SuSE 11.1 Security Update : Apache (SAT Patch Number 5090)
High Nessus Plugin ID 57088
The remote SuSE 11 host is missing one or more security updates.
This update fixes a remote denial of service bug (memory exhaustion) in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges. (CVE-2011-3192) It also fixes a issue in mod_dav, where the (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x allowed remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452) Also following bugs were fixed : - recommend the default MPM (prefork) via Recommends: in .spec - apache not sending error 304 if mod_deflate is enabled. - take LimitRequestFieldsize config option into account when parsing headers from backend.