Advisories ยป MGASA-2015-0099

Updated apache packages fix CVE-2015-0228

Publication date: 06 Mar 2015
Modification date: 06 Mar 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0228

Description

Updated apache packages fix security vulnerability:

In the mod_lua module in the Apache HTTP Server through 2.4.10, a maliciously
crafted websockets PING after a script calls r:wsupgrade() can cause a child
process crash (CVE-2015-0228).
                

References

SRPMS

4/core