- httpd-2.2.10-CVE-2012-0031.patch:
scoreboard.c might allow local users to cause a denial of service
(daemon crash during shutdown) or possibly have unspecified other
impact by modifying a certain type field within a scoreboard shared
memory segment, leading to an invalid call to the free function.
(upstream r1231058, CVE-2012-0031, bnc#741243)
- httpd-2.2.10-CVE-2012-0053.patch:
protocol.c does not properly restrict header information during
construction of Bad Request (aka 400) error documents, which allows
remote attackers to obtain the values of HTTPOnly cookies via
vectors involving a (1) long or (2) malformed header in conjunction
with crafted web script.
(upstream r1235454, CVE-2012-0053, bnc#743743)
- httpd-2.2.x-bnc738855-CVE-2007-6750-mod_reqtimeout-*
apache2-mod_reqtimeout.conf:
backport mod_reqtimeout module from 2.2.21 to help against slowloris
DoS attack eating up request slots by submitting the request very
slowly
(CVE-2007-6750, bnc#738855)