Advisories » MGASA-2018-0474

Updated apache-mod_perl packages fix security vulnerability

Publication date: 02 Dec 2018
Modification date: 02 Dec 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2011-2767

Description

A flaw was found in mod_perl 2.0 through 2.0.10 which allows attackers
to execute arbitrary Perl code by placing it in a user-owned .htaccess
file, because (contrary to the documentation) there is no configuration
option that permits Perl code for the administrator's control of HTTP
request processing without also permitting unprivileged users to run
Perl code in the context of the user account that runs Apache HTTP
Server processes (CVE-2011-2767).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23541
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G3GS7G4X3FRAUBMBVQ4QXZAGZH2JIMG4/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2767

SRPMS

6/core

• apache-mod_perl-2.0.10-1.1.mga6