apache2: security and bugfixes
apache2 was updated to fix:
- fix for cross site scripting vulnerability in mod_balancer. This is
CVE-2012-4558 [bnc#807152]
- fixes for low profile cross site scripting vulnerabilities,
known as CVE-2012-3499 [bnc#806458]
- Escape filename for the case that uploads are allowed with untrusted
user's control over filenames and mod_negotiation enabled on the
same directory. CVE-2012-2687 [bnc#777260]
And also these bugs:
- httpd-2.2.x-bnc798733-SNI_ignorecase.diff: ignore case when
checking against SNI server names. [bnc#798733]
-
Submitted by
Roman Drahtmueller (draht)
Fixed bugs
bnc#777260
VUL-1: CVE-2012-2687: apache2: mod_negotiation Cross-Site Scripting (XSS)
bnc#806458
VUL-1: CVE-2012-3499: apache2: multiple XSS flaws due to unescaped hostnames
bnc#798733
SSL module does not do the case insensitive URI comparison
bnc#807152
VUL-1: CVE-2012-4558: apache2: XSS in mod_proxy_balancer
