openSUSE-SU-2012:0314-1 -- Suse apache2ID: oval:org.secpod.oval:def:400422 | Date: (C)2012-12-31 (M)2022-09-15 |
Class: PATCH | Family: unix |
This update of apache2 fixes regressions and several security problems: bnc#728876, fix graceful reload bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption by child causes crash of privileged parent during shutdown. bnc#743743, CVE-2012-0053: Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400". bnc#738855, CVE-2007-6750: The "mod_reqtimeout" module was backported from Apache 2.2.21 to help mitigate the "Slowloris" Denial of Service attack. You need to enable the "mod_reqtimeout" module in your existing apache configuration to make it effective, e.g. in the APACHE_MODULES line in /etc/sysconfig/apache2.