Advisories ยป MGASA-2013-0230

Updated apache packages fix CVE-2013-1896

Publication date: 26 Jul 2013
Modification date: 26 Jul 2013
Type: security
Affected Mageia releases : 2
CVE: CVE-2013-1896

Description

Updated apache packages fix security vulnerability:

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly
determine whether DAV is enabled for a URI, which allows remote
attackers to cause a denial of service (segmentation fault) via a
MERGE request in which the URI is configured for handling by the
mod_dav_svn module, but a certain href attribute in XML data refers
to a non-DAV URI (CVE-2013-1896).
                

References

SRPMS

2/core