|| ||email@example.com |
|| ||firstname.lastname@example.org |
|| ||openSUSE-SU-2013:0248-1: moderate: update for apache2 |
|| ||Tue, 5 Feb 2013 19:04:36 +0100 (CET)|
|| ||Article, Thread
openSUSE Security Update: update for apache2
Announcement ID: openSUSE-SU-2013:0248-1
An update that contains security fixes can now be installed.
- ignore case when checking against SNI server names.
- better cleanup of busy count after recovering from
ff: backend timeouts should not affect the entire worker.
- httpd-2.2.x-envvars.diff obsoletes
httpd-2.0.54-envvars.dif: Fix for low profile bug
CVE-2012-0883 about improper LD_LIBRARY_PATH handling.
_xss.diff Escape filename for the case that uploads are
allowed with untrusted user's control over filenames and
mod_negotiation enabled on the same directory.
reworked to reflect the upstream changes. This will
prevent the "Invalid URI in request OPTIONS *" messages
in the error log. [bnc#722545]
- /etc/init.d/apache2: new argument "check-reload". Exits 1
if httpd2 runs on deleted binaries such as after package
update, else 0. This is used by equally modified
/etc/logrotate.d/apache2, which uses "/etc/init.d/apache2
check-reload" in its prerotate script. These changes
prevent httpd2 from being (gracefully) reloaded by
logrotate, executed by cron, if new binaries have been
installed. Instead, a warning is printed on stdout and is
being logged to the syslogs. If this happens, apache's
logs are NOT rotated, and the running processes are left
untouched. This limits the maximum damage of log rotation
to unrotated logs. "/etc/init.d/apache2 restart" (or
"rcapache2 restart") must be executed manually in such a
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch 2013-17
To bring your system up-to-date, use "zypper patch".
- openSUSE 11.4 (i586 x86_64):
- openSUSE 11.4 (noarch):
to post comments)