Hello community, here is the log from the commit of package apache2 for openSUSE:Factory checked in at 2015-05-16 20:07:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache2 (Old) and /work/SRC/openSUSE:Factory/.apache2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "apache2" Changes: -------- --- /work/SRC/openSUSE:Factory/apache2/apache2.changes 2015-05-06 11:18:11.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.apache2.new/apache2.changes 2015-05-16 20:07:24.000000000 +0200 @@ -1,0 +2,8 @@ +Mon May 11 13:34:40 UTC 2015 - hguo@suse.com + +- add httpd-2.4.12-CVE-2015-0253.patch to fix SECURITY: CVE-2015-0253 + (cve.mitre.org) core: Fix a crash introduced in with ErrorDocument + 400 pointing to a local URL-path with the INCLUDES filter active, + introduced in 2.4.11. PR 57531. [Yann Ylavic] + +------------------------------------------------------------------- New: ---- httpd-2.4.12-CVE-2015-0253.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2.spec ++++++ --- /var/tmp/diff_new_pack.Z7zxBu/_old 2015-05-16 20:07:25.000000000 +0200 +++ /var/tmp/diff_new_pack.Z7zxBu/_new 2015-05-16 20:07:25.000000000 +0200 @@ -126,6 +126,7 @@ Patch111: httpd-visibility.patch # PATCH-FIX-UPSTREAM bnc#918352 kstreitova@suse.com -- fix mod_lua - maliciously crafted websockets PING after a script calls r:wsupgrade() can cause a child process crash Patch112: httpd-2.4.x-mod_lua_websocket_DoS.patch +Patch113: httpd-2.4.12-CVE-2015-0253.patch BuildRequires: automake BuildRequires: db-devel BuildRequires: ed @@ -309,6 +310,7 @@ %endif %patch111 -p1 %patch112 -p1 +%patch113 -p3 cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE # install READMEs a=$(basename %{SOURCE22}) ++++++ httpd-2.4.12-CVE-2015-0253.patch ++++++ SECURITY: CVE-2015-0253 (cve.mitre.org) core: Fix a crash introduced in with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in 2.4.11. PR 57531. [Yann Ylavic] --- httpd/httpd/trunk/server/protocol.c 2015/03/05 02:31:42 1664204 +++ httpd/httpd/trunk/server/protocol.c 2015/03/05 02:33:16 1664205 @@ -606,8 +606,6 @@ */ if (APR_STATUS_IS_ENOSPC(rv)) { r->status = HTTP_REQUEST_URI_TOO_LARGE; - r->proto_num = HTTP_VERSION(1,0); - r->protocol = apr_pstrdup(r->pool, "HTTP/1.0"); } else if (APR_STATUS_IS_TIMEUP(rv)) { r->status = HTTP_REQUEST_TIME_OUT; @@ -615,6 +613,8 @@ else if (APR_STATUS_IS_EINVAL(rv)) { r->status = HTTP_BAD_REQUEST; } + r->proto_num = HTTP_VERSION(1,0); + r->protocol = apr_pstrdup(r->pool, "HTTP/1.0"); return 0; } } while ((len <= 0) && (++num_blank_lines < max_blank_lines));