MGASA-2013-0231
- Source
- https://advisories.mageia.org/MGASA-2013-0231.html
- Import Source
- https://advisories.mageia.org/MGASA-2013-0231.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2013-0231
- Related
- Published
- 2013-07-26T11:36:22Z
- Modified
- 2013-07-26T11:36:17Z
- Summary
- Updated apache packages fix security vulnerabilities
- Details
-
Updated apache packages fix security vulnerabilities:
moddav.c in the Apache HTTP Server before 2.4.6 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the moddav_svn module, but a certain href attribute in XML data refers to a non-DAV URI (CVE-2013-1896).
An unspecified error in Apache HTTP Server within the modsessiondbd module related to the handling of the dirty flag during saving of the sessions has an unknown impact and remote attack vector (CVE-2013-2249).
Also, a minor issue causing httpd to not be restarted when installing or upgrading certain web applications, as well as an issue with the web application configuration files when upgrading from Mageia 2, both due to the moving of web applications configuration files to the /etc/httpd/conf/sites.d directory in Mageia 3, have been corrected.
- References
-
- https://advisories.mageia.org/MGASA-2013-0231.html
- http://www.apache.org/dist/httpd/CHANGES_2.4
- http://xforce.iss.net/xforce/xfdb/85871
- http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:193/
- https://bugs.mageia.org/show_bug.cgi?id=10178
- https://bugs.mageia.org/show_bug.cgi?id=10275
- https://bugs.mageia.org/show_bug.cgi?id=10756
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:3 / apache
Package
- Name
- apache
- Purl
- pkg:rpm/mageia/apache?distro=mageia-3