Overview Details Repositories Revisions Requests Users Attributes Meta
update for apache2

This apache2 update fixes the following security issues:

- fix for crash in mod_proxy processing specially crafted requests with
reverse proxy configurations that results in a crash and a DoS
condition for the server. CVE-2014-0117
- new config option CGIDScriptTimeout set to 60s in new file
conf.d/cgid-timeout.conf, preventing worker processes hanging forever
if a cgi launched from them has stopped reading input from the server
(DoS). CVE-2014-0231
- Fix for a NULL pointer dereference in mod_cache that causes a crash in
caching forwarding configurations, resulting in a DoS condition.
CVE-2013-4352
- fix for crash in parsing cookie content, resulting in a DoS against
the server CVE-2014-0098
- fix for mod_status race condition in scoreboard handling and
consecutive heap overflow and information disclosure if access to
mod_status is granted to a potential attacker. CVE-2014-0226
- fix for improper handling of whitespace characters from CDATA sections
to mod_dav, leading to a crash and a DoS condition of the apache
server process CVE-2013-6438

Fixed bugs
CVE-CVE-2013-6438
CVE-CVE-2014-0098
CVE-CVE-2014-0226
CVE-CVE-2014-0231
CVE-CVE-2013-4352
CVE-CVE-2014-0117
bnc#869105
VUL-1: CVE-2013-6438: apache2: mod_dav denial of service
bnc#869106
VUL-1: CVE-2014-0098: apache2: log_cookie mod_log_config.c remote denial of service
bnc#887765
VUL-0: CVE-2014-0226: apache2: mod_status heap-based buffer overflow
bnc#887768
VUL-0: CVE-2014-0231: apache2: mod_cgid denial of service
bnc#887771
VUL-0: CVE-2013-4352: apache2: mod_cache crash
bnc#887767
VUL-0: CVE-2014-0117: apache2: mod_proxy denial of service
Selected Binaries
openSUSE Build Service is sponsored by
Places