Updated apache packages fix CVE-2013-1896
Publication date: 26 Jul 2013Modification date: 26 Jul 2013
Type: security
Affected Mageia releases : 2
CVE: CVE-2013-1896
Description
Updated apache packages fix security vulnerability: mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI (CVE-2013-1896).
References
SRPMS
2/core
- apache-2.2.25-1.mga2