SUSE-SU-2013:0648-2: moderate: Security update for Apache

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon May 27 09:05:18 MDT 2013 

   SUSE Security Update: Security update for Apache
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0648-2
Rating:             moderate
References:         #806458 #807152 
Cross-References:   CVE-2012-3499 CVE-2012-4558
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:


   Apache2 has been updated to fix multiple security issues:

   This update fixes the following issues:

   *

   CVE-2012-4558: Multiple cross-site scripting (XSS)
   vulnerabilities in the balancer_handler function in the
   manager interface in mod_proxy_balancer.c in the
   mod_proxy_balancer module in the Apache HTTP Server
   potentially allowed remote attackers to inject arbitrary
   web script or HTML via a crafted string.

   *

   CVE-2012-3499: Multiple cross-site scripting (XSS)
   vulnerabilities in the Apache HTTP Server allowed remote
   attackers to inject arbitrary web script or HTML via
   vectors involving hostnames and URIs in the (1)
   mod_imagemap, (2) mod_info, (3) mod_ldap, (4)
   mod_proxy_ftp, and (5) mod_status modules.

   Security Issue references:

   * CVE-2012-3499
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
   >
   * CVE-2012-4558
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
   >



Package List:

   - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):

      apache2-2.2.3-16.32.47.1
      apache2-devel-2.2.3-16.32.47.1
      apache2-doc-2.2.3-16.32.47.1
      apache2-example-pages-2.2.3-16.32.47.1
      apache2-prefork-2.2.3-16.32.47.1
      apache2-worker-2.2.3-16.32.47.1


References:

   http://support.novell.com/security/cve/CVE-2012-3499.html
   http://support.novell.com/security/cve/CVE-2012-4558.html
   https://bugzilla.novell.com/806458
   https://bugzilla.novell.com/807152
   http://download.novell.com/patch/finder/?keywords=db2ce8dd6eaaf22f8adf423716a58826

More information about the sle-security-updates mailing list