Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2009-1075

Опубликовано: 27 мая 2009
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2009-1075: httpd security update (MODERATE)

[2.2.3-22.0.1.el5_3.1]

  • Replace index.html with oracle's index page oracle_index.html
  • Update vstring and distro in specfile

[2.2.3-22.el5_3.1]

  • add security fixes for CVE-2008-1678, CVE-2009-1195 (#499284)

Обновленные пакеты

Oracle Linux 5

Oracle Linux x86_64

httpd

2.2.3-22.0.1.el5_3.1

httpd-devel

2.2.3-22.0.1.el5_3.1

httpd-manual

2.2.3-22.0.1.el5_3.1

mod_ssl

2.2.3-22.0.1.el5_3.1

Oracle Linux i386

httpd

2.2.3-22.0.1.el5_3.1

httpd-devel

2.2.3-22.0.1.el5_3.1

httpd-manual

2.2.3-22.0.1.el5_3.1

mod_ssl

2.2.3-22.0.1.el5_3.1

Связанные CVE

CVE-2008-1678
CVE-2009-1195

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2009-1195

ubuntu
около 16 лет назад

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.

redhat логотип

CVE-2009-1195

redhat
около 16 лет назад

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.

nvd логотип

CVE-2009-1195

nvd
около 16 лет назад

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.

debian логотип

CVE-2009-1195

debian
около 16 лет назад

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not proper ...

ubuntu логотип

CVE-2008-1678

ubuntu
почти 17 лет назад

Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.