[Bug 811422] Re: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite
Launchpad Bug Tracker
811422 at bugs.launchpad.net
Thu Feb 16 19:36:18 UTC 2012
This bug was fixed in the package apache2 - 2.2.16-1ubuntu3.5
---------------
apache2 (2.2.16-1ubuntu3.5) maverick-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
directive (LP: #811422)
- debian/patches/215_CVE-2011-3607.dpatch: validate length in
server/util.c.
- CVE-2011-3607
* SECURITY UPDATE: another mod_proxy reverse proxy exposure
- debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
server/protocol.c.
- CVE-2011-4317
* SECURITY UPDATE: denial of service and possible code execution via
type field modification within a scoreboard shared memory segment
- debian/patches/218_CVE-2012-0031.dpatch: check type field in
server/scoreboard.c.
- CVE-2012-0031
* SECURITY UPDATE: cookie disclosure via Bad Request errors
- debian/patches/219_CVE-2012-0053.dpatch: check lengths in
server/protocol.c.
- CVE-2012-0053
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Tue, 14 Feb 2012 10:11:29 -0500
** Changed in: apache2 (Ubuntu Lucid)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/811422
Title:
Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer
overwrite
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422/+subscriptions
More information about the Ubuntu-server-bugs
mailing list