Advisories » MGASA-2018-0009

Updated apache packages fix security vulnerability

Publication date: 01 Jan 2018
Modification date: 01 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-9798

Description

Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit
directives in .htaccess files. In certain configurations, a remote attacker
could possibly use this issue to read arbitrary server memory, including
sensitive information. This issue is known as Optionsbleed (CVE-2017-9798).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21741
• https://usn.ubuntu.com/usn/usn-3425-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798

SRPMS

6/core

• apache-2.4.27-1.1.mga6