Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 280171 - <www-servers/apache-2.2.12: Multiple vulnerabilities (CVE-2009-1890, CVE-1191, CVE-2009-1891, CVE-2009-1195)
Summary: <www-servers/apache-2.2.12: Multiple vulnerabilities (CVE-2009-1890, CVE-1191...
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://httpd.apache.org/security/vuln...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-03 12:36 UTC by Hanno Böck
Modified: 2009-08-03 15:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2009-08-03 12:36:55 UTC 
I didn't see an open security bug for them, apache 2.2.12 (which is already in tree, but ~) contains a couple of minor security-issues.

From http://httpd.apache.org/security/vulnerabilities_22.html:
important: mod_proxy reverse proxy DoS CVE-2009-1890
important: mod_proxy_ajp information disclosure CVE-2009-1191
low: mod_deflate DoS CVE-2009-1891
low: AllowOverride Options handling bypass CVE-2009-1195

The apr-related issues probably don't affect us, cause we're not using the bundled apr/apr-util.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-03 15:36:42 UTC 
We already fixed everything with .11 backports. :)

[17:30:50] <rbubot> a3li: * CVE-2009-1890 has bug 276426
[17:30:59] <rbubot> a3li: * CVE-2009-1191 has bug 268154
[17:31:11] <rbubot> a3li: * CVE-2009-1891 has bug 276792
[17:31:19] <rbubot> a3li: * CVE-2009-1195 has bug 271470

[17:32:50] <rbubot> a3li: * CVE-2009-1955 has bug 272260
[17:32:57] <rbubot> a3li: * CVE-2009-0023 has bug 274193
[17:32:42] <rbubot> a3li: * CVE-2009-1956 has bug 268643