SUSE-SU-2020:14266-1

Опубликовано: 09 янв. 2020

Источник: suse-cvrf

Описание

Security update for apache2-mod_perl

This update for apache2-mod_perl fixes the following issues:

CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account (bsc#1156944).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

apache2-mod_perl-2.0.4-40.63.3.3

SUSE Linux Enterprise Server 11 SP4-LTSS

apache2-mod_perl-2.0.4-40.63.3.3

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-202014266-1/
Link for SUSE-SU-2020:14266-1
https://www.suse.com/support/update/announcement/2020/suse-su-202014266-1.html
E-Mail link for SUSE-SU-2020:14266-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1156944
SUSE Bug 1156944
https://www.suse.com/security/cve/CVE-2011-2767/
SUSE CVE CVE-2011-2767 page

Описание

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.

Затронутые продукты

SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_perl-2.0.4-40.63.3.3

SUSE Linux Enterprise Server 11 SP4-LTSS:apache2-mod_perl-2.0.4-40.63.3.3

Ссылки

https://www.suse.com/security/cve/CVE-2011-2767.html
CVE-2011-2767
https://bugzilla.suse.com/1156944
SUSE Bug 1156944

SUSE-SU-2020:14266-1

Описание

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

SUSE Linux Enterprise Server 11 SP4-LTSS

Ссылки

Уязвимость: CVE-2011-2767

Описание

Затронутые продукты

Ссылки