/[advisories]/10097.adv
ViewVC logotype

Annotation of /10097.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 45 - (hide annotations) (download)
Wed Jun 19 00:05:15 2013 UTC (7 years, 6 months ago) by davidwhodgins
File size: 957 byte(s)
Add advisory for bug 10097
1 davidwhodgins 45 type: security
2     subject: Updated apache packages fix security vulnerabilities
3     CVE:
4     - CVE-2013-1862
5     - PR54893
6     src:
7     2:
8     core:
9     - apache-2.2.24-1.1.mga2
10     description: |
11     It was found that mod_rewrite did not filter terminal escape sequences from
12     its log file. If mod_rewrite was configured with the RewriteLog directive,
13     a remote attacker could use specially-crafted HTTP requests to inject
14     terminal escape sequences into the mod_rewrite log file. If a victim viewed
15     the log file with a terminal emulator, it could result in arbitrary command
16     execution with the privileges of that user (CVE-2013-1862).
17    
18     A buffer overflow when reading digest password file with very long lines in
19     htdigest (PR54893)
20     references:
21     - https://bugs.mageia.org/show_bug.cgi?id=10097
22     - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
23     - https://issues.apache.org/bugzilla/show_bug.cgi?id=54893
24     - https://rhn.redhat.com/errata/RHSA-2013-0815.html
25    

  ViewVC Help
Powered by ViewVC 1.1.28