It was found in httpd that mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. References: https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3Cdev.httpd.apache.org%3E External References: https://httpd.apache.org/security/vulnerabilities_24.html https://httpd.apache.org/security/vulnerabilities_22.html
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 1463208]
Upstream commit: 2.4: https://github.com/apache/httpd/commit/398f3ddeb1ceb8ba710eadf7036a36a41e0e769a 2.2: https://github.com/apache/httpd/commit/0b97b9f7438e3f3444a3eaf320eb545d39059f46
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2478
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2479
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:2483
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Extended Update Support Via RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3193
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Via RHSA-2017:3195 https://access.redhat.com/errata/RHSA-2017:3195
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Extended Update Support Via RHSA-2017:3194 https://access.redhat.com/errata/RHSA-2017:3194
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2017:3475 https://access.redhat.com/errata/RHSA-2017:3475
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 Via RHSA-2017:3476 https://access.redhat.com/errata/RHSA-2017:3476
This issue has been addressed in the following products: JBoss Core Services on RHEL 6 Via RHSA-2017:3477 https://access.redhat.com/errata/RHSA-2017:3477
This vulnerability is out of security support scope for the following product: * Red Hat Enterprise Application Platform 5 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.