/[advisories]/10097.adv
ViewVC logotype

Contents of /10097.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 45 - (show annotations) (download)
Wed Jun 19 00:05:15 2013 UTC (7 years, 6 months ago) by davidwhodgins
File size: 957 byte(s)
Add advisory for bug 10097
1 type: security
2 subject: Updated apache packages fix security vulnerabilities
3 CVE:
4 - CVE-2013-1862
5 - PR54893
6 src:
7 2:
8 core:
9 - apache-2.2.24-1.1.mga2
10 description: |
11 It was found that mod_rewrite did not filter terminal escape sequences from
12 its log file. If mod_rewrite was configured with the RewriteLog directive,
13 a remote attacker could use specially-crafted HTTP requests to inject
14 terminal escape sequences into the mod_rewrite log file. If a victim viewed
15 the log file with a terminal emulator, it could result in arbitrary command
16 execution with the privileges of that user (CVE-2013-1862).
17
18 A buffer overflow when reading digest password file with very long lines in
19 htdigest (PR54893)
20 references:
21 - https://bugs.mageia.org/show_bug.cgi?id=10097
22 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
23 - https://issues.apache.org/bugzilla/show_bug.cgi?id=54893
24 - https://rhn.redhat.com/errata/RHSA-2013-0815.html
25

  ViewVC Help
Powered by ViewVC 1.1.28