Advisories ยป MGASA-2013-0174

Updated apache packages fix security vulnerabilities

Publication date: 19 Jun 2013
Type: security
Affected Mageia releases : 2
CVE: CVE-2013-1862


It was found that mod_rewrite did not filter terminal escape sequences from
its log file. If mod_rewrite was configured with the RewriteLog directive,
a remote attacker could use specially-crafted HTTP requests to inject
terminal escape sequences into the mod_rewrite log file. If a victim viewed
the log file with a terminal emulator, it could result in arbitrary command
execution with the privileges of that user (CVE-2013-1862).

A buffer overflow when reading digest password file with very long lines in
htdigest (PR54893)