IBM HTTP Server interim fix for PK91361

Download

Abstract

IBM HTTP Server interim Fix for CVE-2009-0023, CVE-2009-1956, CVE-2009-1955, CVE-2009-1891, CVE-2009-1890 (7.0 only).

Download Description

This interim fix resolves the following:

ERROR DESCRIPTION:
CVE-2009-0023 - Underflow in apr_strmatch_precompile
CVE-2009-1956 - apr_brigade_vprintf off-by-one overflow vulnerability
CVE-2009-1955 - apr_xml_* interface DoS vulnerability
CVE-2009-1891 - mod_deflate DoS vulnerability
CVE-2009-1890 - mod_proxy_http 100% CPU DoS (7.0 versions only)

LOCAL FIX:
None

PROBLEM SUMMARY

USERS AFFECTED:
Users of IBM HTTP Server 6.0.2, 6.1, and 7.0

PROBLEM DESCRIPTION:
Fixes for vulnerabilities.

RECOMMENDATION:
We recommend installing this interim fix on at least 6.0.2.35, 6.1.0.25, 7.0.0.5

Platforms where IBM HTTP Server provides 32-bit binaries on the 64-bit supplement CD should use the corresponding 32-bit fix, even though they would normally require the '64-bit' cumulative fix.

PROBLEM CONCLUSION:
The fixes for all of these will be included in the following releases:
- 7.0.0.7
- 6.1.0.29
- 6.0.2.39

The fixes for CVE-2009-0023, CVE-2009-1956, CVE-2009-1955 only will be in:
- 6.1.0.27
- 6.0.2.37

Prerequisites

None

Installation Instructions

Review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"5744","INURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/readme.txt"}]

Off

          [{"DNLabel":"7.0.0.3 AixPPC32","DNDate":"7/31/2009","DNLang":"US English","DNSize":"356252","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/7.0.0.3-WS-WASIHS-AixPPC32-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.3 HpuxIA64","DNDate":"7/31/2009","DNLang":"US English","DNSize":"1076889","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/7.0.0.3-WS-WASIHS-HpuxIA64-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.3 HpuxPaRISC","DNDate":"7/31/2009","DNLang":"US English","DNSize":"437884","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/7.0.0.3-WS-WASIHS-HpuxPaRISC-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.3 LinuxPPC32","DNDate":"7/31/2009","DNLang":"US English","DNSize":"317154","DNPlat":{"label":"Linux pSeries","code":""},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/7.0.0.3-WS-WASIHS-LinuxPPC32-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.3 LinuxS390","DNDate":"7/31/2009","DNLang":"US English","DNSize":"326832","DNPlat":{"label":"Linux zSeries","code":""},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/7.0.0.3-WS-WASIHS-LinuxS390-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.3 LinuxX32","DNDate":"7/31/2009","DNLang":"US English","DNSize":"294732","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/7.0.0.3-WS-WASIHS-LinuxX32-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.3 SolarisSparc","DNDate":"7/31/2009","DNLang":"US English","DNSize":"606816","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/7.0.0.3-WS-WASIHS-SolarisSparc-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.3 SolarisX64","DNDate":"7/31/2009","DNLang":"US English","DNSize":"315586","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/7.0.0.3-WS-WASIHS-SolarisX64-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"7.0.0.3 WinX32","DNDate":"7/31/2009","DNLang":"US English","DNSize":"1621379","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/7.0.0.3-WS-WASIHS-WinX32-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.23 AixPPC32","DNDate":"7/31/2009","DNLang":"US English","DNSize":"366463","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.1.0.23-WS-WASIHS-AixPPC32-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.23 HpuxIA64","DNDate":"7/31/2009","DNLang":"US English","DNSize":"1175583","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.1.0.23-WS-WASIHS-HpuxIA64-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.23 HpuxPaRISC","DNDate":"7/31/2009","DNLang":"US English","DNSize":"449994","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.1.0.23-WS-WASIHS-HpuxPaRISC-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.23 LinuxPPC32","DNDate":"7/31/2009","DNLang":"US English","DNSize":"336951","DNPlat":{"label":"Linux pSeries","code":""},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.1.0.23-WS-WASIHS-LinuxPPC32-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.23 LinuxS390","DNDate":"7/31/2009","DNLang":"US English","DNSize":"333512","DNPlat":{"label":"Linux zSeries","code":""},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.1.0.23-WS-WASIHS-LinuxS390-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.23 LinuxX32","DNDate":"7/31/2009","DNLang":"US English","DNSize":"307650","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.1.0.23-WS-WASIHS-LinuxX32-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.23 SolarisSparc","DNDate":"7/31/2009","DNLang":"US English","DNSize":"1160006","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.1.0.23-WS-WASIHS-SolarisSparc-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.23 SolarisX64","DNDate":"7/31/2009","DNLang":"US English","DNSize":"330894","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.1.0.23-WS-WASIHS-SolarisX64-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.1.0.23 WinX32","DNDate":"7/31/2009","DNLang":"US English","DNSize":"1174623","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.1.0.23-WS-WASIHS-WinX32-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.0.2.33 AixPPC32","DNDate":"7/31/2009","DNLang":"US English","DNSize":"365508","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.0.2.33-WS-WASIHS-AixPPC32-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.0.2.33 HpuxIA64","DNDate":"7/31/2009","DNLang":"US English","DNSize":"1174585","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.0.2.33-WS-WASIHS-HpuxIA64-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.0.2.33 HpuxPaRISC","DNDate":"7/31/2009","DNLang":"US English","DNSize":"448514","DNPlat":{"label":"HP-UX","code":"PF010"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.0.2.33-WS-WASIHS-HpuxPaRISC-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.0.2.33 LinuxPPC32","DNDate":"7/31/2009","DNLang":"US English","DNSize":"335955","DNPlat":{"label":"Linux pSeries","code":""},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.0.2.33-WS-WASIHS-LinuxPPC32-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.0.2.33 LinuxS390","DNDate":"7/31/2009","DNLang":"US English","DNSize":"332522","DNPlat":{"label":"Linux zSeries","code":""},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.0.2.33-WS-WASIHS-LinuxS390-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.0.2.33 LinuxX32","DNDate":"7/31/2009","DNLang":"US English","DNSize":"306653","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.0.2.33-WS-WASIHS-LinuxX32-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.0.2.33- SolarisSparc","DNDate":"7/31/2009","DNLang":"US English","DNSize":"1159039","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.0.2.33-WS-WASIHS-SolarisSparc-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.0.2.33 SolarisX64","DNDate":"7/31/2009","DNLang":"US English","DNSize":"329895","DNPlat":{"label":"Solaris","code":"PF027"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.0.2.33-WS-WASIHS-SolarisX64-IFPK91361.pak","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.0.2.33 WinX32","DNDate":"7/31/2009","DNLang":"US English","DNSize":"1151675","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/ihs/support/fixes/PK91361/6.0.2.33-WS-WASIHS-WinX32-IFPK91361.pak","DNURL_FTP":" ","DDURL":null}]
          

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the IBM HTTP Server Support Web site (http://www.ibm.com/software/webservers/httpservers/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Base Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.0.0.5;7.0.0.3;6.1.0.25;6.1.0.23;6.0.2.37;6.0.2.35;6.0.2.33","Edition":"Edition Independent","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PK91361

Was this topic helpful?

Document Information

Modified date:
07 September 2022

UID

swg24023947

Tips