diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2012-02-01 07:25:24 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-02-01 07:39:22 +0000 |
| commit | 400a302e8bca4ad2bbef3bb38737680ef8fb53cd (patch) | |
| tree | 352beca024ccd94c91b9766c3027fa1a74e1afef /main/apache2/CVE-2011-4317.patch | |
| parent | b82ce814e1f58fb47be7b2d815fb7bce926aa429 (diff) | |
| download | aports-400a302e8bca4ad2bbef3bb38737680ef8fb53cd.tar.bz2 aports-400a302e8bca4ad2bbef3bb38737680ef8fb53cd.tar.xz | |
main/apache2: security upgrade to 2.2.22 (CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2011-3368)
low: mod_log_config crash CVE-2012-0021
low: scoreboard parent DoS CVE-2012-0031
moderate: error responses can expose cookies CVE-2012-0053
moderate: mod_proxy reverse proxy exposure CVE-2011-3368
This release also include the previosly patched:
low: mod_setenvif .htaccess privilege escalation CVE-2011-3607
moderate: mod_proxy reverse proxy exposure CVE-2011-4317
fixes #982
Diffstat (limited to 'main/apache2/CVE-2011-4317.patch')
| -rw-r--r-- | main/apache2/CVE-2011-4317.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/main/apache2/CVE-2011-4317.patch b/main/apache2/CVE-2011-4317.patch deleted file mode 100644 index 698b2eb7a..000000000 --- a/main/apache2/CVE-2011-4317.patch +++ /dev/null @@ -1,36 +0,0 @@ -Index: modules/proxy/mod_proxy.c -=================================================================== ---- httpd-2.2.21/modules/proxy/mod_proxy.c (revision 1179633) -+++ httpd-2.2.21/modules/proxy/mod_proxy.c (working copy) -@@ -566,6 +566,13 @@ - return OK; - } - -+ /* Check that the URI is valid. */ -+ if (!r->uri || r->uri[0] != '/') { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Invalid URI in request %s", r->the_request); -+ return HTTP_BAD_REQUEST; -+ } -+ - /* XXX: since r->uri has been manipulated already we're not really - * compliant with RFC1945 at this point. But this probably isn't - * an issue because this is a hybrid proxy/origin server. -Index: modules/mappers/mod_rewrite.c -=================================================================== ---- httpd-2.2.21/modules/mappers/mod_rewrite.c (revision 1179633) -+++ httpd-2.2.21/modules/mappers/mod_rewrite.c (working copy) -@@ -4266,6 +4266,13 @@ - return DECLINED; - } - -+ /* Check that the URI is valid. */ -+ if (!r->uri || r->uri[0] != '/') { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Invalid URI in request %s", r->the_request); -+ return HTTP_BAD_REQUEST; -+ } -+ - /* - * add the SCRIPT_URL variable to the env. this is a bit complicated - * due to the fact that apache uses subrequests and internal redirects |