forked from pool/apache2
update to 2.2.22
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=358
This commit is contained in:
Peter Poeml
committed by
Git OBS Bridge
Git OBS Bridge
parent
120b388e44
commit
61c26886ee
@@ -1,3 +1,49 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Feb 18 16:24:35 UTC 2012 - poeml@cmdline.net
|
||||
|
||||
- update to 2.2.22
|
||||
*) SECURITY: CVE-2011-3368 (cve.mitre.org)
|
||||
Reject requests where the request-URI does not match the HTTP
|
||||
specification, preventing unexpected expansion of target URLs in
|
||||
some reverse proxy configurations.
|
||||
*) SECURITY: CVE-2011-3607 (cve.mitre.org)
|
||||
Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
|
||||
is enabled, could allow local users to gain privileges via a .htaccess
|
||||
file.
|
||||
*) SECURITY: CVE-2011-4317 (cve.mitre.org)
|
||||
Resolve additional cases of URL rewriting with ProxyPassMatch or
|
||||
RewriteRule, where particular request-URIs could result in undesired
|
||||
backend network exposure in some configurations.
|
||||
*) SECURITY: CVE-2012-0021 (cve.mitre.org)
|
||||
mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
|
||||
string is in use and a client sends a nameless, valueless cookie, causing
|
||||
a denial of service. The issue existed since version 2.2.17. PR 52256.
|
||||
*) SECURITY: CVE-2012-0031 (cve.mitre.org)
|
||||
Fix scoreboard issue which could allow an unprivileged child process
|
||||
could cause the parent to crash at shutdown rather than terminate
|
||||
cleanly.
|
||||
*) SECURITY: CVE-2012-0053 (cve.mitre.org)
|
||||
Fix an issue in error responses that could expose "httpOnly" cookies
|
||||
when no custom ErrorDocument is specified for status code 400.
|
||||
*) mod_proxy_ajp: Try to prevent a single long request from marking a worker
|
||||
in error.
|
||||
*) config: Update the default mod_ssl configuration: Disable SSLv2, only
|
||||
allow >= 128bit ciphers, add commented example for speed optimized cipher
|
||||
list, limit MSIE workaround to MSIE <= 5.
|
||||
*) core: Fix segfault in ap_send_interim_response(). PR 52315.
|
||||
*) mod_log_config: Prevent segfault. PR 50861.
|
||||
*) mod_win32: Invert logic for env var UTF-8 fixing.
|
||||
Now we exclude a list of vars which we know for sure they dont hold UTF-8
|
||||
chars; all other vars will be fixed. This has the benefit that now also
|
||||
all vars from 3rd-party modules will be fixed. PR 13029 / 34985.
|
||||
*) core: Fix hook sorting for Perl modules, a regression introduced in
|
||||
2.2.21. PR: 45076.
|
||||
*) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
|
||||
A range of '0-' will now return 206 instead of 200. PR 51878.
|
||||
*) Example configuration: Fix entry for MaxRanges (use "unlimited" instead
|
||||
of "0").
|
||||
*) mod_substitute: Fix buffer overrun.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Feb 11 09:21:15 UTC 2012 - coolo@suse.com
|
||||
|
||||
|
||||
Reference in New Issue
Block a user