/[advisories]/10097.adv
ViewVC logotype

Contents of /10097.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 51 - (show annotations) (download)
Wed Jun 19 10:02:47 2013 UTC (7 years, 7 months ago) by boklm
File size: 946 byte(s)
10097: remove CVE which is not a CVE
1 type: security
2 subject: Updated apache packages fix security vulnerabilities
3 CVE:
4 - CVE-2013-1862
5 src:
6 2:
7 core:
8 - apache-2.2.24-1.1.mga2
9 description: |
10 It was found that mod_rewrite did not filter terminal escape sequences from
11 its log file. If mod_rewrite was configured with the RewriteLog directive,
12 a remote attacker could use specially-crafted HTTP requests to inject
13 terminal escape sequences into the mod_rewrite log file. If a victim viewed
14 the log file with a terminal emulator, it could result in arbitrary command
15 execution with the privileges of that user (CVE-2013-1862).
16
17 A buffer overflow when reading digest password file with very long lines in
18 htdigest (PR54893)
19 references:
20 - https://bugs.mageia.org/show_bug.cgi?id=10097
21 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
22 - https://issues.apache.org/bugzilla/show_bug.cgi?id=54893
23 - https://rhn.redhat.com/errata/RHSA-2013-0815.html
24

  ViewVC Help
Powered by ViewVC 1.1.28