[Security-team] CVE-2006-3747
Slava Semushin
=?iso-8859-1?q?php-coder_=CE=C1_ngs=2Eru?=
Пт Июл 28 08:04:26 MSD 2006
Здравствуйте!
Увидел, что во FreeBSD патчат Apache и решил форварднуть сюда -- вдруг
кто заинтересован в исправлении, но не в курсе, что такая уязвимость
существует.
На всякий случай также в СС добавил мэйнтейнеров apache и apache2 --
вдруг кто не подписан на эту рассылку ну и чтобы не затерялось письмо.
2mike@: патч для 1.3.36 доступен здесь:
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/www/apache13/files/patch-CVE-2006-3747?rev=1.1&content-type=text/plain
2solo@: во FreeBSD уже 2.0.58. Патч для этой версии доступен здесь:
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/www/apache20/files/patch-secfix-CVE-2006-3747?rev=1.1&content-type=text/plain
----- Forwarded message from Clement Laforet <clement at FreeBSD.org> -----
Subject: cvs commit: ports/www/apache13-modperl Makefile
ports/www/apache13-modperl/files
patch-secfix-CVE-2006-3747 ports/www/apache13-ssl Makefile
ports/www/apache13-ssl/files patch-secfix-CVE-2006-3747 ports/www/apache20
Makefile ports/www/apache20/files patch-secfix-CVE-2006-3747 ...
From: Clement Laforet <clement at FreeBSD.org>
To: ports-committers at FreeBSD.org, cvs-ports at FreeBSD.org,
cvs-all at FreeBSD.org
Cc:
Date: Thu, 27 Jul 2006 20:26:29 +0000 (UTC)
clement 2006-07-27 20:26:29 UTC
FreeBSD ports repository
Modified files:
www/apache13-modperl Makefile
www/apache13-ssl Makefile
www/apache20 Makefile
www/apache21 Makefile
www/apache22 Makefile
Added files:
www/apache13-modperl/files patch-secfix-CVE-2006-3747
www/apache13-ssl/files patch-secfix-CVE-2006-3747
www/apache20/files patch-secfix-CVE-2006-3747
www/apache21/files patch-secfix-CVE-2006-3747
www/apache22/files patch-secfix-CVE-2006-3747
Log:
- Fix security issue in mod_rewrite.
All people using mod_rewrite are strongly encouraged to update.
An off-by-one flaw exists in the Rewrite module, mod_rewrite.
Depending on the manner in which Apache httpd was compiled, this
software defect may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration
files, could be triggered remotely. For vulnerable builds, the nature
of the vulnerability can be denial of service (crashing of web server
processes) or potentially allow arbitrary code execution.
This issue has been rated as having important security impact
by the Apache HTTP Server Security Team
Updates to latest versions will follow soon.
Notified by: so@ (simon)
Obtained from: Apache Security Team
Security: CVE-2006-3747
Revision Changes Path
1.15 +1 -0 ports/www/apache13-modperl/Makefile
1.1 +13 -0 ports/www/apache13-modperl/files/patch-secfix-CVE-2006-3747 (new)
1.119 +1 -1 ports/www/apache13-ssl/Makefile
1.1 +13 -0 ports/www/apache13-ssl/files/patch-secfix-CVE-2006-3747 (new)
1.241 +1 -1 ports/www/apache20/Makefile
1.1 +13 -0 ports/www/apache20/files/patch-secfix-CVE-2006-3747 (new)
1.186 +1 -1 ports/www/apache21/Makefile
1.1 +13 -0 ports/www/apache21/files/patch-secfix-CVE-2006-3747 (new)
1.195 +1 -0 ports/www/apache22/Makefile
1.1 +13 -0 ports/www/apache22/files/patch-secfix-CVE-2006-3747 (new)
_______________________________________________
cvs-ports at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-ports
To unsubscribe, send any mail to "cvs-ports-unsubscribe at freebsd.org"
----- End forwarded message -----
--
+ Slava Semushin | php-coder @ ngs.ru
+ ALT Linux Team | php-coder @ altlinux.ru
+ Expand QA Team | vsemushin @ swsoft.com
Подробная информация о списке рассылки Security-team