[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2009:124 -- Mandriva apache

ID: oval:org.secpod.oval:def:300637Date: (C)2012-01-07   (M)2017-10-04
Class: PATCHFamily: unix




Multiple vulnerabilities has been found and corrected in apache: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm . Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway . Cross-site scripting vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI . Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring Options Includes, Options +Includes, or Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file . This update provides fixes for these vulnerabilities.

Platform:
Mandriva Linux 2009.0
Mandriva Linux 2009.1
Mandriva Linux 2008.1
Product:
apache
Reference:
MDVSA-2009:124
CVE-2009-1195
CVE-2008-2939
CVE-2008-1678
CVE    3
CVE-2008-1678
CVE-2008-2939
CVE-2009-1195
CPE    8
cpe:/o:mandriva:linux:2008.1
cpe:/o:mandriva:linux:2009.0
cpe:/o:novell:opensuse:10.3
cpe:/o:novell:opensuse:10.2
...

© 2013 SecPod Technologies