/[advisories]/10097.adv
ViewVC logotype

Contents of /10097.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 54 - (show annotations) (download)
Wed Jun 19 10:11:38 2013 UTC (4 years, 5 months ago) by boklm
File size: 903 byte(s)
MGASA-2013-0174
1 type: security
2 subject: Updated apache packages fix security vulnerabilities
3 CVE:
4 - CVE-2013-1862
5 src:
6 2:
7 core:
8 - apache-2.2.24-1.1.mga2
9 description: |
10 It was found that mod_rewrite did not filter terminal escape sequences from
11 its log file. If mod_rewrite was configured with the RewriteLog directive,
12 a remote attacker could use specially-crafted HTTP requests to inject
13 terminal escape sequences into the mod_rewrite log file. If a victim viewed
14 the log file with a terminal emulator, it could result in arbitrary command
15 execution with the privileges of that user (CVE-2013-1862).
16
17 A buffer overflow when reading digest password file with very long lines in
18 htdigest (PR54893)
19 references:
20 - https://bugs.mageia.org/show_bug.cgi?id=10097
21 - https://issues.apache.org/bugzilla/show_bug.cgi?id=54893
22 - https://rhn.redhat.com/errata/RHSA-2013-0815.html
23
24 ID: MGASA-2013-0174

  ViewVC Help
Powered by ViewVC 1.1.26