DSA-2989-1 apache2 -- apache2ID: oval:org.secpod.oval:def:601725 | Date: (C)2014-08-01 (M)2024-02-19 |
Class: PATCH | Family: unix |
Several security issues were found in the Apache HTTP server. CVE-2014-0118 The DEFLATE input filter in mod_deflate allows remote attackers to cause a denial of service via crafted request data that decompresses to a much larger size. CVE-2014-0226 A race condition was found in mod_status. An attacker able to access a public server status page on a server could send carefully crafted requests which could lead to a heap buffer overflow, causing denial of service, disclosure of sensitive information, or potentially the execution of arbitrary code. CVE-2014-0231 A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service.