apache2: several vulnerabilities (CVE-2015-3183, CVE-2015-3185)
The chunked transfer coding implementation in the Apache HTTP Server
before
2.4.14 does not properly parse chunk headers, which allows remote
attackers
to conduct HTTP request smuggling attacks via a crafted request, related
to
mishandling of large chunk-size values and invalid chunk-extension
characters in modules/http/http_filters.c.
Apache HTTP Server 2.4.16 release fixes the following issue:
*) SECURITY: CVE-2015-3183 (cve.mitre.org)
core: Fix chunk header parsing defect.
Remove apr_brigade_flatten(), buffering and duplicated code from
the HTTP_IN filter, parse chunks in a single pass with zero copy.
Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
authorized characters.
Apache HTTP Server 2.4.16 release fixes the following issue:
*) SECURITY: CVE-2015-3185 (cve.mitre.org)
Replacement of ap_some_auth_required (unusable in Apache httpd 2.4)
with new ap_some_authn_required and ap_force_authn hook.
References:
http://httpd.apache.org/security/vulnerabilities\_24.html\#2.4.16
https://www.apache.org/dist/httpd/Announcement2.4.txt
https://www.apache.org/dist/httpd/CHANGES\_2.4.16
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-3185
https://security-tracker.debian.org/tracker/CVE-2015-3183
Upstream commits:
https://svn.apache.org/viewvc?view=revision&revision=1684525
(from redmine: issue id 4722, created on 2015-10-02, closed on 2015-10-16)
- Relations:
- blocks #4728 (closed)
- child #4723 (closed)
- child #4724 (closed)
- child #4725 (closed)
- child #4726 (closed)
- Changesets:
- Revision b785b5f3 by Natanael Copa on 2015-10-15T09:23:32Z:
main/apache2: security upgrade to 2.4.16 (CVE-2015-3183,CVE-2015-3185)
ref #4722
fixes #4723
- Revision db992fcd by Natanael Copa on 2015-10-15T09:34:05Z:
main/apache2: security upgrade to 2.4.16 (CVE-2015-3183,CVE-2015-3185)
ref #4722
fixes #4724
- Revision b1db3455 by Natanael Copa on 2015-10-15T09:37:00Z:
main/apache2: security upgrade to 2.4.16 (CVE-2015-3183,CVE-2015-3185)
ref #4722
fixes #4725
- Revision 7a5b508e by Natanael Copa on 2015-10-15T11:02:40Z:
main/apache2: security upgrade to 2.4.16 (CVE-2015-3183,CVE-2015-3185)
ref #4722
fixes #4726