Summary: | www-servers/apache <2.2.9 CSRF and DoS (CVE-2007-6420,CVE-2008-2364) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Limansky <limanski> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | apache-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.apache.org/dist/httpd/CHANGES_2.2.9 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Limansky
2008-06-15 10:33:19 UTC
*) SECURITY: CVE-2008-2364 (cve.mitre.org) mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem, Joe Orton, Jim Jagielski] *) SECURITY: CVE-2007-6420 (cve.mitre.org) mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager interface. [Joe Orton] Eh, assign... 2.2.9 in cvs, ready for stabilization Arches, please test and mark stable: =www-servers/apache-2.2.9 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release s390 sh sparc x86" ppc stable Stable for HPPA. x86 stable amd64 stable alpha/ia64/sparc stable ppc64 done Fixed in release snapshot. GLSA 200807-06 |