[Technik] [SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities

[Noèl Köthe]

Am Montag, den 04.09.2006, 16:08 +0100 schrieb Steve Kemp:

> Debian Security Advisory DSA 1167-1                    security at debian.org
> http://www.debian.org/security/                                 Steve Kemp
> September 4th, 2005                     http://www.debian.org/security/faq
> 
> Package        : apache
> Vulnerability  : missing input sanitising 
> Problem-Type   : remote
> Debian-specific: no 
> CVE ID         : CVE-2006-3918 CVE-2005-3352
> Debian Bug     : 381381 343466

apache auf pima, pomo, yuma, cusa, h01, h02, h03, wasco und cupa
aktualisiert. Leider gab es beim Updaten wegen der benötigten restartes
minutenlange Ausfälle. Dafür möchten wir uns entschuldigen.

> For the stable distribution (sarge) these problems have been fixed in
> version 1.3.33-6sarge3.

changelog:
apache (1.3.33-6sarge3) stable-security; urgency=high

  * Non-maintainer upload by The Security Team.
  * Added 910_expect_header_xss_CVE-2006-391 to fix a potential XSS issue
    affecting the use of the Expect header. [CVE-2006-391]
  * Added 911_mod_imap_xss-CVE-2005-3352 to fix a potential XSS issue when
    using Referer headers in mod_imap.  [CVE02005-3352]

 -- Steve Kemp <skx at debian.org>  Sun,  27 Aug 2006 17:29:42 +0000


-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20060906/8c17c5ee/attachment.pgp