Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2013:7409

Overview

Id SUSE-2013:7409
Name Novell SUSE 2013:7409 apache2 security update for SLES 11 SP2 i586
Vendor Name novell
Product None
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 25 Feb 2013 12:00:00

SUSE-2013:7409

Novell SUSE 2013:7409 apache2 security update for SLES 11 SP2 i586

Vendor Name

novell

Product

None

Released On

25 Feb 2013 12:00:00

Url

http://www.novell.com/support/search.do?usemicrosite=true&searchString=faf6f499f41597d750ce0aecd251ed2e

Description

LSAC(v2)
This update fixes the following issues: * CVE-2012-4557: Denial of Service via special requests in mod_proxy_ajp * CVE-2012-0883: improper LD_LIBRARY_PATH handling * CVE-2012-2687: filename escaping problem Additionally, some non-security bugs have been fixed: * ignore case when checking against SNI server names. [bnc#798733] * httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to reflect the upstream changes. This will prevent the "Invalid URI in request OPTIONS *" messages in the error log. [bnc#722545] * new sysconfig variable APACHE_DISABLE_SSL_COMPRESSION; if set to on, OPENSSL_NO_DEFAULT_ZLIB will be inherited to the apache process; openssl will then transparently disable compression. This change affects start script and sysconfig fillup template. Default is on, SSL compression disabled. Please see mod_deflate for compressed transfer at http layer. [bnc#782956] Security Issue references: * CVE-2012-4557 * CVE-2012-2687 * CVE-2012-0883 * CVE-2012-0021

Related Resources

Related Vulnerabilities

CVE-2012-0021   CVE-2012-2687  

Related Patches

Superseded Patches

None


Last Updated: 27 May 2016 11:16:42