From Mageia wiki
MGASA-2012-0231
Date: | August 21st, 2012 |
Affected releases: | 1, 2 |
Description:
Updated apache-mod_authnz_external package fixes security vulnerability:
SQL injection vulnerability in mysql/mysql-auth.pl in the
mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server
allows remote attackers to execute arbitrary SQL commands via the user
field (CVE-2011-2688).
Updated Packages:
Mageia 1:
apache-mod_authnz_external-3.2.5-3.1.mga1
Mageia 2:
apache-mod_authnz_external-3.2.5-5.2.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2688
http://www.debian.org/security/2011/dsa-2279
https://bugs.mageia.org/show_bug.cgi?id=7064