Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 280171

Summary: <www-servers/apache-2.2.12: Multiple vulnerabilities (CVE-2009-1890, CVE-1191, CVE-2009-1891, CVE-2009-1195)
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: hollow
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://httpd.apache.org/security/vulnerabilities_22.html
Whiteboard:
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2009-08-03 12:36:55 UTC 
I didn't see an open security bug for them, apache 2.2.12 (which is already in tree, but ~) contains a couple of minor security-issues.

From http://httpd.apache.org/security/vulnerabilities_22.html:
important: mod_proxy reverse proxy DoS CVE-2009-1890
important: mod_proxy_ajp information disclosure CVE-2009-1191
low: mod_deflate DoS CVE-2009-1891
low: AllowOverride Options handling bypass CVE-2009-1195

The apr-related issues probably don't affect us, cause we're not using the bundled apr/apr-util.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-03 15:36:42 UTC 
We already fixed everything with .11 backports. :)

[17:30:50] <rbubot> a3li: * CVE-2009-1890 has bug 276426
[17:30:59] <rbubot> a3li: * CVE-2009-1191 has bug 268154
[17:31:11] <rbubot> a3li: * CVE-2009-1891 has bug 276792
[17:31:19] <rbubot> a3li: * CVE-2009-1195 has bug 271470

[17:32:50] <rbubot> a3li: * CVE-2009-1955 has bug 272260
[17:32:57] <rbubot> a3li: * CVE-2009-0023 has bug 274193
[17:32:42] <rbubot> a3li: * CVE-2009-1956 has bug 268643