LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

apache: multiple vulnerabilities

Package(s):apache CVE #(s):CVE-2008-1678 CVE-2008-2364 CVE-2007-6420
Created:July 10, 2008 Updated:March 2, 2010
Description: The Apache has three vulnerabilities. From the Gentoo alert:

Dustin Kirkland reported that the mod_ssl module can leak memory when the client reports support for a compression algorithm (CVE-2008-1678).

Ryujiro Shibuya reported that the ap_proxy_http_process_response() function in the mod_proxy module does not limit the number of forwarded interim responses (CVE-2008-2364).

sp3x of SecurityReason reported a Cross-Site Request Forgery vulnerability in the balancer-manager in the mod_proxy_balancer module (CVE-2007-6420).

Alerts:
Mandriva MDVSA-2010:022 2010-01-21
Mandriva MDVSA-2009:323 2009-12-07
Slackware SSA:2010-060-02 2010-03-02
Mandriva MDVSA-2009:124-1 2009-07-08
Mandriva MDVSA-2009:124 2009-05-31
CentOS CESA-2009:1075 2009-05-28
Red Hat RHSA-2009:1075-01 2009-05-27
SuSE SUSE-SR:2009:007 2009-03-24
Ubuntu USN-731-1 2009-03-10
Red Hat RHSA-2008:0966-02 2008-12-04
Mandriva MDVSA-2008:237 2008-12-04
rPath rPSA-2008-0328-1 2008-11-22
CentOS CESA-2008:0967 2008-11-11
Red Hat RHSA-2008:0967-01 2008-11-11
SuSE SUSE-SR:2008:024 2008-11-07
Mandriva MDVSA-2008:195 2007-09-13
Fedora FEDORA-2008-6393 2008-08-07
Fedora FEDORA-2008-6314 2008-08-07
rPath rPSA-2008-0236-1 2008-07-28
Gentoo 200807-06 2008-07-09
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds