apache2 2.2.16-6+squeeze7 source package in Debian
Changelog
apache2 (2.2.16-6+squeeze7) squeeze-security; urgency=high
* CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
hosts' config files.
If scripting modules like mod_php or mod_rivet are enabled on systems
where either 1) some frontend server forwards connections to an apache2
backend server on the localhost address, or 2) the machine running
apache2 is also used for web browsing, this could allow a remote
attacker to execute example scripts stored under /usr/share/doc.
Depending on the installed packages, this could lead to issues like cross
site scripting, code execution, or leakage of sensitive data.
-- Stefan Fritsch <email address hidden> Sun, 01 Apr 2012 00:20:48 +0200
Upload details
- Uploaded by:
- Debian Apache Maintainers
- Uploaded to:
- Squeeze
- Original maintainer:
- Debian Apache Maintainers
- Architectures:
- any
- Section:
- httpd
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache2_2.2.16-6+squeeze7.dsc | 1.8 KiB | f336d36a9590bbb3bf9a2bed6d9406c7aa49cdad6b573b0325c5624ad790f350 |
| apache2_2.2.16.orig.tar.gz | 6.1 MiB | 72cdbaf0525b4c956532b308a0344ca7c287eb12759472481ae4affca71b6ed3 |
| apache2_2.2.16-6+squeeze7.diff.gz | 215.6 KiB | e99dee01ce7af4fb2a01c250a81076ebc83b6932edbbcae807fbd8dd4c964cdc |
No changes file available.
