Overview

File _patchinfo of Package patchinfo.import5347

<patchinfo incident="apache2" version="5347">
  <issue tracker="bnc" id="713966" />
  <issue tracker="bnc" id="719236" />
  <issue tracker="bnc" id="722545" />
  <issue tracker="CVE" id="CVE-2011-3192" />
  <category>security</category>
  <rating>low</rating>
  <summary>apache2: Fixed several security issues</summary>
  <description>This update fixes several security issues in the Apache
webserver.

The patch for the ByteRange remote denial of service attack
(CVE-2011-3192) was refined and the configuration options
used by upstream were added. Introduce new config option:
Allow MaxRanges Number of ranges requested, if exceeded,
the complete content is served. default: 200 0|unlimited:
unlimited none: Range headers are ignored. This option is a
backport from 2.2.21.

Also fixed: CVE-2011-3348: Denial of service in proxy_ajp
when using a undefined method.

CVE-2011-3368: Exposure of internal servers via reverse
proxy methods with mod_proxy enabled and incorrect Rewrite
or Proxy Rules.
</description>
  <packager>adrianSuSE</packager>
</patchinfo>
openSUSE Build Service is sponsored by
Places