Overview Details Repositories Revisions Requests Users Attributes Meta
update for apache2

- ignore case when checking against SNI server names. [bnc#798733]
httpd-2.2.x-bnc798733-SNI_ignorecase.diff
- better cleanup of busy count after recovering from failure
[bnc#789828] httpd-2.2.x-bnc789828-mod_balancer.diff
- httpd-2.2.x-bnc788121-CVE-2012-4557-mod_proxy_ajp_timeout.diff:
backend timeouts should not affect the entire worker. [bnc#788121]
- httpd-2.2.x-envvars.diff obsoletes httpd-2.0.54-envvars.dif:
Fix for low profile bug CVE-2012-0883 about improper LD_LIBRARY_PATH
handling. [bnc#757710]
- httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff
Escape filename for the case that uploads are allowed with untrusted
user's control over filenames and mod_negotiation enabled on the
same directory. CVE-2012-2687 [bnc#777260]
- httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to
reflect the upstream changes. This will prevent the "Invalid URI in
request OPTIONS *" messages in the error log. [bnc#722545]

Fixed bugs
bnc#788121
CVE-2012-4557: apache2: Denial of Service via special requests (mod_proxy_ajp)
bnc#798733
SSL module does not do the case insensitive URI comparison
bnc#789828
Bybusyness does not balance after failed worker has recovered
bnc#757710
CVE-2012-0883: apache2: insecure LD_LIBRARY_PATH handling
bnc#777260
CVE-2012-2687: apache2: mod_negotiation Cross-Site Scripting (XSS)
bnc#722545
apache2: mod_proxy reverse proxy exposure
CVE-CVE-2011-4317
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches
CVE-CVE-2012-2687
CVE-CVE-2011-3368
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which a
CVE-CVE-2012-0883
CVE-CVE-2012-4557
Selected Binaries
openSUSE Build Service is sponsored by
Places