~ubuntu-branches/ubuntu/intrepid/apache2/intrepid-security

Viewing all changes in revision 43.

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2009-11-12 14:02:27 UTC
  • Revision ID: james.westby@ubuntu.com-20091112140227-bfmuca9ay2tabtlm
Tags: 2.2.9-7ubuntu3.5
* SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
  Partial fix for CVE-2009-3555. Configurations requiring renegotiation
  of per-directory/location access controls are still affected until
  OpenSSL is updated.
  - debian/patches/904_CVE-2009-3555.dpatch: disable all client
    renegotiations
  - CVE-2009-3555
* SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
  - debian/patches/905-CVE-2009-3094.dpatch: fix NULL pointer dereference
    in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
    in EPSV response parser
  - CVE-2009-3094
* SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
  configured as a reverse proxy
  - debian/patches/906-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
    in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
    special characters.
  - CVE-2009-3095

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: