|
|
Subscribe / Log in / New account

Mageia alert MGASA-2013-0174 (apache)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0174: Updated apache packages fix
 security vulnerabilities 


Date:
    	      Wed, 19 Jun 2013 12:11:42 +0200


Message-ID:
    	      <20130619101142.E734641653@valstar.mageia.org>



MGASA-2013-0174 - Updated apache packages fix security vulnerabilities

Publication date: 19 Jun 2013
URL: http://advisories.mageia.org/MGASA-2013-0174.html
Type: security
Affected Mageia releases: 2
CVE: CVE-2013-1862

Description:
It was found that mod_rewrite did not filter terminal escape sequences from
its log file. If mod_rewrite was configured with the RewriteLog directive,
a remote attacker could use specially-crafted HTTP requests to inject
terminal escape sequences into the mod_rewrite log file. If a victim viewed
the log file with a terminal emulator, it could result in arbitrary command
execution with the privileges of that user (CVE-2013-1862).

A buffer overflow when reading digest password file with very long lines in
htdigest (PR54893)

References:
- https://bugs.mageia.org/show_bug.cgi?id=10097
- https://issues.apache.org/bugzilla/show_bug.cgi?id=54893
- https://rhn.redhat.com/errata/RHSA-2013-0815.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862

SRPMS:
- 2/core/apache-2.2.24-1.1.mga2
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds