Skip to Content.
Sympa Menu

perfsonar-announce - [perfsonar-announce] Important apache security update

Subject: perfSONAR Announcements

List archive

[perfsonar-announce] Important apache security update


Chronological Thread 
  • From: Andrew Lake <>
  • To: "" <>,
  • Subject: [perfsonar-announce] Important apache security update
  • Date: Wed, 20 Jul 2016 13:03:57 -0700

All,

An important CVE has been announced regarding the Apache web server package and we recommend users update as soon as possible. Details from RedHat, Debian, and Ubuntu can be found below:


It does NOT appear that perfSONAR is directly affected by this issue. The vulnerability affects apache web servers running CGI scripts in certain languages. Perl (which is the language perfSONAR uses in its CGI scripts) does not appear to be affected, but in order to exercise maximum caution we wanted to make people aware of the issue and suggest they update. For languages that are affected, the attacker can set a proxy in the HTTP header of a request and force the host to forward information to remote server of the attackers choosing. 

If you are running auto-updates, you likely already have the fix. Otherwise running “yum update httpd” on CentOS/RedHat or "apt-get update && apt-get upgrade apache2" on Debian/Ubuntu should resolve the issue (no restarts required). Please let us know if you have any questions.

Thank you,
The perfSONAR Development Team



  • [perfsonar-announce] Important apache security update, Andrew Lake, 07/20/2016

Archive powered by MHonArc 2.6.19.

Top of Page