SuSE 11.2 / 11.3 Security Update : Apache2 (SAT Patch Numbers 8137 / 8138)
Medium Nessus Plugin ID 69474
SynopsisThe remote SuSE 11 host is missing one or more security updates.
DescriptionThis collective update for Apache provides the following fixes :
- Make sure that input that has already arrived on the socket is not discarded during a non-blocking read (read(2) returns 0 and errno is set to -EAGAIN).
- Close the connection just before an attempted re-negotiation if data has been read with pipelining.
This is done by resetting the keepalive status.
- Reset the renegotiation status of a client<->server connection to RENEG_INIT to prevent falsely assumed status. (bnc#791794)
- 'OPTIONS *' internal requests are intercepted by a dummy filter that kicks in for the OPTIONS method. Apple iPrint uses 'OPTIONS *' to upgrade the connection to TLS/1.0 following RFC 2817. For compatibility, check if an Upgrade request header is present and skip the filter if yes. (bnc#791794)
- Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. (bnc#829056, CVE-2013-1896)
- Client data written to the RewriteLog must have terminal escape sequences escaped. (bnc#829057, CVE-2013-1862)
SolutionApply SAT patch number 8137 / 8138 as appropriate.