-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0109

Title: Apache 'mod-rpaf' Module Denial of Service Vulnerability [1]

Version history:
23.08.2012 Initial publication

Summary
================
The Apache 'mod-rpaf' module is prone to a denial-of-service vulnerability.  [1]

Vulnerable systems
==================
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64

Original Details
================
A single request makes Apache segfault. It can eventually kill all Apache processes (they become 
zombies).
There is a bug in version 0.5 of mod_rpaf, but the IPv6 patch that was applied by Debian exposes Apache 
to segfaults under specific  crafted requests. [2]

What can you do?
================
Updates are available. [3,4]

What to tell your users?
========================
N/A

More information
================
[1] http://www.securityfocus.com/bid/55154/discuss
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683984
[3] http://www.apache.org/
[4] http://www.debian.org/security/2012/dsa-2532

Best regards,

CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJQNfubAAoJEPpzpNLI8SVoJvcP/2vlM2T9/kk7RjHhSWSIBr6U
y26XClaOnQJloRlQBdu3AlVJ2OVpotrgTsW4HyPPfGbka+4pMCHavxZhOWNI2/SX
jEUSlja0iVoIz8rpnyNZmHzNqQMvJ93E/iNKqMjheVUu602aIo+lPQV0Xjrb0yPb
6fBPsu/cSnUbIPNeH1Cxrhx3pnpo1R9JoV0XDNh3Tl3KJBGmA4OgadCZxtgmnZNQ
nDoRAyRHKt1SW2MNM47h/P2GWtCzwPF+LeDDLRmLL9f3pHaBIhgDftroknhMmmC+
ApQiuWvBvDfgDqxWEB2/u5fbxoBgj/Gv7ils08UcQiKltGLQ9NUcxmnfC96OGO0h
Q/yU5eTJD+zyT7Y9Laok7z69xJHcWb3vViVsXf9v5sx2FbSMZbs9eUFBH0LK+vEA
RisiRcxmx+SZv/oGv3zeZ9Ff6sQmg7j0m3a+uPB6URNyEZoyhYgYZJwMaxe4Me42
kMWyDcTOwKpjE9If7uEgVdiKJpM3ySr5nw9ha0RzkzJP6lup6GilOw7POpz2EV03
SOEI4+F36hU2N4/iCD2ZsiJcOAg7IGHi+gscGOOXbPx2FuLpWRqlBGoVk2OWl+/A
PGEvOZ6/nkNehSV/NMLG6kbuXdCzyvC2z59+9Q08tKLYWyeBroIoipp2V47S8S+U
QDTW5LBmPfRFAI5Ei7u/
=1fmt
-----END PGP SIGNATURE-----