Updated apache-mod_perl packages fix security vulnerability
Publication date: 02 Dec 2018Modification date: 02 Dec 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2011-2767
Description
A flaw was found in mod_perl 2.0 through 2.0.10 which allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes (CVE-2011-2767).
References
SRPMS
6/core
- apache-mod_perl-2.0.10-1.1.mga6