Updated apache packages fix security vulnerabilitiesPublication date: 26 Jul 2013
Affected Mageia releases : 3
CVE: CVE-2013-1896 , CVE-2013-2249
Updated apache packages fix security vulnerabilities: mod_dav.c in the Apache HTTP Server before 2.4.6 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI (CVE-2013-1896). An unspecified error in Apache HTTP Server within the mod_session_dbd module related to the handling of the dirty flag during saving of the sessions has an unknown impact and remote attack vector (CVE-2013-2249). Also, a minor issue causing httpd to not be restarted when installing or upgrading certain web applications, as well as an issue with the web application configuration files when upgrading from Mageia 2, both due to the moving of web applications configuration files to the /etc/httpd/conf/sites.d directory in Mageia 3, have been corrected.