[slackware-security] httpd

New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/httpd-2.4.6-i486-1slack14.0.txz: Upgraded. This update addresses two security issues: SECURITY:...

httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav

moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for handling by the moddavsvn module, but a certain href...

Apache Httpd < 2.4.16 : ap_some_auth_required API unusable

A design error in the "apsomeauthrequired" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for...

CVE-2013-4131

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

CVE-2013-5019

Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request...

CVE-2013-4131

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

CVE-2013-4131

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

Out-of-bounds

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

Stack overflow

Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request...

CVE-2013-5019

Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request...

CVE-2013-4131

CVE-2013-4131 affects Subversion’s mod_dav_svn in the Apache httpd module. Versions 1.7.0–1.7.10 and 1.8.x prior to 1.8.1 can be remotely triggered by authenticated users through certain COPY, DELETE, or MOVE requests against a revision root to cause a denial of service (assertion failure or out-...

CVE-2013-5019

CVE-2013-5019 involves Ultra Mini HTTPD (notably v1.21) and a stack-based buffer overflow triggered by a long resource name in an HTTP GET request. The underlying flaw allows remote attackers to potentially execute arbitrary code. Public references document a PoC and exploits (Exploit-DB entries ...

CVE-2013-4131

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

FreeBSD : suPHP -- Privilege escalation (2fbfd455-f2d0-11e2-8a46-000d601460a4)

suPHP developer Sebastian Marsching reports : When the suPHPPHPPath was set, modsuphp would use the specified PHP executable to pretty-print PHP source files MIME type x-httpd-php-source or application/x-httpd-php-source. However, it would not sanitize the environment. Thus a user that was allowe...

KLA10065 Multiple vulnerabilities in Apache httpd

Multiple serious vulnerabilities have been found in Apache httpd. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code, obtain sensitive information or bypass security restrictions. Below is a complete list of vulnerabilities 1. An...

KLA10068 Multiple vulnerabilities in Apache httpd

Multiple serious vulnerabilities have been found in Apache httpd. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary commands Below is a complete list of vulnerabilities 1. An improper DAV restriction vulnerability can be exploited remotely via a...

subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow.

Subversion Project reports: Subversion's moddavsvn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a SEGFAULT or equivalent or undefined behavior...

CentOS Update for php CESA-2013:1049 centos6

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2013:1049 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Ultra Mini HTTPD Stack Buffer Overflow Vulnerability

Ultra Mini HTTPD server is prone to stack based buffer overflow vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for php CESA-2013:1049 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...