Overview

File _patchinfo of Package patchinfo.import5520

<patchinfo incident="apache2" version="5520">
  <issue tracker="bnc" id="722545" />
  <issue tracker="bnc" id="729181" />
  <issue tracker="CVE" id="CVE-2011-3368" />
  <issue tracker="CVE" id="CVE-2011-4317" />
  <issue tracker="CVE" id="CVE-2011-3607" />
  <category>security</category>
  <rating>low</rating>
  <summary>apache2 security update</summary>
  <description>This update fixes several security issues in the Apache2
webserver.

CVE-2011-3368, CVE-2011-4317: This update also includes
several fixes for a mod_proxy reverse exposure via
RewriteRule or ProxyPassMatch directives.

CVE-2011-3607: Integer overflow in ap_pregsub function
resulting in a heap based buffer overflow could potentially
allow local attackers to gain privileges

In addition to that the following changes were made: 

- new template file:
  /etc/apache2/vhosts.d/vhost-ssl.template allow TLSv1
  only, browser match stuff commented out.
- rc script /etc/init.d/apache2: handle reload with deleted
  binaries by message to stdout only, but refrain from
  sending signals.
</description>
  <packager>adrianSuSE</packager>
</patchinfo>
openSUSE Build Service is sponsored by
Places