/[advisories]/10097.adv
ViewVC logotype

Annotation of /10097.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 54 - (hide annotations) (download)
Wed Jun 19 10:11:38 2013 UTC (7 years, 7 months ago) by boklm
File size: 903 byte(s)
MGASA-2013-0174
1 davidwhodgins 45 type: security
2     subject: Updated apache packages fix security vulnerabilities
3     CVE:
4     - CVE-2013-1862
5     src:
6     2:
7     core:
8     - apache-2.2.24-1.1.mga2
9     description: |
10     It was found that mod_rewrite did not filter terminal escape sequences from
11     its log file. If mod_rewrite was configured with the RewriteLog directive,
12     a remote attacker could use specially-crafted HTTP requests to inject
13     terminal escape sequences into the mod_rewrite log file. If a victim viewed
14     the log file with a terminal emulator, it could result in arbitrary command
15     execution with the privileges of that user (CVE-2013-1862).
16    
17     A buffer overflow when reading digest password file with very long lines in
18     htdigest (PR54893)
19     references:
20     - https://bugs.mageia.org/show_bug.cgi?id=10097
21     - https://issues.apache.org/bugzilla/show_bug.cgi?id=54893
22     - https://rhn.redhat.com/errata/RHSA-2013-0815.html
23    
24 boklm 54 ID: MGASA-2013-0174

  ViewVC Help
Powered by ViewVC 1.1.28