MGASA-2012-0280
| Date: | October 6th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated apache packages fix security vulnerabilities:
Insecure handling of LD_LIBRARY_PATH was found that could lead to
the current working directory to be searched for DSOs. This could
allow a local user to execute code as root if an administrator runs
apachectl from an untrusted directory (CVE-2012-0883).
Possible XSS for sites which use mod_negotiation and allow untrusted
uploads to locations which have MultiViews enabled (CVE-2012-2687).
Updated Packages:
Mageia 1:
apache-base-2.2.23-1.mga1
apache-conf-2.2.23-1.mga1
apache-devel-2.2.23-1.mga1
apache-doc-2.2.23-1.mga1
apache-htcacheclean-2.2.23-1.mga1
apache-mod_authn_dbd-2.2.23-1.mga1
apache-mod_cache-2.2.23-1.mga1
apache-mod_dav-2.2.23-1.mga1
apache-mod_dbd-2.2.23-1.mga1
apache-mod_deflate-2.2.23-1.mga1
apache-mod_disk_cache-2.2.23-1.mga1
apache-mod_file_cache-2.2.23-1.mga1
apache-mod_ldap-2.2.23-1.mga1
apache-mod_mem_cache-2.2.23-1.mga1
apache-mod_proxy-2.2.23-1.mga1
apache-mod_proxy_ajp-2.2.23-1.mga1
apache-mod_proxy_scgi-2.2.23-1.mga1
apache-mod_reqtimeout-2.2.23-1.mga1
apache-mod_ssl-2.2.23-1.mga1
apache-mod_suexec-2.2.23-1.mga1
apache-modules-2.2.23-1.mga1
apache-mod_userdir-2.2.23-1.mga1
apache-mpm-event-2.2.23-1.mga1
apache-mpm-itk-2.2.23-1.mga1
apache-mpm-peruser-2.2.23-1.mga1
apache-mpm-prefork-2.2.23-1.mga1
apache-mpm-worker-2.2.23-1.mga1
apache-source-2.2.23-1.mga1
Mageia 2:
apache-2.2.23-1.mga2
apache-devel-2.2.23-1.mga2
apache-doc-2.2.23-1.mga2
apache-htcacheclean-2.2.23-1.mga2
apache-mod_authn_dbd-2.2.23-1.mga2
apache-mod_cache-2.2.23-1.mga2
apache-mod_dav-2.2.23-1.mga2
apache-mod_dbd-2.2.23-1.mga2
apache-mod_deflate-2.2.23-1.mga2
apache-mod_disk_cache-2.2.23-1.mga2
apache-mod_file_cache-2.2.23-1.mga2
apache-mod_ldap-2.2.23-1.mga2
apache-mod_mem_cache-2.2.23-1.mga2
apache-mod_proxy-2.2.23-1.mga2
apache-mod_proxy_ajp-2.2.23-1.mga2
apache-mod_proxy_scgi-2.2.23-1.mga2
apache-mod_reqtimeout-2.2.23-1.mga2
apache-mod_ssl-2.2.23-1.mga2
apache-mod_suexec-2.2.23-1.mga2
apache-mod_userdir-2.2.23-1.mga2
apache-mpm-event-2.2.23-1.mga2
apache-mpm-itk-2.2.23-1.mga2
apache-mpm-peruser-2.2.23-1.mga2
apache-mpm-prefork-2.2.23-1.mga2
apache-mpm-worker-2.2.23-1.mga2
apache-source-2.2.23-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
http://httpd.apache.org/dev/dist/Announcement2.2.html
http://www.apache.org/dist/httpd/CHANGES_2.2.23
http://httpd.apache.org/security/vulnerabilities_22.html
http://www.mandriva.com/en/support/security/advisories/?dis=mes5&name=MDVSA-2012:154
https://bugs.mageia.org/show_bug.cgi?id=7316
