IBM Support

IBM HTTP Server interim fix for PK91361

Downloadable files


Abstract

IBM HTTP Server interim Fix for CVE-2009-0023, CVE-2009-1956, CVE-2009-1955, CVE-2009-1891, CVE-2009-1890 (7.0 only).

Download Description

This interim fix resolves the following:

ERROR DESCRIPTION:
CVE-2009-0023 - Underflow in apr_strmatch_precompile
CVE-2009-1956 - apr_brigade_vprintf off-by-one overflow vulnerability
CVE-2009-1955 - apr_xml_* interface DoS vulnerability
CVE-2009-1891 - mod_deflate DoS vulnerability
CVE-2009-1890 - mod_proxy_http 100% CPU DoS (7.0 versions only)

LOCAL FIX:
None

PROBLEM SUMMARY

USERS AFFECTED:
Users of IBM HTTP Server 6.0.2, 6.1, and 7.0

PROBLEM DESCRIPTION:
Fixes for vulnerabilities.

RECOMMENDATION:
We recommend installing this interim fix on at least 6.0.2.35, 6.1.0.25, 7.0.0.5

Platforms where IBM HTTP Server provides 32-bit binaries on the 64-bit supplement CD should use the corresponding 32-bit fix, even though they would normally require the '64-bit' cumulative fix.

PROBLEM CONCLUSION:
The fixes for all of these will be included in the following releases:
- 7.0.0.7
- 6.1.0.29
- 6.0.2.39

The fixes for CVE-2009-0023, CVE-2009-1956, CVE-2009-1955 only will be in:
- 6.1.0.27
- 6.0.2.37

Prerequisites

None

Installation Instructions

Review the readme.txt for detailed installation instructions.

URL LANGUAGE SIZE(Bytes)
Readme US English 5744

Download package


Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
7.0.0.3 AixPPC32 7/31/2009 US English 356252 FTP
7.0.0.3 HpuxIA64 7/31/2009 US English 1076889 FTP
7.0.0.3 HpuxPaRISC 7/31/2009 US English 437884 FTP
7.0.0.3 LinuxPPC32 7/31/2009 US English 317154 FTP
7.0.0.3 LinuxS390 7/31/2009 US English 326832 FTP
7.0.0.3 LinuxX32 7/31/2009 US English 294732 FTP
7.0.0.3 SolarisSparc 7/31/2009 US English 606816 FTP
7.0.0.3 SolarisX64 7/31/2009 US English 315586 FTP
7.0.0.3 WinX32 7/31/2009 US English 1621379 FTP
6.1.0.23 AixPPC32 7/31/2009 US English 366463 FTP
6.1.0.23 HpuxIA64 7/31/2009 US English 1175583 FTP
6.1.0.23 HpuxPaRISC 7/31/2009 US English 449994 FTP
6.1.0.23 LinuxPPC32 7/31/2009 US English 336951 FTP
6.1.0.23 LinuxS390 7/31/2009 US English 333512 FTP
6.1.0.23 LinuxX32 7/31/2009 US English 307650 FTP
6.1.0.23 SolarisSparc 7/31/2009 US English 1160006 FTP
6.1.0.23 SolarisX64 7/31/2009 US English 330894 FTP
6.1.0.23 WinX32 7/31/2009 US English 1174623 FTP
6.0.2.33 AixPPC32 7/31/2009 US English 365508 FTP
6.0.2.33 HpuxIA64 7/31/2009 US English 1174585 FTP
6.0.2.33 HpuxPaRISC 7/31/2009 US English 448514 FTP
6.0.2.33 LinuxPPC32 7/31/2009 US English 335955 FTP
6.0.2.33 LinuxS390 7/31/2009 US English 332522 FTP
6.0.2.33 LinuxX32 7/31/2009 US English 306653 FTP
6.0.2.33- SolarisSparc 7/31/2009 US English 1159039 FTP
6.0.2.33 SolarisX64 7/31/2009 US English 329895 FTP
6.0.2.33 WinX32 7/31/2009 US English 1151675 FTP

Technical support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the IBM HTTP Server Support Web site (http://www.ibm.com/software/webservers/httpservers/support/), or contact 1-800-IBM-SERV (U.S. only).

Problems (APARS) fixed
PK91361

Document information

More support for: IBM HTTP Server
Base Server

Software version: 6.0.2.33, 6.0.2.35, 6.0.2.37, 6.1.0.23, 6.1.0.25, 7.0.0.3, 7.0.0.5

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Software edition: Edition Independent

Reference #: 4023947

Modified date: 08 September 2009


Translate this page: