[apache2 0005142]: Security issues
Mantis Bug Tracker via bug-notifications
bug-notifications at lists.opencsw.org
Mon Feb 3 17:06:51 CET 2014
The following issue requires your FEEDBACK.
======================================================================
https://www.opencsw.org/mantis/view.php?id=5142
======================================================================
Reported By: burger99
Assigned To: dam
======================================================================
Project: apache2
Issue ID: 5142
Category: upgrade
Reproducibility: N/A
Severity: minor
Priority: normal
Status: feedback
======================================================================
Date Submitted: 2014-01-20 13:00 CET
Last Modified: 2014-02-03 17:06 CET
======================================================================
Summary: Security issues
Description:
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x
before 2.2.25 writes data to a log file without sanitizing non-printable
characters, which might allow remote attackers to execute arbitrary
commands via an HTTP request containing an escape sequence for a terminal
emulator.
Newest version available is 2.2.26
======================================================================
----------------------------------------------------------------------
(0010697) dam (administrator) - 2014-02-03 17:06
https://www.opencsw.org/mantis/view.php?id=5142#c10697
----------------------------------------------------------------------
I made an experimental package which will show up soon here:
http://buildfarm.opencsw.org/experimental.html#apache-2.2.26
Please give it a try and let me know if you are happy with it.
More information about the bug-notifications
mailing list