SUSE-SU-2013:0387-1: Security update for apache2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Mar 4 14:04:24 MST 2013
SUSE Security Update: Security update for apache2
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:0387-1
Rating: low
References: #722545 #757710 #777260
Cross-References: CVE-2012-0883 CVE-2012-2687
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update fixes the following security issues with
apache2 httpd:
* Improper LD_LIBRARY_PATH handling (CVE-2012-0883
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
> )
* Filename escaping problem (CVE-2012-2687
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
> )
Additionally, some non-security bugs have been fixed as
enumerated in the changelog of the RPM.
Indications:
Everyone using apache2 httpd should update.
Package List:
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
apache2-2.2.3-16.46.1
apache2-devel-2.2.3-16.46.1
apache2-doc-2.2.3-16.46.1
apache2-example-pages-2.2.3-16.46.1
apache2-prefork-2.2.3-16.46.1
apache2-worker-2.2.3-16.46.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
apache2-2.2.3-16.46.1
apache2-devel-2.2.3-16.46.1
apache2-doc-2.2.3-16.46.1
apache2-example-pages-2.2.3-16.46.1
apache2-prefork-2.2.3-16.46.1
apache2-worker-2.2.3-16.46.1
References:
http://support.novell.com/security/cve/CVE-2012-0883.html
http://support.novell.com/security/cve/CVE-2012-2687.html
https://bugzilla.novell.com/722545
https://bugzilla.novell.com/757710
https://bugzilla.novell.com/777260
http://download.novell.com/patch/finder/?keywords=f43eb058005728c7f0f35af643e86652
More information about the sle-security-updates
mailing list