE overflow

        An integer overflow flaw was found in PCRE, a Perl-compatible
        regular expression library included within httpd.  A local user
        who has the ability to create .htaccess files could create a
        maliciously crafted regular expression in such as way that they
        could gain the privileges of a httpd child.
        public=20050801
        [*** needs committing]

Reply via email to