| Summary: | <www-servers/apache-2.4.2: insecure handling of LD_LIBRARY_PATH (CVE-2012-0883) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | CC: | apache-bugs |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
*** This bug has been marked as a duplicate of bug 412481 *** |
apache 2.4.2 is a security bump, from upstream Changelog: *) SECURITY: (cve.mitre.org) envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the current working directory to be searched for DSOs. [Stefan Fritsch] As we currently only have masked 2.4.*-versions in tree, this requires probably no handling by the security-team / no GLSA, but still it should be bumped.