[Bug 811422] Re: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite

Launchpad Bug Tracker 811422 at bugs.launchpad.net
Thu Feb 16 19:36:18 UTC 2012

This bug was fixed in the package apache2 - 2.2.16-1ubuntu3.5

apache2 (2.2.16-1ubuntu3.5) maverick-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
    - CVE-2012-0053
 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>   Tue, 14 Feb 2012 10:11:29 -0500

** Changed in: apache2 (Ubuntu Lucid)
       Status: Confirmed => Fix Released

You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.

  Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer

To manage notifications about this bug go to:

More information about the Ubuntu-server-bugs mailing list