advisories/10097.adv

type: security
subject: Updated apache packages fix security vulnerabilities
CVE:
 - CVE-2013-1862
src:
  2:
   core:
     - apache-2.2.24-1.1.mga2
description: |
  It was found that mod_rewrite did not filter terminal escape sequences from
  its log file. If mod_rewrite was configured with the RewriteLog directive,
  a remote attacker could use specially-crafted HTTP requests to inject
  terminal escape sequences into the mod_rewrite log file. If a victim viewed
  the log file with a terminal emulator, it could result in arbitrary command
  execution with the privileges of that user (CVE-2013-1862).

  A buffer overflow when reading digest password file with very long lines in
  htdigest (PR54893)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=10097
 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
 - https://issues.apache.org/bugzilla/show_bug.cgi?id=54893
 - https://rhn.redhat.com/errata/RHSA-2013-0815.html

1	type: security
2	subject: Updated apache packages fix security vulnerabilities
3	CVE:
4	- CVE-2013-1862
5	src:
6	2:
7	core:
8	- apache-2.2.24-1.1.mga2
9	description: \|
10	It was found that mod_rewrite did not filter terminal escape sequences from
11	its log file. If mod_rewrite was configured with the RewriteLog directive,
12	a remote attacker could use specially-crafted HTTP requests to inject
13	terminal escape sequences into the mod_rewrite log file. If a victim viewed
14	the log file with a terminal emulator, it could result in arbitrary command
15	execution with the privileges of that user (CVE-2013-1862).
16
17	A buffer overflow when reading digest password file with very long lines in
18	htdigest (PR54893)
19	references:
20	- https://bugs.mageia.org/show_bug.cgi?id=10097
21	- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
22	- https://issues.apache.org/bugzilla/show_bug.cgi?id=54893
23	- https://rhn.redhat.com/errata/RHSA-2013-0815.html
24