Mailinglist Archive: opensuse-updates (99 mails)

< Previous Next >
openSUSE-SU-2013:0248-1: moderate: update for apache2
openSUSE Security Update: update for apache2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0248-1
Rating: moderate
References:
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

- ignore case when checking against SNI server names.
[bnc#798733] httpd-2.2.x-bnc798733-SNI_ignorecase.diff
- better cleanup of busy count after recovering from
failure [bnc#789828]
httpd-2.2.x-bnc789828-mod_balancer.diff
-
httpd-2.2.x-bnc788121-CVE-2012-4557-mod_proxy_ajp_timeout.di
ff: backend timeouts should not affect the entire worker.
[bnc#788121]
- httpd-2.2.x-envvars.diff obsoletes
httpd-2.0.54-envvars.dif: Fix for low profile bug
CVE-2012-0883 about improper LD_LIBRARY_PATH handling.
[bnc#757710]
-
httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename
_xss.diff Escape filename for the case that uploads are
allowed with untrusted user's control over filenames and
mod_negotiation enabled on the same directory.
CVE-2012-2687 [bnc#777260]
- httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff
reworked to reflect the upstream changes. This will
prevent the "Invalid URI in request OPTIONS *" messages
in the error log. [bnc#722545]

- /etc/init.d/apache2: new argument "check-reload". Exits 1
if httpd2 runs on deleted binaries such as after package
update, else 0. This is used by equally modified
/etc/logrotate.d/apache2, which uses "/etc/init.d/apache2
check-reload" in its prerotate script. These changes
prevent httpd2 from being (gracefully) reloaded by
logrotate, executed by cron, if new binaries have been
installed. Instead, a warning is printed on stdout and is
being logged to the syslogs. If this happens, apache's
logs are NOT rotated, and the running processes are left
untouched. This limits the maximum damage of log rotation
to unrotated logs. "/etc/init.d/apache2 restart" (or
"rcapache2 restart") must be executed manually in such a
case. [bnc#728876]


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2013-17

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64):

apache2-2.2.17-4.64.1
apache2-debuginfo-2.2.17-4.64.1
apache2-debugsource-2.2.17-4.64.1
apache2-devel-2.2.17-4.64.1
apache2-event-2.2.17-4.64.1
apache2-event-debuginfo-2.2.17-4.64.1
apache2-example-certificates-2.2.17-4.64.1
apache2-example-pages-2.2.17-4.64.1
apache2-itk-2.2.17-4.64.1
apache2-itk-debuginfo-2.2.17-4.64.1
apache2-prefork-2.2.17-4.64.1
apache2-prefork-debuginfo-2.2.17-4.64.1
apache2-utils-2.2.17-4.64.1
apache2-utils-debuginfo-2.2.17-4.64.1
apache2-worker-2.2.17-4.64.1
apache2-worker-debuginfo-2.2.17-4.64.1

- openSUSE 11.4 (noarch):

apache2-doc-2.2.17-4.64.1


References:



< Previous Next >
This Thread
  • No further messages