Solution
Please Install the Updated Packages.
Insight
apache2:
- ECC support was added to mod_ssl
- fix for a race condition in mod_status known as CVE-2014-0226 can lead to information disclosure mod_status is not active by default, and is normally only open for connects from localhost.
- fix for bug known as CVE-2014-0098 that can crash the apache process if a specially designed cookie is sent to the server (log_cookie.c) - fix for crash bug in mod_dav known as CVE-2013-6438 - fix for a problem with non-responsive CGI scripts that would otherwise cause the server to stall and deny service. CVE-2014-0231, new configuration parameter CGIDScriptTimeout defaults to 60s.
apache2-mod_security2:
- specially drafted chunked http requests allow an attacker to bypass filters configured in mod_security2. This vulnerability is known as CVE-2013-5705.
Affected
security on openSUSE 11.4
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-5705, CVE-2013-6438, CVE-2014-0098, CVE-2014-0226, CVE-2014-0231 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities