[apache2 0005142]: Security issues

Mantis Bug Tracker via bug-notifications bug-notifications at lists.opencsw.org
Mon Feb 3 17:06:51 CET 2014


The following issue requires your FEEDBACK. 
====================================================================== 
https://www.opencsw.org/mantis/view.php?id=5142 
====================================================================== 
Reported By:                burger99
Assigned To:                dam
====================================================================== 
Project:                    apache2
Issue ID:                   5142
Category:                   upgrade
Reproducibility:            N/A
Severity:                   minor
Priority:                   normal
Status:                     feedback
====================================================================== 
Date Submitted:             2014-01-20 13:00 CET
Last Modified:              2014-02-03 17:06 CET
====================================================================== 
Summary:                    Security issues
Description: 
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x
before 2.2.25 writes data to a log file without sanitizing non-printable
characters, which might allow remote attackers to execute arbitrary
commands via an HTTP request containing an escape sequence for a terminal
emulator.

Newest version available is 2.2.26
====================================================================== 

---------------------------------------------------------------------- 
 (0010697) dam (administrator) - 2014-02-03 17:06
 https://www.opencsw.org/mantis/view.php?id=5142#c10697 
---------------------------------------------------------------------- 
I made an experimental package which will show up soon here:
http://buildfarm.opencsw.org/experimental.html#apache-2.2.26
Please give it a try and let me know if you are happy with it.



More information about the bug-notifications mailing list